D. Gollmann. What do we mean by entity authentication? In 1995.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....hash of Order Description and Purchase Amount, and the Payment Gateway can compare them. 7. IRRELEVANT PROPERTIES Beside what failed and what succeeded, there are also other properties that are customarily proved for authentication protocols. For instance one can scan Lowe s [10] or Gollmann s [6] classification and check what is verifiable. This is a tricky question because we eliminated fields that are immaterial to the main goals of the protocol but that may be essential for other security properties. For instance we have eliminated request response identifiers which are recommended by ....

D. Gollmann. What do we mean by entity authentication? In Proc. of the 15th IEEE Sym. on Sec. and Privacy, pages 46--54. IEEE Comp. Society Press, 1996.

....language equipped with abstract forms of cryptographic primitives. We expect it would not be difficult to adapt the techniques of this paper to other concurrent languages. There is a variety of different formulations of authenticity properties of protocols, and even a little controversy [6, 15, 26, 12]. Still, we adopt correspondence assertions because they are simple, precise, and flexible. They are simple annotations of a protocol expressed as a program. They have a precise semantics. They are flexible in the sense that by annotating a protocol in different ways we can express different ....

D. Gollmann. What do we mean by entity authentication? In 1995.

....do not vary with the introduction of message reception or of smart cards into the model. 4. 6 Authentication Despite the fact that agent authentication is the main, claimed goal of many security protocols, there exists significant potential for confusion about the interpretation of this term [43]. A taxonomy due to Lowe may elucidate the matter identifying four levels of authentication. Let us suppose that an initiator A completes a protocol session with a responder B. 1. Aliveness of B signifies that B has been running the protocol. 2. Weak agreement of B with A signifies that B has ....

D. Gollmann. What do we mean by Entity Authentication? In Proceedings of the 15th IEEE Symposium on Security and Privacy, pages 46--54. IEEE Computer Society Press, 1996.

....not however as popular as it once was, mainly because several researchers have now given guidelines aimed at constructing protocols that are free from attacks by design. What do we Mean by Entity Authentication Gollmann raised the question in the title of this section in the homonymous paper [Go196] The notion of entity authentication had bccn used liberally, often abused, in the security literature (we gave one of the many definitions in Section 4.2) Gollmann s paper discusses various meanings attributed to this phrase, and crystallizes some of these definitions in the context they ought ....

Dieter Gollmann. What do we mean by entity authentication? In Proceedings of the IEEE Symposium on Security and Privacy, pages 46 54. IEEE CS Press, May 1996.

....messages and to perform encryptions as well as decryptions. We formally show that the approach realises the notion of hardest attackers [31] developed for firewall security in Mobile Ambients. We then address a form of authenticity by statically verifying the origin and destination of messages [18]. More specifically, we verify whether a message encrypted by A and intended for B does indeed come from A and reaches B only. This suffices for dealing with authenticity problems in the protocols mentioned above, in particular with our run1 ning example, the Wide Mouthed Frog protocol. Because of ....

D. Gollmann. What do we mean by Entity Authentication. In Proc. Symposium on Security and Privacy, pp. 46--54. IEEE Computer Society Press, 1996.

....are fully encapsulated by the operations, i.e. an attribute of a class can be read and updated only by the class operations. 2. 4 Security critical message exchange with sequence diagrams The importance of the underlying physical layer for the security of protocols has been exempli ed e.g. in [Gol96] Thus one should investigate the way security mechanisms (such as protocols) are employed in the system context [Aba00] which in practice o ers more vulnerabilities than the mechanisms themselves [And01] Also one sometimes has to adjust protocols to speci c situations, e.g. for ....

D. Gollmann. What do we mean by entity authentication ? In IEEE Symposium on Security and Privacy, 1996.

....not however as popular as it once was, mainly because several researchers have now given guidelines aimed at constructing protocols that are free from attacks by design. What do we Mean by Entity Authentication Gollmann raised the question in the title of this section in the homonymous paper [Gol96] The notion of entity authentication had been used liberally, often abused, in the security literature (we gave one of the many de nitions in Section 4.2) Gollmann s paper discusses various meanings attributed to this phrase, and crystallizes some of these de nitions in the context they ought ....

Dieter Gollmann. What do we mean by entity authentication? In Proceedings of the IEEE Symposium on Security and Privacy, pages 46-54. IEEE CS Press, May 1996.

....language equipped with abstract forms of cryptographic primitives. We expect it would not be difficult to adapt the techniques of this paper to other concurrent languages. There is a variety of different formulations of authenticity properties of protocols, and even a little controversy [BR94, Gol95, Low95, DFG00]. Still, we adopt correspondence assertions because they are simple, precise, and flexible. They are simple annotations of a protocol expressed as a program. They have a precise semantics. They are flexible in the sense that by annotating a protocol in different ways we can express different ....

D. Gollmann. What do we mean by entity authentication? In 1995 IEEE Computer Society Symposium on Research in Security and Privacy, 1995.

....we introduce our notation for cryptographic protocols, which we will also use to specify correctness properties. We will be making use of the popular Alice and Bob specification style. This has been criticized as confusing the description of what should happen with what actually does happen [8]. But in this case, a description of what does happen that can be made to correspond to a description of what should happen is exactly what we want, so much so that we are led to a formal definition of what we will call annotated Alice and Bob specifications. Definition 1 An Alice and Bob ....

Dieter Gollmann. What do we mean by entity authentication? In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, pages 46--54. IEEE Computer Society Press, 1996.

