Classification of Authentication Protocols: A Practical Approach
We propose a simple classification method for public-key based authentication protocols, which consists of identifying several basic properties leading to a large number of generic prototypes for authentication. Most published protocols can be identified as a concrete instance of one of the generic types. The classification method provides a means to clarify the similarities and differences between different concrete protocols. This facilitates avoidance of previous mistakes when designing a new protocol and allows re-use of analysis of a given abstract protocol when classifying any given concrete protocol.
KeywordsAuthentication Protocol Replay Attack Entity Authentication Mutual Authentication Protocol Random Nonce
Unable to display preview. Download preview PDF.
- 1.Martin Abadi and Roger Needham, “Prudent Engineering Practice for Cryptographic Protocols”, IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, 1994.Google Scholar
- 2.ASPeCT, Initial Report on Security Requirements, AC095/ATEA/W21/DS/P/02/B, February 1996.Google Scholar
- 3.C. Boyd and D. Park, “Public Key Protocols for Wireless Communications”, ICISC’98, Korea, December 1998, pp. 47–57.Google Scholar
- 4.M. Burrows, M. Abadi, and R. Needham, “A logic of authentication”, DEC Systems Research Center, Report 39, revised February 22, 1990.Google Scholar
- 5.D. Gollmann, “What do we mean by entity authentication”, 1994 IEEE Symposium on Research in Security and Privacy, pp.46–54.Google Scholar
- 7.International Organization for Standardization, Geneve, Switzerland. ISO/IEC 2nd DIS 11770-3, Information technology Security techniques Key management; Part 3: Mechanisms using asymmetric techniques, July 1997.Google Scholar
- 8.ISO/IEC DIS 11770-3 “Information Technology-Security techniques-Key management-Part 3: Mechanisms using asymmetric techniques”, 1996Google Scholar
- 9.G. Lowe, “Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR”, Technical Report, PRG, Oxford University, 1995.Google Scholar
- 10.K. M. Martin and C. J. Mitchell, “Evaluation of authentication protocols for mobile environment value-added services”, Submitted, Aug. 1998. Available from http://isg.rhbnc.ac.uk/cjm/Chris_Mitchell.htm.
- 11.A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997, p. 492.Google Scholar
- 12.C. J. Mitchell and A. Thomas, “Standardising authentication protocols based on public key techniques”, Journal of Computer Security 2, 1993, pp. 23–36.Google Scholar
- 15.C.-S. Park, “On Certicate-Based Security Protocols for Wireless Mobile Communication Systems”, IEEE Network, September/October 1997, pp.50–55.Google Scholar
- 16.Y. Yacobi and Z. Shmuely, “On Key Distributions”, Advances in Cryptology-CRYPTO’89, Proceedings, Lecture Notes in Computer Science, Vol. 435, Springer-Verlag, pages 344–355, 1989.Google Scholar