Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Engineering Secure Software and Systems

ESSoS 2011: Engineering Secure Software and Systems pp 234–247Cite as

Adaptable Authentication Model: Exploring Security with Weaker Attacker Models

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6542))

Abstract

Most methods for protocol analysis classify protocols as “broken” if they are vulnerable to attacks from a strong attacker, e.g., assuming the Dolev-Yao attacker model. In many cases, however, exploitation of existing vulnerabilities may not be practical and, moreover, not all applications may suffer because of the identified vulnerabilities. Therefore, we may need to analyze a protocol for weaker notions of security. In this paper, we present a security model that supports such weaker notions. In this model, the overall goals of an authentication protocol are broken into a finer granularity; for each fine level authentication goal, we determine the “least strongest-attacker” for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications where one may need to trade-off security relaxations against resource requirements.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M.: Secrecy by typing in security protocols. J. ACM 46, 749–786 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  2. Ahmed, N., Jensen, C.D.: Adaptable authentication model. Tech. Rep. IMM-Technical Report-2010-17, DTU Informatics, Lyngby, Denmark (2010)

    Google Scholar 

  3. Ahmed, N., Jensen, C.D.: Definition of entity authentication. In: 2nd International Workshop on Security and Communication Networks, pp. 1–7 (May 2010)

    Google Scholar 

  4. Ahmed, N., Jensen, C.D.: Entity authentication:analysis using structured intuition. In: Technical Report of NODES 2010 (2010)

    Google Scholar 

  5. Avoine, G.: Cryptography in Radio Frequency Identification and Fair Exchange Protocols. Ph.D. thesis, EPFL, Lausanne, Switzerland (2005)

    Google Scholar 

  6. Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Automatic validation of protocol narration. In: 16th CSFW, pp. 126–140 (2003)

    Google Scholar 

  7. Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer Book, Heidelberg (2003)

    Book  MATH  Google Scholar 

  8. Burmester, M., Munilla, J.: A flyweight RFID authentication protocol (2009), http://eprint.iacr.org/2009/212

  9. Covington, M.J., Ahamad, M., Essa, I., Venkateswaran, H.: Parameterized authentication. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 276–292. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  10. Damgård, I., Pedersen, M.Ø.: RFID security: Tradeoffs between security and efficiency. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 318–332. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  12. EPC-Global: Epcglobal tag data standards version 1.3, ratified specification (2006), http://www.epcglobalus.org

  13. Ganger, G.R.: Authentication confidences. Tech. Rep. CMU-CS-01-123, Carnegie Mellon University School of Computer Science (2001)

    Google Scholar 

  14. Hager, C.T.: Context Aware and Adaptive Security for Wireless Networks. Ph.D. thesis, Virginia Polytechnic Institute and State University (2004)

    Google Scholar 

  15. Ksiezopolski, B., Kotulski, Z.: Adaptable security mechanism for dynamic environments. Computers & Security 26(3), 246–255 (2007)

    Article  Google Scholar 

  16. Lindskog, S.: Modeling and Tuning Security from a Quality of Service Perspective. Ph.D. thesis, Chalmers University of Technology, Sweden (2005)

    Google Scholar 

  17. Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  18. Ng, C., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251–266. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  19. Ong, C.S., Nahrstedt, K., Yuan, W.: Quality of protection for mobile multimedia applications. In: International Conference on Multimedia and Expo. (ICME), vol. 2, pp. II-137–II-140 (2003)

    Google Scholar 

  20. Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: security and privacy. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008, pp. 292–299. ACM, New York (2008)

    Chapter  Google Scholar 

  21. Schneck, P.A., Schwan, K.: Dynamic authentication for high-performance networked applications. In: Sixth IWQoS, pp. 127–136 (May 1998)

    Google Scholar 

  22. Sun, Y., Kumar, A.: Quality-of-protection (QoP): A quantitative methodology to grade security services. In: 28th International Conference on Distributed Computing Systems Workshops (ICDCS), pp. 394–399 (2008)

    Google Scholar 

  23. Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Informatics and Mathematical Modelling, Technical University of Denmark, Denmark

    Naveed Ahmed & Christian D. Jensen

Authors
  1. Naveed Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian D. Jensen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Google Inc., 1288 Pear Ave, 94043, Mountain View, CA, USA

    Úlfar Erlingsson

  2. Computer Science Department, University of Twente, Drienerlolaan 5, 7522 NB, Enschede, The Netherlands

    Roel Wieringa

  3. Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Den Dolech 2, 5612 AZ, Eindhoven, The Netherlands

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ahmed, N., Jensen, C.D. (2011). Adaptable Authentication Model: Exploring Security with Weaker Attacker Models. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2011. Lecture Notes in Computer Science, vol 6542. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19125-1_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19125-1_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19124-4

  • Online ISBN: 978-3-642-19125-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation