Explicit Communication Revisited: Two New Attacks on Authentication Protocols

Authors:
Martín Abadi
Affiliations:
Digital Equipment Corporation, Palo Alto, CA
Venue:
IEEE Transactions on Software Engineering
Year:
1997

Citing 5
Cited 8

Applied cryptography (2nd ed.): protocols, algorithms, and source code in C

Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Prudent Engineering Practice for Cryptographic Protocols

IEEE Transactions on Software Engineering
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Robustness Principles for Public Key Protocols

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Texas A&M University anarchistic Key authorization (AKA)

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Escaping the evils of centralized control with self-certifying pathnames

Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
Abstracting Cryptographic Protocols by Prolog Rules

SAS '01 Proceedings of the 8th International Symposium on Static Analysis
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Information Sciences: an International Journal
Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols

INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
On the rila-mitchell security protocols for biometrics-based cardholder authentication in smartcards

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and its Applications - Volume Part I
On the rila-mitchell security protocols for biometrics-based cardholder authentication in smartcards

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part IV
Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09

CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

SSH and AKA are recent, practical protocols for secure connections over an otherwise unprotected network. This paper shows that, despite the use of public-key cryptography, SSH and AKA do not provide authentication as intended. The flaws of SSH and AKA can be viewed as the result of their disregarding a basic principle for the design of sound authentication protocols: the principle that messages should be explicit.