Burrows M., Abadi M., Needham R. A Logic of Authentication. ACM Transactions on Computer Systems 1990; 8(1) 18-36  Home/Search   Document Not in Database   Summary   Related Articles

.... a thorough study of the flaws belonging to the aforementioned general categories we propose the following more detailed taxonomy of these flaws based on the flaw pathology and the corresponding attack method: 1] Elementary protocol flaws [2] Password key guessing flaws [3] Stale message flaws [4] Parallel session flaws [5] Internal protocol flaws [6] Cryptosystem flaws. 2.1 Elementary protocol flaws In the elementary flaw category belong all flaws that occur in protocols providing minimal or no protection against adversary attacks. The flaw of the protocol proposed by [3] for ....

....protocol proposed by [3] for authentication key exchange between two communication parties belongs to this category [1] The session key is signed by A s private key before being sent to B. The flaw in this case is that a signature is used to provide message confidentiality. Similar problems [1] [4] appear in the CCITT X.509 authentication protocol [5] The cause behind the most important of them is that the messages are encrypted before being signed making it therefore possible for an adversary to masquerade as the sender by changing the initial signature with his own. 2.2 Password key ....

[Article contains additional citation context not shown here]

Burrows M., Abadi M., Needham R. A Logic of Authentication. ACM Transactions on Computer Systems 1990; 8(1) 18-36

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC