Skip to main content
SpringerLink
Log in

Authentication-Myths and Misconceptions

  • Conference paper
Cryptography and Computational Number Theory

Part of the book series: Progress in Computer Science and Applied Logic ((PCS,volume 20))

Abstract

There is a mantra telling us that authentication is difficult. The failure to design robust authentication protocols is commonly attributed to a lack of good design strategies, and to a lack of verification tools. This paper tells the story of entity authentication arguing that clarity is more important than precision, and that formal methods sometimes even add to the confusion about the meaning of ‘authentication’. Verifying claimed identities translates into checking whether a party is alive, or into checking the identity of the party at the other end of a connection. Correspondence properties can capture both aspects, obscuring an important distinction.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Abadi, Explicit communication revisited: Two new attacks on authentication protocols,IEEE Transactions on Software Engineering23 (1997), no. 3, 185–186.

    Article  MathSciNet  Google Scholar 

  2. M. Bellare and P. Rogaway, Entity authentication and key distribution, Advances in Cryptology — CRYPTO’93, LNCS 773 (D. R. Stinson, ed.), Springer Verlag, 1994, pp. 232–249.

    Google Scholar 

  3. R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung, Systematic design of two-party authentication protocols, Advances in Cryptology — CRYPT0’91, LNCS 576 (J. Feigenbaum, ed.), Springer Verlag, 1992, pp. 44–61.

    Google Scholar 

  4. R. Bird, I. Gopal, A. Herzberg, P. A. Janson, S. Kutten, R. Molva, and M. Yung, Systematic design of a family of attack-resistant authentication protocols, IEEE Journal on Selected Areas in Communications 11 (1993), no. 5, 679–693.

    Article  Google Scholar 

  5. M. Burrows, M. Abadi, and R. Needham, A logic of authentication, DEC Systems Research Center Report 39 (1990).

    Google Scholar 

  6. D. E. Denning and G. M. Sacco, Timestamps in key distribution protocols, Communications of the ACM 24 (1981), no. 8, 533–536.

    Article  Google Scholar 

  7. W. Diffie, P. C. van Oorschot, and M. J. Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography 2 (1992), 107–125.

    Article  MathSciNet  Google Scholar 

  8. D. Gollmann, Proving authentication protocols — what do authentication protocols prove?, Mathematics of Dependable Systems (V. Stavridou C. J. Mitchell, ed.), Clarendon Press, 1995, pp. 95–102.

    Google Scholar 

  9. D. Gollmann, Insider fraud, Proceedings of the Cambridge Security Protocols Workshop, LNCS 1550 (B. Christiansen et al., ed.), Springer Verlag, 1999, pp. 213–219.

    Google Scholar 

  10. C. A. R. Hoare, Communicating sequential processes, Prentice-Hall International, Englewood Cliffs, NJ, 1985.

    MATH  Google Scholar 

  11. International Organization for Standardization, Basic Reference Model for Open Systems Interconnection (OSI) Part 2: Security Architecture, Genève, Switzerland, 1988.

    Google Scholar 

  12. International Organization for Standardization, Information technology — Security techniques — Entity authentication mechanisms; Part 1: General model, Genève, Switzerland, September 1991, ISO/IEC 9798–1, Second Edition

    Google Scholar 

  13. International Organization for Standardization, Information technology — Security techniques — Entity authentication mechanisms; Part 3: Entity authentication mechanisms using a public key algorithm, Genève, Switzerland, March 1991, ISO/IEC JTC1/SC27/WG2 N51

    Google Scholar 

  14. International Organization for Standardization, Information technology — Security techniques — summary of voting on letter ballot No.6, document SC27 N277, CD 9798–3.3 “Entity authentication mechanisms; Part 3: Entity authentication mechanisms using a public key algorithm”, Genève, Switzerland, October 1991, ISO/IEC JTC1/SC27 N313.

    Google Scholar 

  15. International Organization for Standardization, Information technology - Security techniques - Entity authentication mechanisms; Part 3: Entity authentication mechanisms using a public key algorithm, Genève, Switzerland, August 1993, ISO/IEC 9798–3.

