article

Free access

On key distribution protocols for repeated authentication

Author:

Paul SyversonAuthors Info & Claims

ACM SIGOPS Operating Systems Review, Volume 27, Issue 4

Pages 24 - 30

https://doi.org/10.1145/163640.163642

Published: 01 October 1993 Publication History

Abstract

In [KSL92], Kehne et al. present a protocol (KSL) for key distribution. Their protocol allows for repeated authentication by means of a ticket. They also give a proof in BAN logic [BAN89] that the protocol provides the principals with a reasonable degree of trust in the authentication and key distribution. They present an optimality result that their protocol contains a minimal number of messages. Nonetheless, in [NS93] Neuman and Stubblebine present a protocol (NS) as an explicit alternative to KSL that requires one less message in the initial authentication and key distribution. One goal of this paper is to examine some of the reasons for this discrepancy. Another goal is to demonstrate possible attacks on NS. Like any attacks on cryptographic protocols, these depend on assumptions about implementation details. But, when possible they are serious: a penetrator can initiate the protocol, masquerade as another principal, obtain the session key, and even generate the session key herself.¹ We will set out implementation assumptions required for the attacks to take place and implementation assumptions that preclude such an attack. We will also look at other protocols, including one that is not subject to this form of attack and has the same number of messages as NS. Finally, we will briefly discuss the logical analysis of these repeat authentication protocols.

References

[1]

{AT91} Martín Abadi and Mark R. Tuttle. A Semantics for a Logic of Authentication. In Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing, pages 201-216. ACM Press, August 1991.

Digital Library

[2]

{BAN89} Michael Burrows, Martín Abadi, and Roger Needham. A Logic of Authentication. Research Report 39, Digital Systems Research Center, February 1989. Parts and versions of this material have been presented in many places including Transactions on Computer Systems, 8(1): 18-36, Feb. 1990, and Proceedings of the Royal Society of London A, 426: 233-271, 1989. All references herein are to the SRC Research Report 39 as revised Feb. 22, 1990.

Digital Library

[3]

{BAN90} Michael Burrows, Martín Abadi, and Roger Needham. Rejoinder to Nessett. Operating Systems Review, 24(2): 39-40, April 1990.

Digital Library

[4]

{BGH⁺92} Ray Bird, Inder Gopal, Amir Herzberg, Phil Janson, Shay Kutten, Refik Molva, and Moti Yung. Systematic Design of Two-Party Authentication Protocols. In Joan Feigenbaum, editor, Advances in Cryptology-CRYPTO '91, volume 576 of Lecture Notes in Computer Science. Springer Verlag, Berlin, 1992.

[5]

{Bie89} Pierre Bieber. Aspects Epistémiques des Protocoles Cryptographiques. PhD thesis, Université Paul-Sabatier de Toulouse, October 1989.

[6]

{Bie90} Pierre Bieber. A Logic of Communication in a Hostile Environment. In Proceedings of the Computer Security Foundations Workshop III, pages 14- 22. IEEE Computer Society Press, Los Alamitos, California, 1990.

[7]

{Car93} Ulf Carlsen. Using Logics to Detect Implementation-Dependent Flaws. In Proceedings of the Annual Computer Security Applications Conference, 1993. Forthcoming.

[8]

{DvOW92} Whitfield Diffie, Paul C. van Oorsehot, and Michael J. Wiener. Authentication and Authenticated Key Exchanges. Designs, Codes, and Cryptography, 2: 107- 125, 1992.

Digital Library

[9]

{GKSG91} V. D. Gligor, R. Kailar, S. Stubblebine, and L. Gong. Logics for Cryptographic Protocols-Virtues and Limitations. In Proceedings of the Computer Security Foundations Workshop IV, pages 219- 226. IEEE Computer Society Press, Los Alamitos, California, 1991.

[10]

{GNY90} Li Gong, Roger Needham, and Raphael YahMom. Reasoning about Belief in Cryptographic Protocols. In Proceedings of the 1990 IEEE Symposium on Security and Privacy, pages 234-248. IEEE Computer Society Press, Los Alamitos, California, 1990.

[11]

{KSL92} Kehne, Schönwälder, and Langendörfer. A Nonce-Based Protocol for Multiple Authentications. Operating Systems Review , 26(4): 84-89, October 1992.

Digital Library

[12]

{Nes90} Dan M. Nessett. A Critique of the Burrows, Abadi, and Needham Logic. Operating Systems Review, 24(2): 35-38, April 1990.

Digital Library

[13]

{NS78} Roger M. Needham and Michael D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM, 21(12): 993-999, December 1978.

Digital Library

[14]

{NS93} B. Clifford Neuman and Stuart G. Stubblebine. A Note on the Use of Times-tamps as Nonces. Operating Systems Review , 27(2): 10-14, April 1993.

Digital Library

[15]

{SM93} Paul Syverson and Catherine Meadows. A Logical Language for Specifying Cryptographic Protocol Requirements. In Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pages 165-177. IEEE Computer Society Press, Los Alamitos, California, 1993.

Digital Library

[16]

{Sne91} Einar Snekkenes. Exploring the BAN Approach to Protocol Analysis. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 171-181. IEEE Computer Society Press, Los Alamitos, California, 1991.

[17]

{Sne92} Einar Snekkenes. Roles in Cryptographic Protocols. In Proceedings of the 1999 IEEE Computer Society Symposium on Research in Security and Privacy , pages 105-119. IEEE Computer Society Press, Los Alamitos, California, 1992.

Digital Library

[18]

{Syv91} Paul F. Syverson. The Use of Logic in the Analysis of Cryptographic Protocols. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 156-170. IEEE Computer Society Press, Los Alamitos, California, 1991.

