Provably Repairing the ISO / IEC 9798 Standard for Entity
نویسندگان
چکیده
We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even the most basic authentication guarantees. We analyze the cause of these weaknesses, propose repaired versions of the protocols, and provide automated, machine-checked proofs of their correctness. From an engineering perspective, we propose two design principles for security protocols that suffice to prevent all the weaknesses. Moreover, we show how modern verification tools can be used for the falsification and certified verification of security standards. Based on our findings, the ISO working group responsible for the ISO/IEC 9798 standard has released an updated version of the standard.
منابع مشابه
Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication
We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even the most basic authentication guarantees. We analyse the cause of these weaknesses, propose repaired versions of the protocols, and provide automated, machinechecked proofs of the correctness of the resulting prot...
متن کاملTowards Experience Management for Very Small Entities
The ISO/IEC 29110 standard: Lifecycle profiles for Very Small Entities, provides several Process Reference Models applicable to the vast majority of very small entities (defined by the ISO as “an entity (enterprise, organization, department or project) having up to 25 people”) which do not develop critical software and share typical situational factors. An ISO/IEC 29110 pilot project has been e...
متن کاملTowards the Ontology of ISO/IEC 27005: 2011 Risk Management Standard
The purpose of this paper is to present a solution to manage the concepts related to ISO/IEC 27005:2011 standard in such a way that different stakeholders could access and understand them without misleading their meanings. This paper presents an ontology to structure and organize core concepts of risk assessment phase of ISO/IEC 27005:2011 standard. The method of ontology development ontology f...
متن کاملEarly Stage Adoption of ISO/IEC 29110 Software Project Management Practices: A Case Study
The ISO/IEC 29110 standard has at its core a Management and Engineering Guide [1] which are targeted at very small entities (enterprises, organizations, departments or projects) having up to 25 people [2], to assist them unlock the potential benefits of using standards which are specifically designed to address their needs. This paper discusses the role and structure of Project Management in th...
متن کاملSoftware Engineering Support Activities for Very Small Entities
The emerging ISO/IEC 29110 standard Lifecycle profiles for Very Small Entities has at its core a Management and Engineering Guides which is targeted at very small entity (enterprise, organization, department or project) having up to 25 people, to assist them unlock the potential benefits of using standards which are specifically designed to address there needs. The developers of the standard, I...
متن کامل