On strengthening authentication protocols to foil cryptanalysis

  • Wenbo Mao
  • Colin Boyd
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)


Cryptographic protocols have usually been designed at an abstract level without concern for the cryptographic algorithms used in implementation. In this paper it is shown that the abstract protocol definition can have an important effect on the ability of an attacker to mount a successful attack on an implementation. In particular, it will be determined whether an adversary is able to generate corresponding pairs of plaintext and ciphertext to use as a lever in compromising secret keys. The ideas are illustrated by analysis of two well-known authentication systems which have been used in practice. They are Kerberos and KryptoKnight. It is shown that for the Kerberos protocol, an adversary can acquire at will an unlimited number of known plaintext-ciphertext pairs. Similarly, an adversary in the KryptoKnight system can acquire an unlimited number of data pairs which, by a less direct means, can be seen to be cryptanalytically equivalent to known plaintext-ciphertext pairs. We propose new protocols, using key derivation techniques, which achieve the same end goals as these others without this undesirable feature.


Encryption Algorithm Authentication Protocol Remedy Scheme Authentication Mechanism Entity Authentication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    R.J. Anderson and R.M.A. Lomas. On fortifying key negotiation schemes with poorly chosen passwords. Computer Laboratory, University of Cambridge (obtained from personal contact), 1994.Google Scholar
  2. 2.
    S.M. Bellovin and M. Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy, 1992.Google Scholar
  3. 3.
    E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag, 1993.Google Scholar
  4. 4.
    R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung. Systematic design of two-party authentication protocols. In Crypto '91, LNCS, 1991.Google Scholar
  5. 5.
    E.F. Brickell and A.M. Odlyzko. Cryptanalysis, A Survey of Recent Results, pages 501–540. IEEE Press, 1992.Google Scholar
  6. 6.
    D.E. Denning and G.M. Sacco. Timestamps in key distribution protocols. C.ACM, 24(8):533–536, August 1981.CrossRefGoogle Scholar
  7. 7.
    W. Diffie and M.E. Hellman. New directions in cryptography. IEEE Trans. Info. Theory, IT-22(6):644–654, 1976.CrossRefGoogle Scholar
  8. 8.
    W. Diffie, P.C. Van Oorschot, and M. Wiener. Authentication and authenticated key exchanges. Designs, Codes and Cryptography, 2:107–125, 1992.Google Scholar
  9. 9.
    E. Evan, W. Kantrowitz, and E. Weiss. A user authentication scheme not requiring secrecy in the computer. C.ACM, 17:437–442, 1974.CrossRefGoogle Scholar
  10. 10.
    L. Gong. Using one-way function for authentication. Computer Communication Review, 19(5):8–11, 1989.CrossRefGoogle Scholar
  11. 11.
    L. Gong. Authentication, key distribution, and secure broadcast in computer networks using no encryption or decryption. Technical Report SRI-CSL-94-08, SRI International, 1994.Google Scholar
  12. 12.
    ISO/IEC. N 739, DIS 9798-2, information technology — security techniques — entity authentication mechanisms — part 2: Entity authentication using symmetric techniques, 1993-08-13.Google Scholar
  13. 13.
    ISO/IEC. CD 11770-2: Key management, part 2: Key management mechanisms using symmetric techniques, 1993-10-03.Google Scholar
  14. 14.
    J. Kohl and C. Neuman. The Kerberos network authentication service (v5). Internet Archive RFC 1510, September 1993.Google Scholar
  15. 15.
    W. Mao and C. Boyd. Development of authentication protocols: Some misconceptions and a new approach. In Computer Security Foundations Workshop VII. IEEE Computer Society Press, 1994.Google Scholar
  16. 16.
    R.C. Merkle. Secure communications over insecure channels. C.ACM, 21:294–299, 1978.CrossRefGoogle Scholar
  17. 17.
    S.P. Miller, C. Neuman, J.I. Schiller, and J.H. Saltzer. Kerberos authentication and authorization system. Project Athena Technical Plan Section E.2.1, 1987.Google Scholar
  18. 18.
    R. Molva, G. Tsudik, E. van Herreweghen, and S. Zatti. Kryptoknight authentication and key distribution system. In ESORICS '92, LNCS 648, pages 155–174, 1992.Google Scholar
  19. 19.
    R.M. Needham and M.D. Schroeder. Using encryption for authentication in large networks of computers. C.ACM, 21(12):993–999, 1978.CrossRefGoogle Scholar
  20. 20.
    D. Otway and O. Rees. Efficient and timely mutual authentication. Operating Systems Review, Vol 21(1):8–10, 1987.CrossRefGoogle Scholar
  21. 21.
    R.L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. C.ACM, 21:120–126, 1976.CrossRefGoogle Scholar
  22. 22.
    B. Schneier. Applied Cryptography. John Wiley & Sons, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Wenbo Mao
    • 1
  • Colin Boyd
    • 1
  1. 1.Communications Research Laboratory Department of Electrical EngineeringUniversity of ManchesterManchesterUK

Personalised recommendations