Sciweavers

ACNS
2008
Springer

Analysis of EAP-GPSK Authentication Protocol

14 years 5 months ago
Analysis of EAP-GPSK Authentication Protocol
Abstract. The EAP-GPSK protocol is a lightweight, flexible authentication protocol relying on symmetric key cryptography. It is part of an ongoing IETF process to develop authentication methods for the EAP framework. We analyze the protocol and find three weaknesses: a repairable Denial-of-Service attack, an anomaly with the key derivation function used to create a short-term master session key, and a ciphersuite downgrading attack. We propose fixes to these anomalies, and use a finite-state verification tool to search for remaining problems after making these repairs. We then prove the fixed version correct using a protocol verification logic. We discussed the attacks and our suggested fixes with the authors of the specification document which has subsequently been modified to include our proposed changes.
John C. Mitchell, Arnab Roy, Paul Rowe, Andre Sced
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where ACNS
Authors John C. Mitchell, Arnab Roy, Paul Rowe, Andre Scedrov
Comments (0)