'Uniwersytetu Marii Curie-Sklodowskiej w Lublinie'
Doi
Abstract
In the article we show an attack on the cryptographic protocol of electronic auction withextended requirements [1]. The found attack consists of authentication breach and secret retrieval.It is a kind of “man in the middle attack”. The intruder impersonates an agent and learns somesecret information. We have discovered this flaw using OFMC an automatic tool of cryptographicprotocol verification. After a description of this attack, we propose a new version of the e-auctionprotocol. We also check with OFMC the secrecy for the new protocol and give an informal proofof the other properties that this new e-auction protocol has to guarantee