Deriving Ephemeral Authentication Using Channel Axioms

  • Dusko Pavlovic
  • Catherine Meadows
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7028)


As computing and computer networks become more and more intertwined with our daily lives, the need to develop flexible and on-the-fly methods for authenticating people and their devices to each other has become increasingly pressing. Traditional methods for providing authentication have relied on very weak assumptions about communication channels, and very strong assumptions about secrecy and the availability of trusted authorities. The resulting protocols rely on infrastructures such as shared secrets and public key hierarchies that are too rigid to support the type of flexible ad-hoc communication we are growing accustomed to and beginning to rely upon.

Recently, different families of protocols allow us to weaken assumptions about trusted infrastructure by strengthening the assumptions about communication channels. Examples include proximity verification protocols, that rely, for example, on the round trip time of a challenge and response; and bootstrapping protocols that rely upon human-verifiable channels, that is, low-bandwidth communication between humans. The problem now becomes: How do we ensure that the protocols are achieve their security goals? A vast amount of literature exists on the formal analysis of cryptographic protocols, and mathematical foundations of protocol correctness, but almost all of it relies upon the standard assumptions about the channels in end-to-end, and so its usefulness for nonstandard channels in pervasive networks is limited. In this paper, we present some initial results of an effort towards a formalizing the reasoning about the security of protocols over nonstandard channels.


Mobile Node Smart Card Network Node Authentication Protocol Security Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 21(4), 706–734 (1993)CrossRefGoogle Scholar
  2. 2.
    von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Brands, S., Chaum, D.: Distance Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions in Computer Systems 8(1), 18–36 (1990)CrossRefGoogle Scholar
  5. 5.
    Čapkun, S., Hubaux, J.P.: Secure positioning in wireless networks. IEEE Journal on Selected Areas in Communication 24(2) (February 2006)Google Scholar
  6. 6.
    Cervesato, I., Meadows, C., Pavlovic, D.: An encapsulated authentication logic for reasoning about key distribution protocols. In: Guttman, J. (ed.) Proceedings of CSFW 2005, pp. 48–61. IEEE (2005)Google Scholar
  7. 7.
    Clulow, J., Hancke, G.P., Kuhn, M.G., Moore, T.: So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 83–97. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Creese, S., Goldsmith, M., Roscoe, A.W., Zakiuddin, I.: The attacker in ubiquitous computing environments: Formalizing the threat model. In: Proc. FAST 2003, pp. 83–97 (2003)Google Scholar
  9. 9.
    Datta, A., Derek, A., Mitchell, J., Pavlovic, D.: A derivation system and compositional logic for security protocols. J. of Comp. Security 13, 423–482 (2005)Google Scholar
  10. 10.
    Desmedt, Y.: Major security problems with the ‘unforgeable’ Feige-Shamir proofs of identity and how to overcome them. In: Proc. Securicom 1988 (1988)Google Scholar
  11. 11.
    Hoepman, J.-H.: Ephemeral Pairing on Anonymous Networks. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 101–116. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558–565 (1978)zbMATHCrossRefGoogle Scholar
  14. 14.
    Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Trans. on Comput. Syst. 10(4), 265–310 (1992)CrossRefGoogle Scholar
  15. 15.
    Meadows, C., Pavlovic, D.: Deriving, Attacking and Defending the GDOI Protocol. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 53–72. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Meadows, C., Poovendran, R., Pavlovic, D., Syverson, P., Chang, L.: Distance bounding protocols: Authentication logic and collusion attacks. In: Poovendran, R., Wang, C., Roy, S. (eds.) Secure Localization and Time Synchronization in Wireless Ad Hoc and Sensor Networks, pp. 279–298. Springer (2007)Google Scholar
  17. 17.
    Meadows, C., Syverson, P., Chang, L.: Towards more efficient distance bounding protocols. In: SecureComm 2006 (August 2006)Google Scholar
  18. 18.
    Mink, A., Ma, L., Nakassis, T., Xue, H., Slatter, O., Hershman, B., Tang, X.: A quantum network manager that supports a one-time pad stream. In: Pro. 2nd International Conference on Quantum, Nano, and Micro Technology (February 2008)Google Scholar
  19. 19.
    Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)CrossRefGoogle Scholar
  20. 20.
    Nguyen, L.H.: Authentication protocols based on low-bandwidth unspoofable channels: a survey (2008),
  21. 21.
    Nguyen, L.H., Roscoe, A.W.: Authenticating ad hoc networks by comparison of short digests. Inf. Comput. 206(2-4), 250–271 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Pavlovic, D., Meadows, C.: Deriving Secrecy in Key Establishment Protocols. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 384–403. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Pavlovic, D., Meadows, C.: Deriving authentication for pervasive security. In: McLean, J. (ed.) Proceedings of ISTPS 2008. ACM (2008)Google Scholar
  24. 24.
    Pavlovic, D., Meadows, C.: Bayesian authentication: Quantifying security of the Hancke-Kuhn protocol. E. Notes Theor. Comp. Sci. 265, 97–122 (2010)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Schaller, P., Schmidt, B., Basin, D., Čapkun, S.: Modeling and verifying physical properties of security protocols for wireless networks (April 2008)Google Scholar
  26. 26.
    Singleé, D., Preneel, B.: Location verification using secure distance bounding protocols. In: International Workshop on Wireless and Sensor Network Security. IEEE Computer Society Press (2005)Google Scholar
  27. 27.
    Tippenhauer, N., Rasmussen, K., Popper, C., Čapkun, S.: iPhone and iPod location spoofing attacks (2008),
  28. 28.
    Vaudenay, S.: Secure Communications over Insecure Channels Based on Short Authenticated Strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)Google Scholar
  29. 29.
    Wong, F.L., Stajano, R.: Multichannel security protocols. IEEE Pervasive Computing 6(4) (December 2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Dusko Pavlovic
    • 1
    • 2
  • Catherine Meadows
    • 3
  1. 1.Department of Computer ScienceUniversity of OxfordUK
  2. 2.EWI/DIESUniversiteit TwenteThe Netherlands
  3. 3.Naval Research LaboratoryWashington, DCUSA

Personalised recommendations