Revisiting the BAN-Modified Andrew Secure RPC Protocol
نویسندگان
چکیده
We have analysed the well-known BAN modified Andrew Secure RPC authentication protocol by means of the AVISPA Web tool considering all the available back-ends and with the basic configurations of sessions. The protocol has been found vulnerable to a replay/mutation attack based on homomorphism by one of the back-ends. In order to fix it, we integrated into the protocol a common solution, including a new addition to the original protocol and the solution proposed by Liu, Ma and Yang, who earlier found a man-in-the-middle attack by means of a different model checker instantiated with different session compositions. When we tested this solution in AVISPA, under both conditions, we discovered that AVISPA considers it safe, while it can be demonstrated that it suffers from the same mutation attack as in the original protocol.
منابع مشابه
Some Remarks on Andrew Secure RPC
We review the Andrew secure RPC protocol and reveal some unsoundness of it. Some modifications are made to the protocol. The changes made include the encryption in the first message, the expansion of the second and third messages as well as the elimination of the fourth message. Our GNY analysis shows that even though changes have been made, the outcomes of the protocol do not change. That is, ...
متن کاملRSPAE: RFID Search Protocol based on Authenticated Encryption
Search protocols are among the main applications of RFID systems. Since a search protocol should be able to locate a certain tag among many tags, not only it should be secure against RFID threats but also it should be affordable. In this article, an RFID-based search protocol will be presented. We use an encryption technique that is referred to as authenticated encryption in order to boost the ...
متن کاملA Framework for Proving the Correctness of Cryptographic Protocol Properties by Linear Temporal Logic
In this paper, a framework for cryptographic protocol analysis using linear temporal logic is proposed. The framework can be used to specify and analyse security protocols. It aims to investigate and analyse the security protocols properties that are secure or have any flaws. The framework extends the linear temporal logic by including the knowledge of participants in each status that may chang...
متن کاملSecuring Remote Procedure Calls over HTTPS
Remote Procedure Calls (RPC) are widely used over the Internet as they provide a simple and elegant way of interaction between the client and the server. This paper proposes a solution for securing the remote procedure calls (RPC) by tunneling it through HTTPS (Hypertext Transfer Protocol over Secure Socket Layer). RPC over HTTP actually uses the Secure Socket Layer (SSL) protocol as a transpor...
متن کاملAutomatic Validation of Protocol Narration
We perform a systematic expansion of protocol narrations into terms of a process algebra in order to make precise some of the detailed checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suffice for identifying a number of authentication flaws in symmetric ke...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- J. Internet Serv. Inf. Secur.
دوره 4 شماره
صفحات -
تاریخ انتشار 2014