[19]

{Syv92} Paul F. Syverson. Knowledge, Belief, and Semantics in the Analysis of Cryptographic Protocols. Journal of Computer Security, 1(3): 317-334, 1992.

Digital Library

[20]

{Syv93} Paul F. Syverson. Adding Time to a Logic of Authentication. In Proceedings of the First ACM Conference on Computer and Communications Security , 1993.

Digital Library

[21]

{Yah} Raphael Yahalom. Optimality of Asynchronous 2-Party Secure Data-Exchange Protocols. Journal of Computer Security . Forthcoming.

Cited By

Pereniguez FMarin-Lopez RKambourakis GGritzalis SGomez A(2011)PrivaKERBComputers and Security10.1016/j.cose.2011.04.00130:6-7(446-463)Online publication date: 1-Sep-2011
https://dl.acm.org/doi/10.1016/j.cose.2011.04.001
Shi WJang IYoo H(2008)A provable secure authentication protocol given forward secure session keyProceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development10.5555/1791734.1791772(309-318)Online publication date: 26-Apr-2008
https://dl.acm.org/doi/10.5555/1791734.1791772
Shi WJang IYoo H(2008)A Provable Secure Authentication Protocol Given Forward Secure Session KeyProgress in WWW Research and Development10.1007/978-3-540-78849-2_32(309-318)Online publication date: 2008
https://doi.org/10.1007/978-3-540-78849-2_32
Show More Cited By

Index Terms

On key distribution protocols for repeated authentication

Recommendations

Communication-efficient three-party protocols for authentication and key agreement

Encrypted key exchange (EKE) authentication approaches are very important for secure communicating over public networks. In order to solve the security weaknesses three-party EKE, Yeh et al. [H.T. Yeh, H.M. Sun, T. Hwang, Efficient three-party ...
ID2S Password-Authenticated Key Exchange Protocols

In a two-server password-authenticated key exchange (PAKE) protocol, a client splits its password and stores two shares of its password in the two servers, respectively, and the two servers then cooperate to authenticate the client without knowing the ...
Password-based authentication and key distribution protocols with perfect forward secrecy

In an open networking environment, a workstation usually needs to identify its legal users for providing its services. Kerberos provides an efficient approach whereby a trusted third-party authentication server is used to verify users' identities. ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGOPS Operating Systems Review

ACM SIGOPS Operating Systems Review Volume 27, Issue 4

Oct. 1993

85 pages

ISSN:0163-5980

DOI:10.1145/163640

Editor:
William M. Waite
Univ. of Colorado, Boulder

Issue’s Table of Contents

Copyright © 1993 Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 1993

Published in SIGOPS Volume 27, Issue 4

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
333
Total Downloads

Downloads (Last 12 months)45
Downloads (Last 6 weeks)10

Reflects downloads up to 23 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pereniguez FMarin-Lopez RKambourakis GGritzalis SGomez A(2011)PrivaKERBComputers and Security10.1016/j.cose.2011.04.00130:6-7(446-463)Online publication date: 1-Sep-2011
https://dl.acm.org/doi/10.1016/j.cose.2011.04.001
Shi WJang IYoo H(2008)A provable secure authentication protocol given forward secure session keyProceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development10.5555/1791734.1791772(309-318)Online publication date: 26-Apr-2008
https://dl.acm.org/doi/10.5555/1791734.1791772
Shi WJang IYoo H(2008)A Provable Secure Authentication Protocol Given Forward Secure Session KeyProgress in WWW Research and Development10.1007/978-3-540-78849-2_32(309-318)Online publication date: 2008
https://doi.org/10.1007/978-3-540-78849-2_32
Wan ZBao FDeng RAnanda A(2006)Security analysis on a conference scheme for mobile communicationsIEEE Transactions on Wireless Communications10.1109/TWC.2006.16386415:6(1238-1240)Online publication date: 1-Jun-2006
https://dl.acm.org/doi/10.1109/TWC.2006.1638641
Tao HHe D(2006)Normal Forms and Normalization of Authentication Protocols2006 International Conference on Computational Intelligence and Security10.1109/ICCIAS.2006.295282(1363-1366)Online publication date: Nov-2006
https://doi.org/10.1109/ICCIAS.2006.295282
Syverson PMeadows C(2006)Formal requirements for key distribution protocolsAdvances in Cryptology — EUROCRYPT'9410.1007/BFb0053447(320-331)Online publication date: 23-May-2006
https://doi.org/10.1007/BFb0053447
Gürgens S(2005)SG logic — a formal analysis technique for authentication protocolsSecurity Protocols10.1007/BFb0028167(159-176)Online publication date: 15-Jun-2005
https://doi.org/10.1007/BFb0028167
Jøsang A(2005)Prospectives for modelling trust in information securityInformation Security and Privacy10.1007/BFb0027928(2-13)Online publication date: 16-Jun-2005
https://doi.org/10.1007/BFb0027928
YASINSAC AWULF W(2001)A FRAMEWORK FOR A CRYPTOGRAPHIC PROTOCOL EVALUATION WORKBENCHInternational Journal of Reliability, Quality and Safety Engineering10.1142/S021853930100056608:04(373-389)Online publication date: Dec-2001
https://doi.org/10.1142/S0218539301000566
Syverson PCervesato I(2001)The Logic of Authentication ProtocolsFoundations of Security Analysis and Design10.1007/3-540-45608-2_2(63-137)Online publication date: 31-Oct-2001
https://doi.org/10.1007/3-540-45608-2_2
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Issue’s Table of Contents