Security of Public Key Certificate Based Authentication Protocols
نویسندگان
چکیده
The security of authentication protocols based on public key cryptography depends on the validity of the certificate. It is usually assumed that a well deployed PKI can guarantee the validity of certificates through mechanisms such as CRL or OCSP. In reality, such guarantee is not always assured. This paper describes an attack that exploits this certificate validity weakness and breaks some well-known certificate-based authentication protocols, namely the SSL and the TLS protocol. This attack affects the “named-server” version of both protocols, but is ineffective for the “named-server, named-client” version of both protocols. Along with the attack, we also describe how it was discovered as a result of our ongoing research on analysis of authentication protocols using both logic based and model checking based methods.
منابع مشابه
ISO MANA Certificates in Practice
The international standard ISO 9798-6 specifies MANA protocols for data authentication and an application of the MANA I protocol to public key authentication and key exchange. The resulting protocol is called the MANA certificate protocol an can be viewed as a passkey based key agreement protocol. In this paper we present an application of MANA certificate protocol to a wireless security associ...
متن کاملAn ID-based Proxy Authentication Protocol Supporting Public Key Infrastructure
The advantage of the ID-based authentication protocols over public-key based protocols is that authentication can be performed by simply knowing the identity of a party. Meanwhile, Public Key Infrastructure (PKI) provides a suite of excellent security and user management mechanisms that can be easily deployed to the Internet. In this paper, we present an ID-based proxy authentication protocol t...
متن کاملCryptanalysis of Three Certificate-Based Authenticated Key Agreement Protocols and a Secure Construction
Certificate-based cryptography is a new public-key cryptographic paradigm that has very appealing features, namely it simplifies the certificate management problem in traditional public key cryptography while eliminating the key escrow problem in identity-based cryptography. So far, three authenticated key agreement (AKA) protocols in the setting of certificate-based cryptography have been prop...
متن کاملAnalysis And Improvement of Pairing-Free Certificate-Less Two-Party Authenticated Key Agreement Protocol For Grid Computing
The predominant grid authentication mechanisms use public key infrastructure (PKI). Nonetheless, certificate-less public key cryptography (CL-PKC) has several advantages that seem to well align with the demands of grid computing. Security and efficiency are the main objectives of grid authentication protocols. Unfortunately, certificate-less authenticated key agreement protocols rely on the bil...
متن کاملAn ECC-Based Mutual Authentication Scheme with One Time Signature (OTS) in Advanced Metering Infrastructure
Advanced metering infrastructure (AMI) is a key part of the smart grid; thus, one of the most important concerns is to offer a secure mutual authentication. This study focuses on communication between a smart meter and a server on the utility side. Hence, a mutual authentication mechanism in AMI is presented based on the elliptic curve cryptography (ECC) and one time signature (OTS) consists o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000