314 Hits in 5.3 sec

Security Analysis of Standard Authentication and Key Agreement Protocols Utilising Timestamps [chapter]

Manuel Barbosa, Pooya Farshim
2009 Lecture Notes in Computer Science  
Finally, we use our timed extension to the BR model to establish the security of an efficient ISO protocol for key transport and unilateral entity authentication.  ...  In the timed CK model we concentrate on modular design and analysis of protocols, and propose a more efficient timed authenticator relying on timestamps.  ...  Acknowledgments The authors would like to thank Alex Dent for proposing and discussing the original ideas that led to this work.  ... 
doi:10.1007/978-3-642-02384-2_15 fatcat:c3hjqggvi5arppe3k3qsgzprde

Identity-Concealed Authenticated Encryption and Key Exchange

Yunlei Zhao
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
key exchange (CAKE) and unilateral CAKE (UCAKE).  ...  We then present the security definitional framework for higncryption, and a conceptually simple (yet carefully designed) protocol construction.  ...  But ID-privacy was treated separately from the security definition for authenticated key-exchange or channel establishment.  ... 
doi:10.1145/2976749.2978350 dblp:conf/ccs/Zhao16 fatcat:pyzgs3ltoncpvkzzldwif3yqjm

A Policy-driven Approach to Dynamic Composition of Authentication and Authorization Patterns and Services

Judith E. Y. Rossebø, Rolv Bræk
2006 Journal of Computers  
We propose a novel framework of authentication and authorization patterns for securing access to services for authorized users only, and we demonstrate how the patterns can be dynamically composed with  ...  This paper focuses on the incremental means to ensure access to services for authorized users only by composing authentication and authorization patterns and services.  ...  Messages are generated and exchanged between the parties, at least one message/pass is required for unilateral authentication, and at least two messages/passes are required for mutual authentication.  ... 
doi:10.4304/jcp.1.8.13-26 fatcat:bwz7bzs4wrguzbpxnf6ekpkpqa

Secure Channels Based on Authenticated Encryption Schemes: A Simple Characterization [chapter]

Chanathip Namprempre
2002 Lecture Notes in Computer Science  
simple definitions of security that we introduce, and the key-exchange protocol is secure.  ...  We consider communication sessions in which a pair of parties begin by running an authenticated key-exchange protocol to obtain a shared session key, and then secure successive data transmissions between  ...  I also thank Ran Canetti and Hugo Krawczyk for their insights and comments especially regarding the notion of secure channels.  ... 
doi:10.1007/3-540-36178-2_32 fatcat:sne4vizurvatpjohy2qgxnb33q

Towards a framework of authentication and authorization patterns for ensuring availability in service composition

J.E.Y. Rosseboe, R. Braek
2006 First International Conference on Availability, Reliability and Security (ARES'06)  
We propose a novel framework of authentication and authorization patterns for securing access to services for authorized users only, and we demonstrate how the patterns can be dynamically composed with  ...  This report focuses on the incremental means to ensure access to services for authorized users only by composing authentication and authorization patterns and services.  ...  This report has been updated to be consistent with the terminolgy presented in [45] .  ... 
doi:10.1109/ares.2006.135 dblp:conf/IEEEares/RosseboB06 fatcat:zzhqch4lkbdkhggaihs3x7u534

An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations

Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuéllar, Giancarlo Pellegrino, Alessandro Sorniotti
2013 Computers & security  
Browser-based Single Sign-On (SSO) protocols relieve the user from the burden of dealing with multiple credentials thereby improving the user experience and the security.  ...  We show that the main emerging SSO protocols, namely SAML SSO and OpenID, suffer from an authentication flaw that allows a malicious service provider to hijack a client authentication attempt or force  ...  We are also grateful to Scott Cantor, Brian Eaton, Matteo Grasso, and the SAP NetWeaver SIM team for the valuable discussions and feedback they provided.  ... 
doi:10.1016/j.cose.2012.08.007 fatcat:pnjt6mdjfzgnzblcfapvbkezx4

(De-)Constructing TLS 1.3 [chapter]

Markulf Kohlweiss, Ueli Maurer, Cristina Onete, Björn Tackmann, Daniele Venturi
2015 Lecture Notes in Computer Science  
Flaws and insecurities in the original design required the protocol to be fixed repeatedly; the current version is TLS 1.2 [12] .  ...  Our Contributions We prove the security of (a slightly modified version of) the ephemeral Diffie-Hellman handshake of TLS 1.3 with unilateral authentication, that is, where only the server has a certificate  ...  Indeed, our difficulties in the analysis encourages constructing protocols that are modular by design and can be analyzed by combining simple modular steps.  ... 
doi:10.1007/978-3-319-26617-6_5 fatcat:qy32ftanvrchllc74m72v7mkre

Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol

Pedro Peris-Lopez, Julio C. Hernandez-Castro, Juan M.E. Tapiador, Jan C.A. van der Lubbe
2011 Engineering applications of artificial intelligence  
Recently, Chen and Deng (2009) proposed an interesting new mutual authentication protocol.  ...  The authors claimed that the proposed protocol is secure against all classical attacks against RFID systems, and that it has better security and performance than its predecessors.  ...  In 2009, a new mutual authentication protocol was proposed by Chen and Deng that claimed to offer better security margins.  ... 
doi:10.1016/j.engappai.2011.04.001 fatcat:n5nxu5g665gydfa4pem6cqpwzy

