UMTS Networks: Architecture, Mobility and Services
UMTS Networks: Architecture, Mobility and Services
Formal methods for cryptographic protocol analysis: emerging issues and trends
IEEE Journal on Selected Areas in Communications
Flexible and fast security solution for wireless LAN
Pervasive and Mobile Computing
Provably Secure Three-Party Authenticated Quantum Key Distribution Protocols
IEEE Transactions on Dependable and Secure Computing
Enforcing integrity of agent migration paths by distribution of trust
International Journal of Intelligent Information and Database Systems
Compositional System Security with Interface-Confined Adversaries
Electronic Notes in Theoretical Computer Science (ENTCS)
Principles, Systems and Applications of IP Telecommunications
User identity issues in mashups for learning experiences using IMS Learning Design
International Journal of Technology Enhanced Learning
Mobile electronic identity: securing payment on mobile phones
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Cyber risks to secure and private universal access
UAHCI'11 Proceedings of the 6th international conference on Universal access in human-computer interaction: design for all and eInclusion - Volume Part I
Authentication components: engineering experiences and guidelines
SP'04 Proceedings of the 12th international conference on Security Protocols
| Hi-index | 0.00 |
Deploying a new security protocol is expensive. This encourages system designers to look for ways of re-using existing infrastructure. When security protocols and components are re-used, it is critical to re-examine the security of the resulting system as a whole. For example, it has become a standard paradigm to run a legacy client authentication protocol within a secure tunnel. The commonest example of such composition is the use of HTTP authentication inside a TLS tunnel. In this paper, we describe a man-in-the-middle attack on such protocol composition. The vulnerability arises if the legacy client authentication protocol is used both in tunnelled and untunnelled forms. Even when the client authentication protocol and the tunnel protocol are both secure, composing them in the customary manner results in an insecure system. We propose a solution to this problem by using a cryptographic binding between the client authentication protocol and the tunnel protocol.