Analysis of security protocols for authentication in distributed systems

Research works on the analysis and the development of authentication protocols frequently adopt the linear software development approach and are based on certain non-extensible assumptions (Tobler and Hutchison 2004), (Grob 2003), (Harbitter and Menasce 2002). This paper is part of an ongoing work regarding the development of a pre-emptive security mechanism for networks and distributed systems. We present in this paper a cyclic analytical method of protocol development for authentication solutions, which can be used by both designers and security administrators. Our analytical approach can be extended to a variety of protocols for either closed or open networks. The method lends itself to the analysis and therefore to the development and/or adoption of authentication protocols that can render computing resources unassailable to attackers. The motivation for this approach stems from the fact that despite the multiplicity of highly published protocols for authentication, an amazing number of attacks continue to evolve against authentication solutions, and thereby continue to hinder the placement of trust on networked computing resources.

[1]  Catherine A. Meadows,et al.  Applying Formal Methods to the Analysis of a Key Management Protocol , 1992, J. Comput. Secur..

[2]  Gavin Lowe A Family of Attacks upon Authentication Protocols , 1997 .

[3]  Peter Honeyman,et al.  Formal Methods for the Analysis of Authentication Protocols , 1993 .

[4]  Colin Boyd,et al.  Towards formal analysis of security protocols , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[5]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[6]  Daniel A. Menascé,et al.  A methodology for analyzing the performance of authentication protocols , 2002, TSEC.

[7]  Taylor Yu The Kerberos Network Authentication Service (Version 5) , 2007 .

[8]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[9]  Aviel D. Rubin,et al.  Risks of the Passport single signon protocol , 2000, Comput. Networks.

[10]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[11]  J. Doug Tygar,et al.  A Model for Secure Protocols and Their Compositions , 1996, IEEE Trans. Software Eng..

[12]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[13]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[14]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[15]  Oded Goldreich,et al.  On the security of multi-party ping-pong protocols , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[16]  Li Gong,et al.  Logics for cryptographic protocols-virtues and limitations , 1991, Proceedings Computer Security Foundations Workshop IV.

[17]  Thomas Groß,et al.  Security analysis of the SAML single sign-on browser/artifact profile , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[18]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.