|Title||Environmental Requirements for Authentication Protocols|
|Publication Type||Conference Proceedings|
|Year of Publication||2002|
|Authors||Canetti, R., C. Meadows, and P. Syverson|
|Conference Name||International Symposium on Software Security|
|Volume||Springer-Verlag LNCS 2609|
Most work on requirements in the area of authentication protocols has concentrated on identifying requirements for the protocol without much consideration of context. Little work has concentrated on assumptions about the environment, for example, the applications that make use of authenticated keys. We will show in this paper how the interaction between a protocol and its environment can have a major effect on a protocol. Specifically we will demonstrate a number of attacks on published and/or widely used protocols that are not feasible against the protocol running in isolation (even with multiple runs) but become feasible in some application environments. We will also discuss the tradeoff between putting constraints on a protocol and putting constraints on the environment in which it operates.
|NRL Publication Release Number|| |