A security risk of depending on synchronized clocks

Authors:
Li Gong
Affiliations:
-
Venue:
ACM SIGOPS Operating Systems Review
Year:
1992

Citing 10
Cited 35

Synchronizing clocks in the presence of faults

Journal of the ACM (JACM)
Integrating security in a large distributed system

ACM Transactions on Computer Systems (TOCS)
Reducing risks from poorly chosen keys

SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Inside risks: the clock grows at midnight

Communications of the ACM
Practical uses of synchronized clocks in distributed systems

PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
Security Mechanisms in High-Level Network Protocols

ACM Computing Surveys (CSUR)
Timestamps in key distribution protocols

Communications of the ACM
Time, clocks, and the ordering of events in a distributed system

Communications of the ACM
Using encryption for authentication in large networks of computers

Communications of the ACM
Limitations of the Kerberos authentication system

ACM SIGCOMM Computer Communication Review

A nonce-based protocol for multiple authentications

ACM SIGOPS Operating Systems Review
A note on the use of timestamps as nonces

ACM SIGOPS Operating Systems Review
Authentication in distributed systems: a bibliography

ACM SIGOPS Operating Systems Review
Lower bounds on messages and rounds for network authentication protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Optimality of multi-domain protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A security architecture for fault-tolerant systems

ACM Transactions on Computer Systems (TOCS) - Special issue on computer architecture
An efficient and secure authentication protocol using uncertified keys

ACM SIGOPS Operating Systems Review
Prudent Engineering Practice for Cryptographic Protocols

IEEE Transactions on Software Engineering
New design concepts for an intelligent Internet

Communications of the ACM
Security in active networks

Secure Internet programming
Practical byzantine fault tolerance and proactive recovery

ACM Transactions on Computer Systems (TOCS)
Lessons Learned in Implementing and Deploying Crypto Software

Proceedings of the 11th USENIX Security Symposium
Thwarting Timing Attacks Using ATM Networks

Revised Papers from the 9th International Workshop on Security Protocols
ID-based password authentication scheme using smart cards and fingerprints

ACM SIGOPS Operating Systems Review
ENDL: A Logical Framework for Verifying Secure Transaction Protocols

Knowledge and Information Systems
Efficient network authentication protocols: lower bounds and optimal implementations

Distributed Computing
Proactive recovery in a Byzantine-fault-tolerant system

OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Offline delegation

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Kerberos security with clocks adrift

SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
A Security Enhanced Timestamp-Based Password Authentication Scheme Using Smart Cards

IEICE - Transactions on Information and Systems
Security Analysis of Standard Authentication and Key Agreement Protocols Utilising Timestamps

AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Nonce Generators and the Nonce Reset Problem

ISC '09 Proceedings of the 12th International Conference on Information Security
An efficient biometrics-based remote user authentication scheme using smart cards

Journal of Network and Computer Applications
An efficient remote user authentication scheme secure against the off-line password guessing attack by power analysis

ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 2
Two attacks on Neuman-Stubblebine authentication protocols

Information Processing Letters
Timed calculus of cryptographic communication

FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Secure transaction protocol analysis: models and applications

Secure transaction protocol analysis: models and applications
Two robust remote user authentication protocols using smart cards

Journal of Systems and Software
Provably secure and efficient authentication techniques for the global mobility network

Journal of Systems and Software
Two efficient and secure authentication schemes using smart cards

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
A new dynamic ID-Based remote user authentication scheme with forward secrecy

APWeb'12 Proceedings of the 14th international conference on Web Technologies and Applications
A timestamp model for determining real-time communications in intelligent networks

Computer Communications
An enhanced biometrics-based remote user authentication scheme using mobile devices

International Journal of Computational Intelligence Studies
Comments on an advanced dynamic ID-Based authentication scheme for cloud computing

WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Cryptanalysis of a remote user authentication scheme for mobile client-server environment based on ECC

Information Fusion

Quantified Score

Hi-index	0.02

Visualization

Abstract

Many algorithms or protocols, in particular cryptographic protocols such as authentication protocols, use synchronized clocks and depend on them for correctness. This note describes a scenario where a clock synchronization failure renders a protocol vulnerable to an attack even after the faulty clock has been resynchronized. The attack exploits a postdated message by first suppressing it and replaying it later.