An efficient statistical zero-knowledge authentication protocol for smart cards

Mohammad Sadeq Dousti, Rasool Jalili
2015 International Journal of Computer Mathematics  
A security concern regarding the authentication protocols is that of the malicious verifiers.  ...  More specifically, the minimum number of passes for a zero-knowledge proof with negligible soundness error is shown to be 3 [1] (and 4 if the simulation is black-box), while our protocol has only 5 passes  ...  Next, we define what it means for a protocol to be a secure authentication protocol. Definition 1 (Secure Authentication Protocol).  ... 
doi:10.1080/00207160.2015.1011629 fatcat:zr7akbtr5vbonkd6yw33j3p3di

A Constructive Perspective on Key Encapsulation [chapter]

Sandro Coretti, Ueli Maurer, Björn Tackmann
2013 Lecture Notes in Computer Science  
A KEM can be viewed as a key-exchange protocol in which only a single message is transmitted; the main application is in combination with symmetric encryption to achieve public-key encryption of messages  ...  This resource can be used in designing and proving higher-level protocols; the composition theorem guarantees the security of the combined protocol without the need for a specific reduction.  ...  Hence, the approach supports a fully modular protocol design where each cryptographic mechanism is proven in isolation to achieve one construction step, and multiple such steps are composed by the general  ... 
doi:10.1007/978-3-642-42001-6_16 fatcat:jtdoh6gqf5ca7nt73m2monsryu

A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates

Benjamin Dowling, Marc Fischlin, Felix Günther, Douglas Stebila
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
We show that, since our multi-stage key exchange security notion is composable with arbitrary symmetric-key protocols, the use of session keys in the record layer protocol is safe.  ...  Let KE be a multi-stage key exchange protocol. Let Π be a secure symmetric-key protocol w.r.t. some game G Π with a key generation algorithm that outputs keys with distribution D.  ...  Benjamin Dowling and Douglas Stebila are supported by Australian Research Council (ARC) Discovery Project grant DP130104304.  ... 
doi:10.1145/2810103.2813653 dblp:conf/ccs/DowlingFGS15 fatcat:wc535ehl5rh2vp7jdlruqb5ire

A Formal Treatment of Accountable Proxying Over TLS

Karthikeyan Bhargavan, Ioana Boureanu, Antoine Delignat-Lavaud, Pierre-Alain Fouque, Cristina Onete
2018 2018 IEEE Symposium on Security and Privacy (SP)  
Third, we propose a provably-secure alternative to soon-to-be-standardized mcTLS: a generic and modular protocol-design that carefully composes generic secure channel-establishment protocols, which we  ...  Finally, we present a proof-of-concept implementation of our design, instantiated with unmodified TLS 1.3 draft 23, and evaluate its overheads.  ...  We presented our modular, ACCE-AP-secure design called Π for 1 middlebox, in an abstract manner, using generic authenticated key-exchange protocols.  ... 
doi:10.1109/sp.2018.00021 dblp:conf/sp/BhargavanBDFO18 fatcat:hml3dbswn5g4fpoi46eidiqsh4

Multiple Handshakes Security of TLS 1.3 Candidates

Xinyu Li, Jing Xu, Zhenfeng Zhang, Dengguo Feng, Honggang Hu
2016 2016 IEEE Symposium on Security and Privacy (SP)  
First, we introduce a multi-level&stage security model, an adaptation of the Bellare-Rogaway authenticated key exchange model, covering all kinds of compositional interactions between different TLS handshake  ...  The Transport Layer Security (TLS) protocol is by far the most widely deployed protocol for securing communications and the Internet Engineering Task Force (IETF) is currently developing TLS 1.3 as the  ...  Compositional Security In [22] and [19] , the authors present a compositional framework for Multi-Stage-secure key exchange protocols such that QUIC and TLS 1.3 full handshake can be securely composed  ... 
doi:10.1109/sp.2016.36 dblp:conf/sp/LiXZFH16 fatcat:zmdchlwumbc6zlk3piug4chwji

On the Tight Security of TLS 1.3: Theoretically Sound Cryptographic Parameters for Real-World Deployments

Denis Diemert, Tibor Jager
2021 Journal of Cryptology  
Our work also shows that by replacing the RSA-PSS scheme with a tightly secure scheme (e.g., in a future TLS version), one can obtain the first fully tightly secure TLS protocol.  ...  Our results enable a theoretically sound selection of parameters for TLS 1.3, even in large-scale settings with many users and sessions per user.  ...  Funding Open Access funding enabled and organized by Projekt DEAL.  ... 
doi:10.1007/s00145-021-09388-x fatcat:vhz6kgeejfd7tgfvbowgjbrfne

Proving the TLS Handshake Secure (As It Is) [chapter]

Karthikeyan Bhargavan, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Santiago Zanella-Béguelin
2014 Lecture Notes in Computer Science  
Based on our new agile definitions, we construct a modular proof of security for the miTLS reference implementation of the handshake, including ciphersuite negotiation, key exchange, renegotiation, and  ...  We present our main definitions, constructions, and proofs for an abstract model of the protocol, featuring series of related runs of the handshake with different ciphersuites.  ...  Our definition also provides (some) security for anonymous connections, which can be composed with other authentication mechanisms to achieve application security.  ... 
doi:10.1007/978-3-662-44381-1_14 fatcat:pvdbzqnzurc6xdz5i65wzspb34
« Previous Showing results 1 — 15 out of 314 results