Applying authentication tests to discover Man-In-The-Middle attack in security protocols

Author

Muhammad, Shahabuddin

Author_Institution

Coll. of Comput. Eng. & Sci., Prince Mohammad Bin Fahd Univ., AlKhobar, Saudi Arabia

fYear

2013

fDate

10-12 Sept. 2013

Firstpage

35

Lastpage

40

Abstract

Authentication protocols ensure that participants in a distributed environment verify their identities before sending sensitive information to each other. If an authentication protocol has a design flaw, it may fail to reveal the true identities of distributed participants. To verify that an authentication protocol achieves its objectives, we have developed Authentication Tests based on Distributed Temporal Protocol Logic (DTPL). In this paper, we propose a generic strategy to analyze authentication protocols based on these Authentication Tests. We demonstrate the ease with which our proposed strategy can be used by applying these tests on famous Needham-Shroeder Public Key (NSPK) authentication protocol. We also demonstrate how the inability to prove a security property can lead us to identifying Man-In-The-Middle attack on such protocols.

Keywords

cryptographic protocols; message authentication; public key cryptography; temporal logic; DTPL; NSPK authentication protocol; Needham-Shroeder public key protocol; authentication test; distributed temporal protocol logic; man-in-the-middle attack; security property; security protocol; Abstracts; Authentication; Educational institutions; Protocols; Public key;

fLanguage

English

Publisher

ieee

Conference_Titel

Digital Information Management (ICDIM), 2013 Eighth International Conference on

Conference_Location

Islamabad

Print_ISBN

978-1-4799-0613-0

Type

conf

DOI

10.1109/ICDIM.2013.6693967

Filename

6693967