    Google Scholar 

  16. B. Lampson, M. Abadi, M. Burrows, and E. Wobber, Authentication in distributed systems: Theory and practice, ACM Transactions on Computer Systems 10 (1992), no. 4, 265–310.

    Article  Google Scholar 

  17. G. Lowe, An attack on the Needham-Schroeder public-key authentication protocol, Information Processing Letters 56 (1995), no. 3, 131–133.

    Article  MATH  Google Scholar 

  18. G. Lowe, Breaking and fixing the Needham-Schroeder public-key protocol using FDR, Proceedings of TACAS, LNCS 1055, Springer Verlag, 1996, pp. 147–166.

    Google Scholar 

  19. G. Lowe, Some new attacks upon security protocols, Proceedings of the 9th IEEE Computer Security Foundations Workshop, 1996, pp. 162–169.

    Chapter  Google Scholar 

  20. G. Lowe, A hierarchy of authentication specifications, Proceedings of the 10th IEEE Computer Security Foundations Workshop, 1997, pp. 31–43.

    Google Scholar 

  21. C. A. Meadows, Analyzing the Needham-Schroeder public key protocol: A comparison of two approaches, Proceedings of ESORICS’96, LNCS 1146 (E. Bertino et al., ed.), Springer Verlag 1996, pp. 351–364.

    Google Scholar 

  22. C. A. Meadows, Analysis of the internet key exchange protocol using the NRL protocol analyzer, Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999, pp. 216–231.

    Google Scholar 

  23. C. J. Mitchell and A. Thomas, Standardising authentication protocols based on public key techniques, Journal of Computer Security 2 (1993), 23–36.

    Google Scholar 

  24. R. M. Needham and M. D. Schroeder, Using encryption for authentication in large networks of computers,Communications of the ACM 21 (1978), 993–999.

    Article  MATH  Google Scholar 

  25. A. W. RoscoeIntensional specifications of security protocols, Proceedings of the 9th IEEE Computer Security Foundations Workshop, 1996, pp. 28–38

    Google Scholar 

  26. S. Schneider, Verifying authentication protocols with CSP, Proceedings of the 10th IEEE Computer Security Foundations Workshop, 1997, pp. 3–17.

    Google Scholar 

  27. S. Schneider, Verifying authentication protocols in CSP, IEEE Transactions on Software Engineering 24 (1998), no. 9, 741–758.

    Article  Google Scholar 

  28. F. J. Thayer Fábrega, J. C. Herzog, and J. D. Guttman, Strand spaces: Why is a security protocol correct?, Proceedings of the 1998 IEEE Symposium on Security and Privacy, 1998, pp. 160–171.

    Google Scholar 

  29. E. Wobber, M. Abadi, M. Burrows, and B. Lampson, Authentication in the TAOS operating systems, ACM Transactions on Computer Systems 12 (1994), no. 1, 3–32.

    Article  Google Scholar 

  30. T. Y. C. Woo and S. S. Lam, A semantic model for authentication protocols, Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy, 1993, pp. 178–194.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research Cambridge, UK

    Dieter Gollmann

Authors
  1. Dieter Gollmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, National University of Singapore, 2 Science Drive 2, 117543, Singapore

    Kwok-Yan Lam

  2. Department of Computing, Macquarie University, NSW, 2109, Australia

    Igor Shparlinski

  3. Department of Computer Science, University of Wollongong, NSW, 2522, Australia

    Huaxiong Wang

  4. Department of Mathematics, National University of Singapore, 2 Science Drive 2, 117543, Singapore

    Chaoping Xing

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer Basel AG

About this paper

Cite this paper

Gollmann, D. (2001). Authentication-Myths and Misconceptions. In: Lam, KY., Shparlinski, I., Wang, H., Xing, C. (eds) Cryptography and Computational Number Theory. Progress in Computer Science and Applied Logic, vol 20. Birkhäuser, Basel. https://doi.org/10.1007/978-3-0348-8295-8_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-0348-8295-8_17

  • Publisher Name: Birkhäuser, Basel

  • Print ISBN: 978-3-0348-9507-1

  • Online ISBN: 978-3-0348-8295-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation