14,199 research outputs found
Modeling Adversaries in a Logic for Security Protocol Analysis
Logics for security protocol analysis require the formalization of an
adversary model that specifies the capabilities of adversaries. A common model
is the Dolev-Yao model, which considers only adversaries that can compose and
replay messages, and decipher them with known keys. The Dolev-Yao model is a
useful abstraction, but it suffers from some drawbacks: it cannot handle the
adversary knowing protocol-specific information, and it cannot handle
probabilistic notions, such as the adversary attempting to guess the keys. We
show how we can analyze security protocols under different adversary models by
using a logic with a notion of algorithmic knowledge. Roughly speaking,
adversaries are assumed to use algorithms to compute their knowledge; adversary
capabilities are captured by suitable restrictions on the algorithms used. We
show how we can model the standard Dolev-Yao adversary in this setting, and how
we can capture more general capabilities including protocol-specific knowledge
and guesses.Comment: 23 pages. A preliminary version appeared in the proceedings of
FaSec'0
Recommended from our members
Selling Desire and Dissatisfaction: Why Advertising should be banned From Bhutan
Pitfalls in Ultralightweight RFID Authentication Protocol
Radio frequency identification (RFID) is one of the most promising identification schemes in the field of pervasive systems. Non-line of sight capability makes RFID systems more protuberant than its contended systems. Since the RFID systems incorporate wireless medium, so there are some allied security threats and apprehensions from malicious adversaries. In order to make the system reliable and secure, numerous researchers have proposed ultralightweight mutual authentication protocols; which involve only simple bitwise logical operations (AND, XOR & OR etc.) to provide security. In this paper, we have analyzed the security vulnerabilities of state of the art ultralightweight RFID authentication protocol: RAPP. We have proposed three attacks (two DoS and one Desynchronization) in RAPP protocol and challenged its security claims. Â Moreover, we have also highlighted some common pitfalls in ultralightweight authentication protocol designs. This will help as a sanity check, improve and longevity of ultralightweight authentication protocol designs
- …