Environmental Requirements and Authentication Protocols

Most work on requirements in the area of authentication protocols has concentrated on identifying requirements for the protocol without much consideration of context. Little work has concentrated on assumptions about the environment, for example, the applications that make use of authenticated keys. We will show in this paper how the interaction between a protocol and its environment can have a major e ect on a protocol. Speci cally we will demonstrate a number of attacks on published and/or widely used protocols that are not feasible against the protocol running in isolation (even with multiple runs) but become feasible in some application environments. We will also discuss the tradeo between putting constraints on a protocol and putting constraints on the environment in which it operates.

[1]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[2]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[3]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[4]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[5]  Daniel Simon,et al.  The Private Communication Technology Protocol , 1995 .

[6]  Joshua D. Guttman,et al.  Mixed strand spaces , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[7]  ProtocolsLi GongSRI InternationalComputer Fail-Stop Protocols : An Approach to Designing Secure , 1994 .

[8]  Marc Joye,et al.  On the importance of securing your bins: the garbage-man-in-the-middle attack , 1997, CCS '97.

[9]  Martín Abadi Two facets of authentication , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[10]  Hugo Krawczyk,et al.  SKEME: a versatile secure key exchange mechanism for Internet , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[11]  J. Doug Tygar,et al.  A model for secure protocols and their compositions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Naganand Doraswamy,et al.  Ipsec: the new security standard for the internet , 1999 .

[13]  Catherine A. Meadows Open Issues in Formal Methods for Cryptographic Protocol Analysis , 2001, MMM-ACNS.

[14]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..