Post-Session Authentication

  • Naveed Ahmed
  • Christian Damsgaard Jensen
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 374)

Abstract

Entity authentication provides confidence in the claimed identity of a peer entity, but the manner in which this goal is achieved results in different types of authentication. An important factor in this regard is the order between authentication and the execution of the associated session. In this paper, we consider the case of post-session authentication, where parties authenticate each other at the end of their interactive session. This use of authentication is different from session-less authentication (e.g., in RFID) and pre-session authentication (e.g., for access control.)

Post-session authentication, although a new term, is not a new concept; it is the basis of at least a few practical schemes. We, for the first time, systematically study it and present the underlying authentication model. Further, we show that an important class of problems is solvable using post-session authentication as the only setup assumption. We hope post-session authentication can be used to devise new strategies for building trust among strangers.

Keywords

Security Analysis Authentication Protocol Binding Sequence Auxiliary Input Entity Authentication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Zimmermann, P.R.: Pgpfone: Pretty good privacy phone owner’s manual, version 1.0(5) (1996), http://web.mit.edu/network/pgpfone/manual/#PGP000057
  2. 2.
    ISO standard: Entity Authentication Mechanisms; Part 1: General Model. ISO/IEC 9798-1, 2nd edn. (September 1991)Google Scholar
  3. 3.
    Stajano, F., Anderson, R.: The Cocaine Auction Protocol: On the Power of Anonymous Broadcast. In: Pfitzmann, A. (ed.) IH 1999. LNCS, vol. 1768, pp. 434–447. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Burrows, M., Abadi, M., Needham, R.M.: A logic of Authentication. DEC System Research Center, Report 39 (revised February 22, 1990)Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Syverson, P.F., Van Oorschot, P.C.: On Unifying Some Cryptographic Protocol Logics. In: Proc.: S&P, pp. 1063–7109. IEEE (1994) ISSN:1063-7109Google Scholar
  7. 7.
    Gollmann, D.: What do we mean by entity authentication? In: Proc.: Symposium on Security and Privacy, pp. 46–54. IEEE (1996)Google Scholar
  8. 8.
    Lowe, G.: A Hierarchy of Authentication Specifications. In: Proc.: 10th Computer Security Foundations Workshop (CSFW 1997) (1997)Google Scholar
  9. 9.
    Ahmed, N., Jensen, C.D.: Demarcation of Security in Authentication Protocols. In: Proc.: 1st SysSec Workshop, pp. 43–50. IEEE Computer Society (2011)Google Scholar
  10. 10.
    Barak, B., Canetti, R., Lindell, Y., Pass, R., Rabin, T.: Secure Computation Without Authentication. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 361–377. Springer, Heidelberg (2005)Google Scholar
  11. 11.
    Gollmann, D.: Authentication—myths and misconception. In: Cryptography and Computational Number Theory, pp. 203–225. Birkhauser (2001)Google Scholar
  12. 12.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer (2003) ISBN: 978-3-540-43107-7Google Scholar
  13. 13.
    Kurkowski, M., Srebrny, M.: A Quantifier-free First-order Knowledge Logic of Authentication. Fundamenta Informaticae 72(1-3) (2006)Google Scholar
  14. 14.
    Cremers, C.J.F.: Scyther: Semantics and Verification of Security Protocols. IPA Dissertation Series 2006-20, Eindhoven (2006)Google Scholar
  15. 15.
    Roscoe, A.W.: Intensional specifications of security protocols. In: Proc.: Computer Security Foundations Workshop, pp. 28–38. IEEE (1996)Google Scholar
  16. 16.
    Ahmed, N., Jensen, C.D.: Definition of Entity Authentication. In: Proc.: 2nd IWSCN, pp. 1–7. IEEE (2010)Google Scholar
  17. 17.
    Ahmed, N., Jensen, C.D.: Adaptable Authentication Model: Exploring Security with Weaker Attacker Models. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 234–247. Springer, Heidelberg (2011); Technical Report: IMM-TR-2010-17CrossRefGoogle Scholar
  18. 18.
    Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1997)Google Scholar
  19. 19.
    Goldreich, O.: Foundations of cryptography: Basic applications. Cambridge University Press (2004)Google Scholar
  20. 20.
    Juels, A.: RFID security and privacy: A research survey. Selected Areas in Communications 24(2), 381–394 (2006)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetMATHCrossRefGoogle Scholar
  22. 22.
    Amazon UK web store, http://www.amazon.co.uk
  23. 23.
    Lucks, S., Zenner, E., Weimerskirch, A., Westhoff, D.: Concrete Security for Entity Recognition: The Jane Doe Protocol. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 158–171. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  24. 24.
    Basin, D., Mödersheim, S., Vigano, L.: OFMC: A symbolic model checker for security protocols. International J. of Information Security, 181–208 (2005)Google Scholar
  25. 25.
    Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Nielson, H.R.: Static validation of security protocols. Journal of Computer Security, 347–390 (2005)Google Scholar
  26. 26.
    Squicciarini, A.C., Bhargav-Spantzel, A., Bertino, E., Czeksis, A.B.: Auth-SL - A System for the Specification and Enforcement of Quality-Based Authentication Policies. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 386–397. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Abadi, M.: Two facets of authentication. In: Proc.: Computer Security Foundations Workshop, pp. 27–32. IEEE (1998)Google Scholar
  28. 28.
    Gorrieri, R., Martinelli, F., Petrocchi, M.: A formalization of credit and responsibility within the gndc schema. ENTCS 157(3), 61–78 (2006)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Naveed Ahmed
    • 1
  • Christian Damsgaard Jensen
    • 1
  1. 1.Technical University of DenmarkCopenhagenDenmark

Personalised recommendations