The popularity of personal computing devices (e.g. smart cards) exposes users to risks, notably identity theft, and creates new requirements for secure communication. A recently proposed approach to creating secure communication is to use human trust and human interactions. These approaches potentially eliminate the need for passwords as in Bluetooth, shared secrets or trusted parties, which ar...

ESOP 2004, LNCS 2986, pages 140–154, 2004. c © Springer–Verlag, Berlin Heildelberg 2003. We propose a new method for the static analysis of entity authentication protocols. We develop our approach based on a dialect of the spi-calculus as the underlying formalism for expressing protocol narrations. Our analysis validates the honest protocol participants against static (hence decidable) conditio...

Most work on requirements in the area of authentication protocols has concentrated on identifying requirements for the protocol without much consideration of context. Little work has concentrated on assumptions about the environment, for example, the applications that make use of authenticated keys. We will show in this paper how the interaction between a protocol and its environment can have a...

This paper presents a general approach for analysis and veri cation of authentication properties in the language of Communicating Sequential Processes CSP It is il lustrated by an examination of the Needham Schroeder public key protocol The contribution of this paper is to develop a speci c theory appropriate to the analy sis of authentication protocols built on top of the gen eral CSP semantic...

In order to protect privacy of RFID tag against malicious tag tracing activities, most RFID authentication protocols support forward/backward security properties by updating the same secret values held at both tag end and database end asynchronously during each authentication session. However, in real network environments an adversary may easily interrupt or interfere transmission of necessary ...

Users are normally authenticated via their passwords in computer systems. Since people tend to choose passwords that can be easily remembered, the systems are under the threat of guessing attacks. Many authentication and key distribution protocols have been proposed to protect user passwords from guessing attacks. However, these protocols either are limited to some specific environments or incu...

This paper focuses on protocols for human smartcard interaction which allow the user to authorise individual smartcard transactions whilst not sacri cing useability or security In the past protocols for secure transactions have traded o useabil ity against security whereas the protocols presented here are designed so that they tradeo security against hardware complexity and always give high use...

Oblivious transfer (OT) is a basic building block in many cryptographic protocols. In this paper, we exploit some well-known authenticated Diffie-Hellman-based key exchange protocols to build three authenticated 1-out-of-2 oblivious transfers. We show that our proposed protocols are secure in the semi-honest model. We also compare our schemes with three similar 1-out-of-2 OT protocols and show ...

Use of mobile personal computers in open net-worked environment is revolutionalising the way we use computers. Mobile networked computing is raising some important information security and privacy issues. This paper is concerned with the design of authentication protocols for a mobile networked computing environment. We propose mobile user authentication protocols in intra and inter domain situ...

To provide card holder authentication while they are conducting an electronic transaction using mobile devices, VISA and MasterCard independently proposed two electronic payment protocols: Visa 3D Secure and MasterCard Secure Code. The protocols use pre-registered passwords to provide card holder authentication and Secure Socket Layer/ Transport Layer Security (SSL/TLS) for data confidentiality...