Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Using encryption for authentication in large networks of computers
Communications of the ACM
Protocols for Key Establishment and Authentication
Protocols for Key Establishment and Authentication
Attacking the IPsec Standards in Encryption-only Configurations
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Provably repairing the ISO/IEC 9798 standard for entity authentication
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Provably repairing the ISO/IEC 9798 standard for entity authentication
Journal of Computer Security - Security and Trust Principles
| Hi-index | 0.00 |
A new class of attacks against authentication and authenticated key establishment protocols is described, which we call parsing ambiguity attacks. If appropriate precautions are not deployed, these attacks apply to a very wide range of such protocols, including those specified in a number of international standards. Three example attacks are described in detail, and possible generalisations are also outlined. Finally, possible countermeasures are given, as are recommendations for modifications to the relevant standards.