Advertisement

Adaptable Authentication Model: Exploring Security with Weaker Attacker Models

  • Naveed Ahmed
  • Christian D. Jensen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6542)

Abstract

Most methods for protocol analysis classify protocols as “broken” if they are vulnerable to attacks from a strong attacker, e.g., assuming the Dolev-Yao attacker model. In many cases, however, exploitation of existing vulnerabilities may not be practical and, moreover, not all applications may suffer because of the identified vulnerabilities. Therefore, we may need to analyze a protocol for weaker notions of security. In this paper, we present a security model that supports such weaker notions. In this model, the overall goals of an authentication protocol are broken into a finer granularity; for each fine level authentication goal, we determine the “least strongest-attacker” for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications where one may need to trade-off security relaxations against resource requirements.

Keywords

Authentication Protocol Security Model Hybrid Process Attack Model Fair Exchange Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M.: Secrecy by typing in security protocols. J. ACM 46, 749–786 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Ahmed, N., Jensen, C.D.: Adaptable authentication model. Tech. Rep. IMM-Technical Report-2010-17, DTU Informatics, Lyngby, Denmark (2010)Google Scholar
  3. 3.
    Ahmed, N., Jensen, C.D.: Definition of entity authentication. In: 2nd International Workshop on Security and Communication Networks, pp. 1–7 (May 2010)Google Scholar
  4. 4.
    Ahmed, N., Jensen, C.D.: Entity authentication:analysis using structured intuition. In: Technical Report of NODES 2010 (2010)Google Scholar
  5. 5.
    Avoine, G.: Cryptography in Radio Frequency Identification and Fair Exchange Protocols. Ph.D. thesis, EPFL, Lausanne, Switzerland (2005)Google Scholar
  6. 6.
    Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Automatic validation of protocol narration. In: 16th CSFW, pp. 126–140 (2003)Google Scholar
  7. 7.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer Book, Heidelberg (2003)CrossRefzbMATHGoogle Scholar
  8. 8.
    Burmester, M., Munilla, J.: A flyweight RFID authentication protocol (2009), http://eprint.iacr.org/2009/212
  9. 9.
    Covington, M.J., Ahamad, M., Essa, I., Venkateswaran, H.: Parameterized authentication. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 276–292. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Damgård, I., Pedersen, M.Ø.: RFID security: Tradeoffs between security and efficiency. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 318–332. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    EPC-Global: Epcglobal tag data standards version 1.3, ratified specification (2006), http://www.epcglobalus.org
  13. 13.
    Ganger, G.R.: Authentication confidences. Tech. Rep. CMU-CS-01-123, Carnegie Mellon University School of Computer Science (2001)Google Scholar
  14. 14.
    Hager, C.T.: Context Aware and Adaptive Security for Wireless Networks. Ph.D. thesis, Virginia Polytechnic Institute and State University (2004)Google Scholar
  15. 15.
    Ksiezopolski, B., Kotulski, Z.: Adaptable security mechanism for dynamic environments. Computers & Security 26(3), 246–255 (2007)CrossRefGoogle Scholar
  16. 16.
    Lindskog, S.: Modeling and Tuning Security from a Quality of Service Perspective. Ph.D. thesis, Chalmers University of Technology, Sweden (2005)Google Scholar
  17. 17.
    Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Ng, C., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251–266. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Ong, C.S., Nahrstedt, K., Yuan, W.: Quality of protection for mobile multimedia applications. In: International Conference on Multimedia and Expo. (ICME), vol. 2, pp. II-137–II-140 (2003)Google Scholar
  20. 20.
    Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: security and privacy. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008, pp. 292–299. ACM, New York (2008)CrossRefGoogle Scholar
  21. 21.
    Schneck, P.A., Schwan, K.: Dynamic authentication for high-performance networked applications. In: Sixth IWQoS, pp. 127–136 (May 1998)Google Scholar
  22. 22.
    Sun, Y., Kumar, A.: Quality-of-protection (QoP): A quantitative methodology to grade security services. In: 28th International Conference on Distributed Computing Systems Workshops (ICDCS), pp. 394–399 (2008)Google Scholar
  23. 23.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Naveed Ahmed
    • 1
  • Christian D. Jensen
    • 1
  1. 1.Informatics and Mathematical ModellingTechnical University of DenmarkDenmark

Personalised recommendations