Provably Insecure Mutual Authentication Protocols: The Two-Party Symmetric-Encryption Case

نویسنده

  • Jim Alves-Foss
چکیده

In practice, users will rely on a wide variety of communication protocols to conduct their work over the Internet. This paper discusses the security rami cations of using multiple authentication protocols. We demonstrate multi-protocol attacks and how they can be realized to defeat otherwise secure authentication protocols. We highlight this discussion with examples of attacks on a proposed symmetric key-based authentication protocols. We present a model of communication that re ects the existence of this type of attack, and demonstrate that a class of authentication protocols can never be secure in the presence of this type of attack.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Artemia: a family of provably secure authenticated encryption schemes

Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the in...

متن کامل

Looking for Diamonds in the Desert - Extending Automatic Protocol Generation to Three-Party Authentication and Key Agreement Protocols

In this paper, we describe our new results in developing and extending Automatic Protocol Generation (APG), an approach to automatically generate security protocols. We explore two-party mutual authentication and key agreement protocols, with a trusted third party (TTP) which shares a symmetric key with each of the two principals. During the process, we experienced the challenge of a gigantic p...

متن کامل

Constructing a Conversation Key in Three-Party Communications Environment

This article proposes an efficient, less communication rounds, three-party encrypted key exchange protocol to achieve the authentication requirement. The protocol is provided with (1) no asymmetric encryption algorithm which is adopted to reduce the costs (such as any public-key infrastructure); (2) using pre-shared key to prevent adversaries that masquerade as legal users after guessing attack...

متن کامل

Password-Authenticated Key Exchange between Clients in a Cross-Realm Setting

The area of password-based authenticated key exchange protocols has been the subject of a vast amount of work in the last few years due to its practical aspects. AuthA is an example of such a technology considered for standardization by the IEEE P1363.2 working group. Unfortunately in its current form AuthA, including some variants, only considered the classic client and server (2-party) scenar...

متن کامل

Client-to-client Password-Based Authenticated Key Establishment in a Cross-Realm Setting

The area of password-based authenticated key establishment protocols has been the subject of a vast amount of work in the last few years due to its practical aspects. Despite the attention given to it, most passwordauthenticated key establishment (PAKE) schemes in the literature consider authentication between a client and a sever. Although some of them are extended to a threeparty PAKE protoco...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1999