Lowe, G. A Family of Attacks upon Authentication Protocols. Technical Report 1997.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....we suppose, without loss of generality, that the cryptosystem used is symmetric, that is the relative decryption key k Gamma1 of an encryption key k, is the key k itself. 3 A Running Example: the Denning Sacco Protocol In this section we describe the Denning Sacco protocol as described in [17]. It will be referred later in the paper. The Denning Sacco is a conventional key authentication protocol which involves two agents, A and B, and an authentication server, S. Its aim is to establish a session key K ab that will be used by the agents as secure encryption key in successively ....

G. Lowe. A Family of Attacks upon Authentication Protocols. Technical Report

....attacker can replay the message ( 3) after the ending of session , obtaining the same e ect. As a consequence of this attack, the attacker is able to trick the server B into thinking that the client A has accomplished two protocol executions. This attack belongs to a family of attacks that Lowe [9] denominates multiplicity attacks . In general, this kind of attacks causes a principal Y to think that another principal X is attempting to set up two or more simultaneous sessions with it, when in fact X is trying to establish only one session. These attacks may lead to serious consequences ....

G. Lowe. A Family of Attacks upon Authentication Protocols. Technical report, University of Leicester, 1997.

....the timestamp) to complete a second run; note that this attack assumes that the agents do not check that the timestamps they receive are distinct from all previous timestamps; Bellovin and Merritt report [1] that early implementations did not perform this check. Similar attacks are described in [13]. 2.5 Recentness Finally, we lift the above definitions to ensure recentness. The meaning of recent will depend on the circumstances: sometimes we will take it to mean within the duration of A s run; sometimes we will take it to mean at most t time units before A completed his run, for ....

G. Lowe. A family of attacks upon authentication protocols. Technical Report 1997/5, Department of Mathematics and Computer Science, University of Leicester, 1997.

No context found.

Lowe, G. A Family of Attacks upon Authentication Protocols. Technical Report 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC