Security of public key certificate based authentication protocols

被引：0

作者：

Wen, W ^{[1
]}

Saito, T ^{[1
]}

Mizoguchi, F ^{[1
]}

机构：

[1] Sci Univ Tokyo, Noda, Chiba 2788510, Japan

来源：

PUBLIC KEY CRYTOGRAPHY | 2000年 / 1751卷

关键词：

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The security of authentication protocols based on public key cryptography depends on the validity of the certificate. It is usually assumed that a well deployed PKI can guarantee the validity of certificates through mechanisms such as CRL or OCSP. In reality, such guarantee is not always assured. This paper describes an attack that exploits this certificate validity weakness and breaks some well-known certificate-based authentication protocols, namely the SSL and the TLS protocol. This attack affects the "named-server" version of both protocols, but is ineffective for the "named-server, named-client" version of both protocols. Along with the attack, we also describe how it was discovered as a result of our ongoing research on analysis of authentication protocols using both logic based and model checking based methods.

引用

页码：196 / 209

页数：14

共 50 条

[1] A delayed commitment scheme to enhance public key certificate based protocols
Wen, W
[J]. IEEE 9TH INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, PROCEEDINGS, 2000, : 181 - 182
[2] ON THE SECURITY OF PUBLIC KEY PROTOCOLS
DOLEV, D
YAO, AC
[J]. IEEE TRANSACTIONS ON INFORMATION THEORY, 1983, 29 (02) : 198 - 208
[3] Security Verification for Authentication and Key Exchange Protocols
Otat, Haruki
Kiyomotot, Shinsaku
Tanakat, Toshiaki
[J]. INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2009, 9 (03): : 1 - 11
[4] Security Verification for Authentication and Key Exchange Protocols
Ota, Haruki
Kiyomoto, Shinsaku
Tanaka, Toshiaki
[J]. 2008 INTERNATIONAL SYMPOSIUM ON INFORMATION THEORY AND ITS APPLICATIONS, VOLS 1-3, 2008, : 507 - 512
[5] Symmetric Key-Based Lightweight Authentication Protocols for RFID Security
Rajaguru, K.
Hansdah, R. C.
[J]. 2018 32ND INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS WORKSHOPS (WAINA), 2018, : 488 - 495
[6] AMI Authentication Method based on Hardware Public Key Certificate using Unique Identifier
Choi, Pil Joo
Kim, Hyun Il
Kim, Dong Kyue
[J]. 2015 INTERNATIONAL SOC DESIGN CONFERENCE (ISOCC), 2015, : 341 - 342
[7] The design of authentication key protocol in certificate-free public key cryptosystem
Chung, Yu-Fang
[J]. SECURITY AND COMMUNICATION NETWORKS, 2014, 7 (11) : 2125 - 2133
[8] Security flaws in authentication and key establishment protocols for mobile communications
Shim, K
Lee, YR
[J]. APPLIED MATHEMATICS AND COMPUTATION, 2005, 169 (01) : 62 - 74
[9] Questioning the Security of Three Recent Authentication and Key Agreement Protocols
Rahmani, Amir Masoud
Mohammadi, Mokhtar
Rashidi, Shima
Lansky, Jan
Mildeova, Stanislava
Safkhani, Masoumeh
Kumari, Saru
Hosseinzadeh, Mehdi
[J]. IEEE ACCESS, 2021, 9 : 98204 - 98217
[10] A machine learning-based scheme for the security analysis of authentication and key agreement protocols
Zhuo Ma
Yang Liu
Zhuzhu Wang
Haoran Ge
Meng Zhao
[J]. Neural Computing and Applications, 2020, 32 : 16819 - 16831

← 1 2 3 4 5 →