Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Protocol Independence through Disjoint Encryption
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Abstraction and Refinement in Protocol Derivation
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Journal of Computer Security - Special issue on ACM conference on computer and communications security, 2001
A modular correctness proof of IEEE 802.11i and TLS
Proceedings of the 12th ACM conference on Computer and communications security
Injective synchronisation: an extension of the authentication hierarchy
Theoretical Computer Science - Automated reasoning for security protocol analysis
SAT-based model-checking for security protocols analysis
International Journal of Information Security
Verified implementations of the information card federated identity-management protocol
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A Correctness Proof of a Mesh Security Architecture
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Cryptographically verified implementations for TLS
Proceedings of the 15th ACM conference on Computer and communications security
Parsing ambiguities in authentication and key establishment protocols
International Journal of Electronic Security and Digital Forensics
Isabelle/HOL: a proof assistant for higher-order logic
Isabelle/HOL: a proof assistant for higher-order logic
Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Efficient construction of machine-checked symbolic protocol security proofs
Journal of Computer Security
| Hi-index | 0.00 |
We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even the most basic authentication guarantees. We analyse the cause of these weaknesses, propose repaired versions of the protocols, and provide automated, machine-checked proofs of the correctness of the resulting protocols. From an engineering perspective, we propose two design principles for security protocols that suffice to prevent all the weaknesses. Moreover, we show how modern verification tools can be used for falsification and certified verification of security standards. The relevance of our findings and recommendations has been acknowledged by the responsible ISO working group and an updated version of the standard will be released.