Demarcation of Security in Authentication Protocols

Naveed Ahmed, Christian D. Jensen

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    Abstract

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other authentication goals, the correctness requirements, can be derived from the binding sequence.
    Original languageEnglish
    Title of host publication2011 First SysSec Workshop (SysSec)
    PublisherIEEE
    Publication date2011
    Pages43-50
    ISBN (Print)978-1-4577-1528-0
    DOIs
    Publication statusPublished - 2011
    Event1st SysSec Workshop - Amsterdam , Netherlands
    Duration: 6 Jul 20116 Jul 2011
    Conference number: 1

    Conference

    Conference1st SysSec Workshop
    Number1
    Country/TerritoryNetherlands
    CityAmsterdam
    Period06/07/201106/07/2011

    Fingerprint

    Dive into the research topics of 'Demarcation of Security in Authentication Protocols'. Together they form a unique fingerprint.

    Cite this