What do we mean by entity authentication?

23 December 2002

proceedings article
Published by Institute of Electrical and Electronics Engineers (IEEE)

p. 46-54
https://doi.org/10.1109/secpri.1996.502668

Abstract

The design of authentication protocols has proven to be surprisingly error-prone. We suggest that this is partly due to a language problem. The objectives of entity authentication are usually given in terms of human encounters while we actually implement message passing protocols. We propose various translations of the high-level objectives into a language appropriate for communication protocols. In addition, protocols are often specified at too low a level of abstraction. We argue that encryption should not be used as a general primitive as it does not capture the specific purpose for using a cryptographic function in aparticular protocol.

Keywords

This publication has 12 references indexed in Scilit:

On the formal analysis of PKCS authentication protocols
Published by Springer Nature ,2005
On unifying some cryptographic protocol logics
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2002
On a Limitation of BAN Logic
Published by Springer Nature ,2001
Prudent engineering practice for cryptographic protocols
Published by Institute of Electrical and Electronics Engineers (IEEE) ,1994
Authentication and authenticated key exchanges
Designs, Codes and Cryptography, 1992
Hidden assumptions in cryptographic protocols
IEE Proceedings E Computers and Digital Techniques, 1990
Reasoning about belief in cryptographic protocols
Published by Institute of Electrical and Electronics Engineers (IEEE) ,1990
On the formal specification and verification of a multiparty session protocol
Published by Institute of Electrical and Electronics Engineers (IEEE) ,1990
Efficient and timely mutual authentication
ACM SIGOPS Operating Systems Review, 1987
Using encryption for authentication in large networks of computers
Communications of the ACM, 1978