....what authentication should be, under a closer scrutiny one realizes that it is a very slippery security property. As a matter of fact, formal de nitions of authentication have rarely been given, not widely agreed upon, usually not compared and only recently proposed in the literature (see, e.g. [4, 12, 14, 22]) This is sometimes due to the fact that we rst need a formal model on which the problem is de ned (and this is often a source of possible proliferation of di erent proposals) and then a formal de nition w.r.t. the chosen model. Moreover, even when a formal de nition is given, usually this ....

D. Gollmann. What do we mean by entity authentication? In Proc. of Symposium in Research in Security and Privacy, pages 46-54. IEEE Press, 1996.

....of RSA; the design of version 2 was more or less topdown [34] Therefore, a top down approach, on its own, is probably unrealistic. With this caveat, a top down approach can serve as a guide. In particular, it helps in addressing common confusions about security protocols and their goals (e.g. [16]) These confusions often enable attacks (scenarios that violate some of the expected security properties of a protocol) Although some attacks reveal serious flaws in protocols, many alleged attacks are merely the annoying result of poor protocol specifications, or of poor understandings of ....

Dieter Gollmann. What do we mean by entity authentication? In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 46--54, May 1996.

....and availability. Some objectives contradict others. For example, some protocols aim to guarantee anonymity rather than authenticity, or plausible deniability [63] rather than non repudiation. Moreover, many definitions have been proposed even for such basic concepts as authenticity (e.g. [13, 36, 50]) Nevertheless, there are some common themes in the treatment of protocol properties. The participants in security protocols do not operate in a closed world, but in communication with other principals. Some of those principals may be hostile, and even the participants may not be fully ....

....of communicating with A and the necessary authority for this task. However, it is still unclear how to integrate those concepts with predicates on behaviors. The next section discusses some of those concepts informally. Papers by Gollmann and Lowe also elaborate on the definition of authenticity [36, 50], in other directions. The following section, section 6, presents two definitions of secrecy. Only one of them is based on predicates on behaviors. 5 Two facets of authentication Authentication can serve both for assigning responsibility and for giving credit. An authenticated message M from ....

Dieter Gollmann. What do we mean by entity authentication? In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 46--54, May 1996.

....often present. This paper explains the distinction between responsibility and credit, through several examples, and discusses the role of this distinction in the design and analysis of protocols. Papers by Gollman, Lowe, and others have shed light on several possible definitions of authentication [Gol96, Low97]. This paper does not attempt to review those studies, but aims to complement them. The two facets of authentication are most clearly separate in protocols that rely on asymmetric cryptosystems, such as the RSA cryptosystem [RSA78] We therefore take public key protocols as examples. Although our ....

Dieter Gollman. What do we mean by entity authentication? In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 46--54, May 1996.

....and availability. Some objectives contradict others. For example, some protocols aim to guarantee anonymity rather than authenticity, or plausible deniability [54] rather than non repudiation. Moreover, many definitions have been proposed even for such basic concepts as authenticity (e.g. [11, 30, 42, 3]) Nevertheless, there are some common themes in the treatment of protocol properties. The participants in security protocols do not operate in a closed world, but in communication with other principals. Some of those principals may be hostile, and even the participants may not be fully ....

Dieter Gollman. What do we mean by entity authentication? In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 46--54, May 1996.

....is developed from basic cryptographic properties that can be expected to be held by a variety of cryptographic algorithms. Protocols can be developed abstractly and any particular type of algorithm that possesses the required property can then be used in a concrete implementation. Gollmann [98] suggests that the design of authentication protocols has proven to be error prone partly due to a language problem. The objectives of entity authentication are usually given in terms of human encounters while we actually implement message passing protocols. The author proposes various ....

Gollmann D., What do we mean by Entity Authentication, Proceedings of the 1996 IEEE Symposium on Security and Privacy, (1996) 46-54, IEEE Computer Society Press.

No context found.

D. Gollmann. What do we mean by entity authentication? In 1995.

No context found.

D. Gollmann. What do we mean by entity authentication. In Proc. Symposium on Research in Security and Privacy, pages 46--54. IEEE, 1996.

No context found.

D. Gollmann. What do we mean by Entity Authentication? In Proceedings of the 15th IEEE Symposium on Security and Privacy, pages 46-54. IEEE Computer Society Press, 1996.

No context found.

Gollmann, D.: What do we mean by Entity Authentication? In: Proc. IEEE Symposium on Security and Privacy 1996, IEEE Computer Society (1996)

No context found.

D. Gollmann. "What do we mean by Entity Authentication". In Proceedings of the 1996 Symposium on Security and Privacy, pages 46--54. IEEE Computer Society Press, 1996.

No context found.

D. Gollmann. "What do we mean by Entity Authentication". In Proceedings of the 1996 Symposium on Security and Privacy, pages 46--54. IEEE Computer Society Press, 1996.

No context found.

D. Gollmann, "What do we mean by entity authentication", 1994 IEEE Symposium on Research in Security and Privacy, pp.46-54.

No context found.

D. Gollmann, "What do we mean by Entity Authentication?," pp. 46--54, 1996.

No context found.

D. Gollmann. "What do we mean by Entity Authentication". In Proceedings of the 1996 Symposium on Security and Privacy, pages 46--54. IEEE Computer Society Press, 1996.

No context found.

D. Gollmann. What do we mean by entity authentication. In Proc. Symposium on Research in Security and Privacy, pages 46--54. IEEE, 1996.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC