Draft: Implementation Dependencies and Assumptions in Authentication Protocols
نویسندگان
چکیده
Protocol specificationsmake various assumptions. These assumptionsmay concern the operation of trusted principals, the operation of principals under failure, the practical capabilities of an intruder or particular properties of the encryption system etc. Although some assumed properties may be ’obvious’, many may not be. Furthermore, such properties are rarely stated explicitly (we often lack a formalism inwhich to couch the properties) andwhen they are identified informally, it may be unclear whether an implementation of the protocol upholds them. In this paper we identify numerous ways in which protocols are shown to make assumptions and give many plausible examples of how obvious implementations will not uphold them. We draw on published work for some of the examples but provide some new attacks too. We address the following areas: Ciphertext manipulation. Algebraic properties. Assumed behaviour of legitimate principals. Field values and representations. Covert timing channels.
منابع مشابه
Process algebraic modeling of authentication protocols for analysis of parallel multi-session executions
Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...
متن کاملHMAC-Based Authentication Protocol: Attacks and Improvements
As a response to a growing interest in RFID systems such as Internet of Things technology along with satisfying the security of these networks, proposing secure authentication protocols are indispensable part of the system design. Hence, authentication protocols to increase security and privacy in RFID applications have gained much attention in the literature. In this study, security and privac...
متن کاملEnhancing privacy of recent authentication schemes for low-cost RFID systems
Nowadays Radio Frequency Identification (RFID) systems have appeared in lots of identification and authentication applications. In some sensitive applications, providing secure and confidential communication is very important for end-users. To this aim, different RFID authentication protocols have been proposed, which have tried to provide security and privacy of RFID users. In this paper, we a...
متن کاملAn ECC-Based Mutual Authentication Scheme with One Time Signature (OTS) in Advanced Metering Infrastructure
Advanced metering infrastructure (AMI) is a key part of the smart grid; thus, one of the most important concerns is to offer a secure mutual authentication. This study focuses on communication between a smart meter and a server on the utility side. Hence, a mutual authentication mechanism in AMI is presented based on the elliptic curve cryptography (ECC) and one time signature (OTS) consists o...
متن کاملGSLHA: Group-based Secure Lightweight Handover Authentication Protocol for M2M Communication
Machine to machine (M2M) communication, which is also known as machine type communication (MTC), is one of the most fascinating parts of mobile communication technology and also an important practical application of the Internet of Things. The main objective of this type of communication, is handling massive heterogeneous devices with low network overheads and high security guarantees. Hence, v...
متن کامل