TitleEnvironmental Requirements for Authentication Protocols
Publication TypeConference Proceedings
Year of Publication2002
AuthorsCanetti, R., C. Meadows, and P. Syverson
Conference NameInternational Symposium on Software Security
VolumeSpringer-Verlag LNCS 2609
Pagination339-355
Abstract

Most work on requirements in the area of authentication protocols has concentrated on identifying requirements for the protocol without much consideration of context. Little work has concentrated on assumptions about the environment, for example, the applications that make use of authenticated keys. We will show in this paper how the interaction between a protocol and its environment can have a major effect on a protocol. Specifically we will demonstrate a number of attacks on published and/or widely used protocols that are not feasible against the protocol running in isolation (even with multiple runs) but become feasible in some application environments. We will also discuss the tradeoff between putting constraints on a protocol and putting constraints on the environment in which it operates.

Full Text

Canetti etal2002.pdf

NRL Publication Release Number

00-1221.1-2426