Abstract
As computing and computer networks become more and more intertwined with our daily lives, the need to develop flexible and on-the-fly methods for authenticating people and their devices to each other has become increasingly pressing. Traditional methods for providing authentication have relied on very weak assumptions about communication channels, and very strong assumptions about secrecy and the availability of trusted authorities. The resulting protocols rely on infrastructures such as shared secrets and public key hierarchies that are too rigid to support the type of flexible ad-hoc communication we are growing accustomed to and beginning to rely upon.
Recently, different families of protocols allow us to weaken assumptions about trusted infrastructure by strengthening the assumptions about communication channels. Examples include proximity verification protocols, that rely, for example, on the round trip time of a challenge and response; and bootstrapping protocols that rely upon human-verifiable channels, that is, low-bandwidth communication between humans. The problem now becomes: How do we ensure that the protocols are achieve their security goals? A vast amount of literature exists on the formal analysis of cryptographic protocols, and mathematical foundations of protocol correctness, but almost all of it relies upon the standard assumptions about the channels in end-to-end, and so its usefulness for nonstandard channels in pervasive networks is limited. In this paper, we present some initial results of an effort towards a formalizing the reasoning about the security of protocols over nonstandard channels.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 21(4), 706–734 (1993)
von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)
Brands, S., Chaum, D.: Distance Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions in Computer Systems 8(1), 18–36 (1990)
ÄŒapkun, S., Hubaux, J.P.: Secure positioning in wireless networks. IEEE Journal on Selected Areas in Communication 24(2) (February 2006)
Cervesato, I., Meadows, C., Pavlovic, D.: An encapsulated authentication logic for reasoning about key distribution protocols. In: Guttman, J. (ed.) Proceedings of CSFW 2005, pp. 48–61. IEEE (2005)
Clulow, J., Hancke, G.P., Kuhn, M.G., Moore, T.: So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 83–97. Springer, Heidelberg (2006)
Creese, S., Goldsmith, M., Roscoe, A.W., Zakiuddin, I.: The attacker in ubiquitous computing environments: Formalizing the threat model. In: Proc. FAST 2003, pp. 83–97 (2003)
Datta, A., Derek, A., Mitchell, J., Pavlovic, D.: A derivation system and compositional logic for security protocols. J. of Comp. Security 13, 423–482 (2005)
Desmedt, Y.: Major security problems with the ‘unforgeable’ Feige-Shamir proofs of identity and how to overcome them. In: Proc. Securicom 1988 (1988)
Hoepman, J.-H.: Ephemeral Pairing on Anonymous Networks. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 101–116. Springer, Heidelberg (2005)
Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)
Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558–565 (1978)
Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Trans. on Comput. Syst. 10(4), 265–310 (1992)
Meadows, C., Pavlovic, D.: Deriving, Attacking and Defending the GDOI Protocol. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 53–72. Springer, Heidelberg (2004)
Meadows, C., Poovendran, R., Pavlovic, D., Syverson, P., Chang, L.: Distance bounding protocols: Authentication logic and collusion attacks. In: Poovendran, R., Wang, C., Roy, S. (eds.) Secure Localization and Time Synchronization in Wireless Ad Hoc and Sensor Networks, pp. 279–298. Springer (2007)
Meadows, C., Syverson, P., Chang, L.: Towards more efficient distance bounding protocols. In: SecureComm 2006 (August 2006)
Mink, A., Ma, L., Nakassis, T., Xue, H., Slatter, O., Hershman, B., Tang, X.: A quantum network manager that supports a one-time pad stream. In: Pro. 2nd International Conference on Quantum, Nano, and Micro Technology (February 2008)
Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)
Nguyen, L.H.: Authentication protocols based on low-bandwidth unspoofable channels: a survey (2008), http://web.comlab.ox.ac.uk/people/Long.Nguyen/
Nguyen, L.H., Roscoe, A.W.: Authenticating ad hoc networks by comparison of short digests. Inf. Comput. 206(2-4), 250–271 (2008)
Pavlovic, D., Meadows, C.: Deriving Secrecy in Key Establishment Protocols. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 384–403. Springer, Heidelberg (2006)
Pavlovic, D., Meadows, C.: Deriving authentication for pervasive security. In: McLean, J. (ed.) Proceedings of ISTPS 2008. ACM (2008)
Pavlovic, D., Meadows, C.: Bayesian authentication: Quantifying security of the Hancke-Kuhn protocol. E. Notes Theor. Comp. Sci. 265, 97–122 (2010)
Schaller, P., Schmidt, B., Basin, D., ÄŒapkun, S.: Modeling and verifying physical properties of security protocols for wireless networks (April 2008)
Singleé, D., Preneel, B.: Location verification using secure distance bounding protocols. In: International Workshop on Wireless and Sensor Network Security. IEEE Computer Society Press (2005)
Tippenhauer, N., Rasmussen, K., Popper, C., ÄŒapkun, S.: iPhone and iPod location spoofing attacks (2008), http://www.syssec.ch/press/location-spoofing-attacks-on-the-iphone-and-ipod
Vaudenay, S.: Secure Communications over Insecure Channels Based on Short Authenticated Strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)
Wong, F.L., Stajano, R.: Multichannel security protocols. IEEE Pervasive Computing 6(4) (December 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pavlovic, D., Meadows, C. (2013). Deriving Ephemeral Authentication Using Channel Axioms. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds) Security Protocols XVII. Security Protocols 2009. Lecture Notes in Computer Science, vol 7028. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36213-2_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-36213-2_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36212-5
Online ISBN: 978-3-642-36213-2
eBook Packages: Computer ScienceComputer Science (R0)