What do we mean by entity authentication?

Authors:
Dieter Gollmann
Affiliations:
Department of Computer Science, Royal Holloway, University of London, Egham, Surrey, United Kingdom
Venue:
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Year:
1996

Citing 9
Cited 5

Efficient and timely mutual authentication

ACM SIGOPS Operating Systems Review
On the formal analysis of PKCS authentication protocols

AUSCRYPT '90 Proceedings of the international conference on cryptology on Advances in cryptology
Authentication and authenticated key exchanges

Designs, Codes and Cryptography
On a limitation of BAN logic

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Using encryption for authentication in large networks of computers

Communications of the ACM
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
A Semantic Model for Authentication Protocols

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
On Unifying Some Cryptographic Protocol Logics

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Prudent Engineering Practice for Cryptographic Protocols

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy

From security protocols to systems security

Proceedings of the 11th international conference on Security Protocols
Specifying authentication using signal events in CSP

CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Accountable privacy

SP'04 Proceedings of the 12th international conference on Security Protocols
Evaluation technique in the spicalculus for cryptographic protocols

ISIICT'09 Proceedings of the Third international conference on Innovation and Information and Communication Technology
A Quantifier-free First-order Knowledge Logic of Authentication

Fundamenta Informaticae - SPECIAL ISSUE ON CONCURRENCY SPECIFICATION AND PROGRAMMING (CS&P 2005) Ruciane-Nide, Poland, 28-30 September 2005

Quantified Score

Hi-index	0.00

Visualization

Abstract

The design of authentication protocols has proven to be surprisingly error prone. We suggest that this is partly due to a language problem. The objectives of entity authentication are usually given in terms of human encounters while we actually implement message passing protocols. We propose various translations of the high level objectives into a language appropriate for communication protocols. In addition, protocols are often specified at too low a level of abstraction. We will argue that encryption should not be used as a general primitive as it does not capture the specific purpose for using a cryptographic function in a particular protocol.