Cited By
View all- Mayrhofer RSigg S(2021)Adversary Models for Mobile Device AuthenticationACM Computing Surveys10.1145/347760154:9(1-35)Online publication date: 8-Oct-2021
Adaptable authentication model: exploring security with weaker attacker models
Pages 234 - 247
Abstract
Most methods for protocol analysis classify protocols as "broken" if they are vulnerable to attacks from a strong attacker, e.g., assuming the Dolev-Yao attacker model. In many cases, however, exploitation of existing vulnerabilities may not be practical and, moreover, not all applications may suffer because of the identified vulnerabilities. Therefore, we may need to analyze a protocol for weaker notions of security. In this paper, we present a security model that supports such weaker notions. In this model, the overall goals of an authentication protocol are broken into a finer granularity; for each fine level authentication goal, we determine the "least strongest-attacker" for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications where one may need to trade-off security relaxations against resource requirements.
References
[1]
Abadi, M.: Secrecy by typing in security protocols. J. ACM 46, 749-786 (1999).
[2]
Ahmed, N., Jensen, C.D.: Adaptable authentication model. Tech. Rep. IMM-Technical Report-2010-17, DTU Informatics, Lyngby, Denmark (2010).
[3]
Ahmed, N., Jensen, C.D.: Definition of entity authentication. In: 2nd International Workshop on Security and Communication Networks, pp. 1-7 (May 2010).
[4]
Ahmed, N., Jensen, C.D.: Entity authentication:analysis using structured intuition. In: Technical Report of NODES 2010 (2010).
[5]
Avoine, G.: Cryptography in Radio Frequency Identification and Fair Exchange Protocols. Ph.D. thesis, EPFL, Lausanne, Switzerland (2005).
[6]
Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Automatic validation of protocol narration. In: 16th CSFW, pp. 126-140 (2003).
[7]
Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer Book, Heidelberg (2003).
[8]
Burmester, M., Munilla, J.: A flyweight RFID authentication protocol (2009), http://eprint.iacr.org/2009/212.
[9]
Covington, M.J., Ahamad, M., Essa, I., Venkateswaran, H.: Parameterized authentication. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 276-292. Springer, Heidelberg (2004).
[10]
Damgård, I., Pedersen, M.Ø.: RFID security: Tradeoffs between security and efficiency. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 318-332. Springer, Heidelberg (2008).
[11]
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198-208 (1983).
[12]
EPC-Global: Epcglobal tag data standards version 1.3, ratified specification (2006), http://www.epcglobalus.org.
[13]
Ganger, G.R.: Authentication confidences. Tech. Rep. CMU-CS-01-123, Carnegie Mellon University School of Computer Science (2001).
[14]
Hager, C.T.: Context Aware and Adaptive Security for Wireless Networks. Ph.D. thesis, Virginia Polytechnic Institute and State University (2004).
[15]
Ksiezopolski, B., Kotulski, Z.: Adaptable security mechanism for dynamic environments. Computers & Security 26(3), 246-255 (2007).
[16]
Lindskog, S.: Modeling and Tuning Security from a Quality of Service Perspective. Ph.D. thesis, Chalmers University of Technology, Sweden (2005).
[17]
Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276-290. Springer, Heidelberg (2006).
[18]
Ng, C., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251-266. Springer, Heidelberg (2008).
[19]
Ong, C.S., Nahrstedt, K., Yuan, W.: Quality of protection for mobile multimedia applications. In: International Conference on Multimedia and Expo. (ICME), vol. 2, pp. II-137-II-140 (2003).
[20]
Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: security and privacy. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008, pp. 292-299. ACM, New York (2008).
[21]
Schneck, P.A., Schwan, K.: Dynamic authentication for high-performance networked applications. In: Sixth IWQoS, pp. 127-136 (May 1998).
[22]
Sun, Y., Kumar, A.: Quality-of-protection (QoP): A quantitative methodology to grade security services. In: 28th International Conference on Distributed Computing Systems Workshops (ICDCS), pp. 394-399 (2008).
[23]
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68-87. Springer, Heidelberg (2007).
- Adaptable authentication model: exploring security with weaker attacker models
Recommendations
Robust Deniable Authentication Protocol
Deniable authentication protocol is a new technique of modern cryptography. The protocol not only enables an intended receiver to identify the source of a received message, but also prevents a third party from identifying the source of the message. ...
A secure and efficient strong-password authentication protocol
Password authentication protocols are divided into two types. One employs the easy-to-remember password while the other requires the strong password. In 2001, Lin et al. proposed an optimal strong-password authentication protocol (OSPA) to resist the ...
An Enhanced Deniable Authentication Protocol
CIS '08: Proceedings of the 2008 International Conference on Computational Intelligence and Security - Volume 01A deniable authentication can be used to provide secure negotiation on the Internet. Although many deniable authentication protocols have been proposed, most of them are vulnerable to various cryptanalytic attacks. Recently, a new deniable ...
Comments
Information & Contributors
Information
Published In
In-Cooperation
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 09 February 2011
Check for updates
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 01 Nov 2024
Other Metrics
Citations
Cited By
View all- Mayrhofer RSigg S(2021)Adversary Models for Mobile Device AuthenticationACM Computing Surveys10.1145/347760154:9(1-35)Online publication date: 8-Oct-2021