Abstract
Most methods for protocol analysis classify protocols as “broken” if they are vulnerable to attacks from a strong attacker, e.g., assuming the Dolev-Yao attacker model. In many cases, however, exploitation of existing vulnerabilities may not be practical and, moreover, not all applications may suffer because of the identified vulnerabilities. Therefore, we may need to analyze a protocol for weaker notions of security. In this paper, we present a security model that supports such weaker notions. In this model, the overall goals of an authentication protocol are broken into a finer granularity; for each fine level authentication goal, we determine the “least strongest-attacker” for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications where one may need to trade-off security relaxations against resource requirements.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M.: Secrecy by typing in security protocols. J. ACM 46, 749–786 (1999)
Ahmed, N., Jensen, C.D.: Adaptable authentication model. Tech. Rep. IMM-Technical Report-2010-17, DTU Informatics, Lyngby, Denmark (2010)
Ahmed, N., Jensen, C.D.: Definition of entity authentication. In: 2nd International Workshop on Security and Communication Networks, pp. 1–7 (May 2010)
Ahmed, N., Jensen, C.D.: Entity authentication:analysis using structured intuition. In: Technical Report of NODES 2010 (2010)
Avoine, G.: Cryptography in Radio Frequency Identification and Fair Exchange Protocols. Ph.D. thesis, EPFL, Lausanne, Switzerland (2005)
Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Automatic validation of protocol narration. In: 16th CSFW, pp. 126–140 (2003)
Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer Book, Heidelberg (2003)
Burmester, M., Munilla, J.: A flyweight RFID authentication protocol (2009), http://eprint.iacr.org/2009/212
Covington, M.J., Ahamad, M., Essa, I., Venkateswaran, H.: Parameterized authentication. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 276–292. Springer, Heidelberg (2004)
Damgård, I., Pedersen, M.Ø.: RFID security: Tradeoffs between security and efficiency. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 318–332. Springer, Heidelberg (2008)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
EPC-Global: Epcglobal tag data standards version 1.3, ratified specification (2006), http://www.epcglobalus.org
Ganger, G.R.: Authentication confidences. Tech. Rep. CMU-CS-01-123, Carnegie Mellon University School of Computer Science (2001)
Hager, C.T.: Context Aware and Adaptive Security for Wireless Networks. Ph.D. thesis, Virginia Polytechnic Institute and State University (2004)
Ksiezopolski, B., Kotulski, Z.: Adaptable security mechanism for dynamic environments. Computers & Security 26(3), 246–255 (2007)
Lindskog, S.: Modeling and Tuning Security from a Quality of Service Perspective. Ph.D. thesis, Chalmers University of Technology, Sweden (2005)
Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)
Ng, C., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251–266. Springer, Heidelberg (2008)
Ong, C.S., Nahrstedt, K., Yuan, W.: Quality of protection for mobile multimedia applications. In: International Conference on Multimedia and Expo. (ICME), vol. 2, pp. II-137–II-140 (2003)
Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: security and privacy. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008, pp. 292–299. ACM, New York (2008)
Schneck, P.A., Schwan, K.: Dynamic authentication for high-performance networked applications. In: Sixth IWQoS, pp. 127–136 (May 1998)
Sun, Y., Kumar, A.: Quality-of-protection (QoP): A quantitative methodology to grade security services. In: 28th International Conference on Distributed Computing Systems Workshops (ICDCS), pp. 394–399 (2008)
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ahmed, N., Jensen, C.D. (2011). Adaptable Authentication Model: Exploring Security with Weaker Attacker Models. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2011. Lecture Notes in Computer Science, vol 6542. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19125-1_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-19125-1_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19124-4
Online ISBN: 978-3-642-19125-1
eBook Packages: Computer ScienceComputer Science (R0)