Skip to main content
SpringerLink
Log in

Deriving Ephemeral Authentication Using Channel Axioms

  • Conference paper
Security Protocols XVII (Security Protocols 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7028))

Included in the following conference series:

Abstract

As computing and computer networks become more and more intertwined with our daily lives, the need to develop flexible and on-the-fly methods for authenticating people and their devices to each other has become increasingly pressing. Traditional methods for providing authentication have relied on very weak assumptions about communication channels, and very strong assumptions about secrecy and the availability of trusted authorities. The resulting protocols rely on infrastructures such as shared secrets and public key hierarchies that are too rigid to support the type of flexible ad-hoc communication we are growing accustomed to and beginning to rely upon.

Recently, different families of protocols allow us to weaken assumptions about trusted infrastructure by strengthening the assumptions about communication channels. Examples include proximity verification protocols, that rely, for example, on the round trip time of a challenge and response; and bootstrapping protocols that rely upon human-verifiable channels, that is, low-bandwidth communication between humans. The problem now becomes: How do we ensure that the protocols are achieve their security goals? A vast amount of literature exists on the formal analysis of cryptographic protocols, and mathematical foundations of protocol correctness, but almost all of it relies upon the standard assumptions about the channels in end-to-end, and so its usefulness for nonstandard channels in pervasive networks is limited. In this paper, we present some initial results of an effort towards a formalizing the reasoning about the security of protocols over nonstandard channels.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 21(4), 706–734 (1993)

    Article  Google Scholar 

  2. von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Brands, S., Chaum, D.: Distance Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)

    Google Scholar 

  4. Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions in Computer Systems 8(1), 18–36 (1990)

    Article  Google Scholar 

  5. ÄŒapkun, S., Hubaux, J.P.: Secure positioning in wireless networks. IEEE Journal on Selected Areas in Communication 24(2) (February 2006)

    Google Scholar 

  6. Cervesato, I., Meadows, C., Pavlovic, D.: An encapsulated authentication logic for reasoning about key distribution protocols. In: Guttman, J. (ed.) Proceedings of CSFW 2005, pp. 48–61. IEEE (2005)

    Google Scholar 

  7. Clulow, J., Hancke, G.P., Kuhn, M.G., Moore, T.: So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 83–97. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Creese, S., Goldsmith, M., Roscoe, A.W., Zakiuddin, I.: The attacker in ubiquitous computing environments: Formalizing the threat model. In: Proc. FAST 2003, pp. 83–97 (2003)

    Google Scholar 

  9. Datta, A., Derek, A., Mitchell, J., Pavlovic, D.: A derivation system and compositional logic for security protocols. J. of Comp. Security 13, 423–482 (2005)

    Google Scholar 

  10. Desmedt, Y.: Major security problems with the ‘unforgeable’ Feige-Shamir proofs of identity and how to overcome them. In: Proc. Securicom 1988 (1988)

    Google Scholar 

  11. Hoepman, J.-H.: Ephemeral Pairing on Anonymous Networks. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 101–116. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  13. Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558–565 (1978)

    Article  MATH  Google Scholar 

  14. Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Trans. on Comput. Syst. 10(4), 265–310 (1992)

    Article  Google Scholar 

  15. Meadows, C., Pavlovic, D.: Deriving, Attacking and Defending the GDOI Protocol. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 53–72. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Meadows, C., Poovendran, R., Pavlovic, D., Syverson, P., Chang, L.: Distance bounding protocols: Authentication logic and collusion attacks. In: Poovendran, R., Wang, C., Roy, S. (eds.) Secure Localization and Time Synchronization in Wireless Ad Hoc and Sensor Networks, pp. 279–298. Springer (2007)

    Google Scholar 

  17. Meadows, C., Syverson, P., Chang, L.: Towards more efficient distance bounding protocols. In: SecureComm 2006 (August 2006)

    Google Scholar 

  18. Mink, A., Ma, L., Nakassis, T., Xue, H., Slatter, O., Hershman, B., Tang, X.: A quantum network manager that supports a one-time pad stream. In: Pro. 2nd International Conference on Quantum, Nano, and Micro Technology (February 2008)

    Google Scholar 

  19. Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)

    Article  Google Scholar 

  20. Nguyen, L.H.: Authentication protocols based on low-bandwidth unspoofable channels: a survey (2008), http://web.comlab.ox.ac.uk/people/Long.Nguyen/

  21. Nguyen, L.H., Roscoe, A.W.: Authenticating ad hoc networks by comparison of short digests. Inf. Comput. 206(2-4), 250–271 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  22. Pavlovic, D., Meadows, C.: Deriving Secrecy in Key Establishment Protocols. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 384–403. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  23. Pavlovic, D., Meadows, C.: Deriving authentication for pervasive security. In: McLean, J. (ed.) Proceedings of ISTPS 2008. ACM (2008)

    Google Scholar 

  24. Pavlovic, D., Meadows, C.: Bayesian authentication: Quantifying security of the Hancke-Kuhn protocol. E. Notes Theor. Comp. Sci. 265, 97–122 (2010)

    Article  MathSciNet  Google Scholar 

  25. Schaller, P., Schmidt, B., Basin, D., ÄŒapkun, S.: Modeling and verifying physical properties of security protocols for wireless networks (April 2008)

    Google Scholar 

  26. Singleé, D., Preneel, B.: Location verification using secure distance bounding protocols. In: International Workshop on Wireless and Sensor Network Security. IEEE Computer Society Press (2005)

    Google Scholar 

  27. Tippenhauer, N., Rasmussen, K., Popper, C., ÄŒapkun, S.: iPhone and iPod location spoofing attacks (2008), http://www.syssec.ch/press/location-spoofing-attacks-on-the-iphone-and-ipod

  28. Vaudenay, S.: Secure Communications over Insecure Channels Based on Short Authenticated Strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)

    Google Scholar 

  29. Wong, F.L., Stajano, R.: Multichannel security protocols. IEEE Pervasive Computing 6(4) (December 2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Oxford, UK

    Dusko Pavlovic

  2. EWI/DIES, Universiteit Twente, The Netherlands

    Dusko Pavlovic

  3. Naval Research Laboratory, Code 5543, Washington, DC, 20375, USA

    Catherine Meadows

Authors
  1. Dusko Pavlovic
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Catherine Meadows
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Hertfordshire, Hatfield AL10 9AB, UK

    Bruce Christianson , James A. Malcolm  & Michael Roe ,  & 

  2. Faculty of Informatics, Masaryk University, Botanicka 68a, 602 00, Brno, Czech Republic

    Vashek Matyáš

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pavlovic, D., Meadows, C. (2013). Deriving Ephemeral Authentication Using Channel Axioms. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds) Security Protocols XVII. Security Protocols 2009. Lecture Notes in Computer Science, vol 7028. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36213-2_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36213-2_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36212-5

  • Online ISBN: 978-3-642-36213-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation