Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication [chapter]

David Basin, Cas Cremers, Simon Meier
2012 Lecture Notes in Computer Science  
We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even the most basic authentication guarantees. We analyze the cause of these weaknesses, propose repaired versions of the protocols, and provide automated, machine-checked proofs of their correctness. From an engineering perspective, we propose two design principles for security protocols that suffice to prevent all
more » ... weaknesses. Moreover, we show how modern verification tools can be used for the falsification and certified verification of security standards. Based on our findings, the ISO working group responsible for the ISO/IEC 9798 standard has released an updated version of the standard.
doi:10.1007/978-3-642-28641-4_8 fatcat:fderlbru7jhfhkeudaio3zxu6e