Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
POST
2012
2012
Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication
Abstract. We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even the most basic authentication guarantees. We analyse the cause of these weaknesses, propose repaired versions of the protocols, and provide automated, machinechecked proofs of the correctness of the resulting protocols. From an engineering perspective, we propose two design principles for security protocols that suffice to prevent all the weaknesses. Moreover, we show how modern verification tools can be used for falsification and certified verification of security standards. The relevance of our findings and recommendations has been acknowledged by the responsible ISO working group and an updated version of the standard will be released.
Real-time Traffic| Added | 25 Apr 2012 |
| Updated | 25 Apr 2012 |
| Type | Journal |
| Year | 2012 |
| Where | POST |
| Authors | David A. Basin, Cas J. F. Cremers, Simon Meier |
Comments (0)
Researcher Info
|
