Analysis Of Authentication Protocols Research Articles

Proving Mutual Authentication Property of Industrial Internet of Things Multi-Factor Authentication Protocol Based on Logic of Events

Security protocols are the basis of modern network communication, proving that the security problem of protocols is one of the hot research topics today. The data in industrial IoT are usually transmitted through insecure channels, which brings certain security risks. The Logic of Events is a formal method for proving the security properties of protocols based on event systems. The new theoretical extension is based on the Logic of Events theory, which proposes new event classes Compurte, TimeGap, Construct, and Reconstruct and an axiom AxiomRe and related inference rules for malicious attacks and security privacy issues in emerging protocols, as well as extending the matching descriptions of protocol behaviours in complex cryptographic algorithms and information sharing techniques for applications for the formal analysis of authentication protocols for the Industrial Internet of Things. Finally, formal analysis is carried out using the example of a secure multi-factor authentication protocol for the industrial IoT, which proves the security of the protocol.

A Flexible Gimli Hardware Implementation in FPGA and Its Application to RFID Authentication Protocols

Radio Frequency Identification (RFID) systems have bestowed numerous conveniences in a multitude of applications, but the underlying wireless communications architecture makes it vulnerable to several security threats. To mitigate these issues, various authentication protocols have been proposed. The literature accommodates comprehensive proposals and analysis of authentication protocols, but not many of them provide hardware implementations. In addition, there is diverse demand for hardware area and throughput (TP) requirements from RFID system components (tags, readers, database servers), which demand a flexible implementation strategy. This paper proposes a flexible implementation strategy for the lightweight authenticated encryption (AE) and hash function called Gimli, and applies it to a state-of-the-art authentication protocol. This allows the authentication protocol to be implemented efficiently, wherein the area and TP can be adjusted flexibly according to the RFID system requirements. This implementation strategy is generic; it can be used to implement any other AE and hash functions. This strategy can also be applied to other authentication protocols that heavily use AE and hash functions. To provide a detailed analysis, the hardware optimization techniques in each component of the RFID system for a state-of-the-art authentication protocol are analyzed. When implemented with the most area-optimized versions, we achieve TP of 740 Mbps and 420 Mbps for Gimli hash and Gimli AE, respectively, and for throughput-oriented implementation, the results are 3.08 Gbps and 1.43 Gbps, respectively. This shows that the proposed implementation strategies allow us to implement authentication protocols in a flexible manner to meet the differing requirements in TP and area for RFID applications.

On the Properties of Epistemic and Temporal Epistemic Logics of Authentication

The authentication properties of a security protocol are specified based on the knowledge gained by the principals that exchange messages with respect to the steps of that protocol. As there are many successful attacks on authentication protocols, different formal systems, in particular epistemic and temporal epistemic logics, have been developed for analyzing such protocols. However, such logics may fail to detect some attacks. To promote the specification and verification power of these logics, researchers may try to construct them in such a way that they preserve some properties such as soundness, completeness, being omniscience-free, or expressiveness. The aim of this paper is to provide an overview of the epistemic and temporal epistemic logics which are applied in the analysis of authentication protocols to find out how far these logical properties may affect analyzing such protocols.

ФОРМАЛИЗОВАННЫЙ АНАЛИЗ ПРОТОКОЛОВ АУТЕНТИФИКАЦИИ

ФОРМАЛИЗОВАННЫЙ АНАЛИЗ ПРОТОКОЛОВ АУТЕНТИФИКАЦИИ

One-Time Passwords: Resistance to Masquerade Attack

Authentication is one of the main tasks of information security and its development will help to apply artificial intelligence statements in practice. When computers will do a lot of tasks for humans in will be quite important to give access to the proper computer and system security will be based on the authentication protocol security. Nowadays one-time passwords are used in a lot of areas of information technologies including e-commerce. An analysis of authentication protocols based on one-time passwords and their vulnerabilities is provided. The focus of the research is on vulnerabilities remediation of Bicakci protocol. Modification of this protocol is also given. The directions of further work are concluded including software implementation of the modified protocol.

From Wireless Sensor Networks to Wireless Body Area Networks: Formal Modeling and Verification on Security Using PAT

Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN) and wireless body area networks (WBAN), formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the node mobility related specification for modeling location-based node activity. Then, the traditional Dolev-Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

Frontier technologies of trust computing and network security

The increasing complexity of computer systems and communication networks induces tremendous requirements for trust and security. This special issue includes topics on trusted computing, risk and reputation management, network security and survivable computer systems/networks. These issues have evolved into an active and important area of research and development. The past decade has witnessed a proliferation of concurrency and computation systems for practice of highly trust, security and privacy, which has become a key subject in determining future research and development activities in many academic and industrial branches. This special issue aims to present and discuss advances of current research and development in all aspects of trusted computing and network security. In addition, this special issue provides snapshots of contemporary academia work in the field of network trusted computing. We prepared and organized this special issue to record state-of-the-art research, novel development and trends for future insight in this domain. In this special issue, 14 papers have been accepted for publication, which demonstrate novel and original work in this field. A detailed overview of the selected works is given below.

