Web security: Authentication protocols and their analysis

Authentication is one of the basic building blocks of computer security. It is achieved through the execution of an authentication protocol between two or more parties. One such protocol, the Secure Socket Layer (SSL) protocol, has become the de facto standard for Web security. This paper provides an overview of results and methods used in analyzing authentication protocols. The aim is to provide a bird's eye view of the assumptions, methods, and results that are available for anyone who is interested in designing new security protocols or applying a new analysis approach. A detailed description of the SSL handshake protocol as well as how changes in environment assumption can lead to unexpected consequences, is provided. A fix to the weakness is also described.