Explicit communication revisited: Two new attacks on authentication protocols

被引：16

作者：

Abadi, M

机构：

[1] Systems Research Center, Digital Equipment Corporation, Palo Alto, CA 94301

来源：

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING | 1997年 / 23卷 / 03期

关键词：

cryptography; authentication; cryptographic protocols; authentication protocols; security;

D O I：

10.1109/32.585505

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

SSH and AKA are recent, practical protocols for secure connections over an otherwise unprotected network. This paper shows that, despite the use of public-key cryptography, SSH and AKA do not provide authentication as intended. The flaws of SSH and AKA can be viewed as the result of their disregarding a basic principle for the design of sound authentication protocols: the principle that messages should be explicit.

引用

页码：185 / 186

页数：2

共 9 条

[1] Prudent engineering practice for cryptographic protocols [J].

Abadi, M ;

Needham, R .

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 1996, 22 (01) :6-15

[2]

ANDERSON R, 1995, P CRYPTO 95

[3]

Freier AlanO., 1996, SSL PROTOCOL VERSION

[4]

*NBS, 1977, FED INF PROC STAND P, V46

[5]

RIVEST RL, 1978, COMMUN ACM, V21, P120, DOI [10.1145/359340.359342, 10.1145/357980.358017]

[6]

Safford D, 1996, PROCEEDINGS OF THE SIXTH ANNUAL USENIX SECURITY SYMPOSIUM: FOCUSING ON APPLICATIONS OF CRYPTOGRAPHY, P179

[7]

Schneier B, 1996, APPL CRYPTOGRAPHY

[8]

Ylonen T, 1996, PROCEEDINGS OF THE SIXTH ANNUAL USENIX SECURITY SYMPOSIUM: FOCUSING ON APPLICATIONS OF CRYPTOGRAPHY, P37

[9]

Ylonen T., 1996, SSH TRANSPORT LAYER

← 1 →