Provably Insecure Mutual Authentication Protocols: The Two-Party Symmetric-Encryption Case
Date: October 1999 Publication: 22nd National Information Systems Security Conference Source 1: http://csrc.nist.gov/nissc/1999/proceeding/papers/p25.pdf Abstract or Summary:
In practice, users will rely on a wide variety of communication protocols to conduct their work over the Internet. This paper discusses the security ramifications of using multiple authentication protocols. We demonstrate multi-protocol attacks and how they can be realized to defeat otherwise secure authentication protocols. We highlight this discussion with examples of attacks on a proposed symmetric key-based authentication protocols. We present a model of communication that reflects the existence of this type of attack, and demonstrate that a class of authentication protocols can never be secure in the presence of this type of attack. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |