Automatically Detecting Authentication Limitations in Commercial Security Protocols
Authors: Stephen H. Brackin

Date: October 1999
Publication: 22nd National Information Systems Security Conference
Source 1:

Abstract or Summary:
Protocol failure, which occurs when an active wiretapper can obtain confidential information or impersonate a legitimate user, without performing cryptanalysis, by blocking, replaying, or modifying messages, is a surprisingly difficult, and surprisingly common, problem. This paper describes how the Automatic Authentication Protocol Analyzer, 2nd Version (AAPA2), a fast and completely automatic tool for finding the vulnerabilities that give rise to protocol failure, reveals errors in assumptions about the authentication capabilities of two large commercial protocols.

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019