Research on the Structure of Authentication Protocol Analysis Based on MSCs/Promela

To discover the existing or possibly existing vulnerability of present authentication protocol, we proposed a structure of authentication protocol analysis, which consist of white box analysis, black box analysis and indicator system as the three main functional components. White box analysis makes use of the transformation from MSCs (Message Sequence Charts) to Promela (Process Meta Language), the input language of the remarkable model checker SPIN; black box analysis is based on the attack platform of authentication protocol analysis; indicator system is decided by deducibility restraint methods. Compared with the UML modeling methods based on Promela, the MSC2Promela methods we figured out on the context have more advantages than its disadvantages. Finally, we proposed a structure of authentication protocol analysis based on the transformation from MSC2Promela, which makes sense to the later work on the area of authentication protocol analysis.

A formal analysis of authentication protocols for mobile devices in next generation networks

SummaryNext Generation Networks comprise a wide variety of access technologies such as 2G/3G, WLAN as well as the Long‐Term Evolution (LTE) networks. In this environment, mobile devices are expected to store sensitive data and represent users to access the underlying networks and connect to a wide variety of sensitive servers. It is crucial, in this sense, for end users to trust their mobile devices and for all transactions using them to be secure. Therefore, a number of communication frameworks in Next Generation Networks have been working on designing device authentication protocols that achieve mutual authentication between users and mobile terminals. This paper analyses some of these protocols and introduces two new device authentication protocols, verifies them using formal methods approach and discusses how they achieved desired security proprieties. The performance analysis highlights another advantage of the proposed protocols. Copyright © 2014 John Wiley & Sons, Ltd.

Fairness analysis of e-commerce protocols based on strand spaces

Strand space logic is a formal method for analysing the security protocol. The electronic commerce protocols are of more complex structures, for example, branch structures, or a protocol is composite of multiple sub-protocols, so the analysis of electronic commerce protocols is far more complex than the analysis of authentication protocols. Fairness is a very important feature in e-commerce protocol. But traditional belief logic is not suitable for this. In this paper, we analyse the strand and bundle of ISI payment protocol and then prove its unfairness. We also present a strand node path method to analyse ASW protocol, which consists of multiple sub-protocols with branch structure, and the strand space analysis shows that this protocol is fair.

Tags for Multi-Protocol Authentication

Formal methods have been proved successful in analyzing different kinds of security protocols. They typically formalize and study the security guarantees provided by cryptographic protocols, when executed by a (possibly unbounded) number of different participants. A key problem in applying formal methods to cryptographic protocols, is the study of multi-protocol systems, where different protocols are concurrently executed. This scenario is particularly interesting in a global computing setting, where several different security services coexist and are possibly combined together. In this paper, we discuss how the tagging mechanism presented in [M. Bugliesi, R. Focardi, and M. Maffei. Compositional analysis of authentication protocols. In Proceedings of European Symposium on Programming (ESOP 2004), volume 2986 of Lecture Notes in Computer Science, pages 140–154. Springer-Verlag, 2004, M. Bugliesi, R.Focardi, and M.Maffei. A theory of types and effects for authentication. In ACM Proceedings of Formal Methods for Security Engineering: from Theory to Practice (FMSE 2004), pages 1–12. ACM Press, October 2004] addresses this issue.

Authentication by correspondence

Correspondence properties capture authentication only indirectly. We trace the origin of correspondence in the analysis of authentication protocols and investigate to what extent correspondence actually corresponds to the various flavors of authentication.

Towards a Strand Semantics for Authentication Logic

The logic BAN was developed in the late eighties to reason about authenticated key establishment protocols. It uncovered many flaws and properties of protocols, thus generating lots of attention in protocol analysis. BAN itself was also subject of much attention, and work was done examining its properties and limitations, developing extensions and alternatives, and giving it a semantics.More recently, the strand space approach was developed. This approach gave a graph theoretic characterization of the causally possible interactions between local histories (strands) along with a term algebra to express sent and received messages. This model was designed and has been used by its authors for direct application to authentication protocol analysis. However, it has also quickly attracted the attention of many other researchers in the field as useful in connection to related work, such as model checking approaches.Here we discuss the idea of using strand spaces as the model of computation underlying a semantics for BAN-style expressions. This will help to integrate some of the approaches to security protocol analysis and to hopefully provide BAN logics with a clearer, more useful underlying model than they have had to date.

Verifying authentication protocols in CSP

This paper presents a general approach for analysis and verification of authentication properties using the theory of Communicating Sequential Processes (CSP). The paper aims to develop a specific theory appropriate to the analysis of authentication protocols, built on top of the general CSP semantic framework. This approach aims to combine the ability to express such protocols in a natural and precise way with the ability to reason formally about the properties they exhibit. The theory is illustrated by an examination of the Needham-Schroeder (1978) public key protocol. The protocol is first examined with respect to a single run and then more generally with respect to multiple concurrent runs.