Classification of Authentication Protocols: A Practical Approach

  • DongGook Park
  • Colin Boyd
  • Ed TDawson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1975)


We propose a simple classification method for public-key based authentication protocols, which consists of identifying several basic properties leading to a large number of generic prototypes for authentication. Most published protocols can be identified as a concrete instance of one of the generic types. The classification method provides a means to clarify the similarities and differences between different concrete protocols. This facilitates avoidance of previous mistakes when designing a new protocol and allows re-use of analysis of a given abstract protocol when classifying any given concrete protocol.


Authentication Protocol Replay Attack Entity Authentication Mutual Authentication Protocol Random Nonce 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Martin Abadi and Roger Needham, “Prudent Engineering Practice for Cryptographic Protocols”, IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, 1994.Google Scholar
  2. 2.
    ASPeCT, Initial Report on Security Requirements, AC095/ATEA/W21/DS/P/02/B, February 1996.Google Scholar
  3. 3.
    C. Boyd and D. Park, “Public Key Protocols for Wireless Communications”, ICISC’98, Korea, December 1998, pp. 47–57.Google Scholar
  4. 4.
    M. Burrows, M. Abadi, and R. Needham, “A logic of authentication”, DEC Systems Research Center, Report 39, revised February 22, 1990.Google Scholar
  5. 5.
    D. Gollmann, “What do we mean by entity authentication”, 1994 IEEE Symposium on Research in Security and Privacy, pp.46–54.Google Scholar
  6. 6.
    G. Horng and C.-K. Hsu, “Weakness in the Helsinki protocol”, Electronic Letters, 34, 1998, pp.354–355.CrossRefGoogle Scholar
  7. 7.
    International Organization for Standardization, Geneve, Switzerland. ISO/IEC 2nd DIS 11770-3, Information technology Security techniques Key management; Part 3: Mechanisms using asymmetric techniques, July 1997.Google Scholar
  8. 8.
    ISO/IEC DIS 11770-3 “Information Technology-Security techniques-Key management-Part 3: Mechanisms using asymmetric techniques”, 1996Google Scholar
  9. 9.
    G. Lowe, “Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR”, Technical Report, PRG, Oxford University, 1995.Google Scholar
  10. 10.
    K. M. Martin and C. J. Mitchell, “Evaluation of authentication protocols for mobile environment value-added services”, Submitted, Aug. 1998. Available from
  11. 11.
    A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997, p. 492.Google Scholar
  12. 12.
    C. J. Mitchell and A. Thomas, “Standardising authentication protocols based on public key techniques”, Journal of Computer Security 2, 1993, pp. 23–36.Google Scholar
  13. 13.
    C. J. Mitchell and C. Y. Yeun, “Fixing a problem in the Helsinki protocol”, ACM Operating Review, 32 no. 4, 1998, pp.21–24.CrossRefGoogle Scholar
  14. 14.
    Roger Needham and Michael Schroeder, “Using Encryption for Authentication in Large Networks of Computers”, Communications of the ACM, 21, pp.993–999, 1978.zbMATHCrossRefGoogle Scholar
  15. 15.
    C.-S. Park, “On Certicate-Based Security Protocols for Wireless Mobile Communication Systems”, IEEE Network, September/October 1997, pp.50–55.Google Scholar
  16. 16.
    Y. Yacobi and Z. Shmuely, “On Key Distributions”, Advances in Cryptology-CRYPTO’89, Proceedings, Lecture Notes in Computer Science, Vol. 435, Springer-Verlag, pages 344–355, 1989.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • DongGook Park
    • 1
    • 2
  • Colin Boyd
    • 2
  • Ed TDawson
    • 2
  1. 1.Access Network LaboratoryKorea TelecomKorea
  2. 2.Information Security Research CentreQueensland University of TechnologyBrisbane, QueenslandAustralia

Personalised recommendations