Automatically Detecting Authentication Limitations in Commercial Security Protocols
Author(s): Stephen H. Brackin

Date: October 1999
Publication: 22nd National Information Systems Security Conference
Source 1: http://csrc.nist.gov/nissc/1999/proceeding/papers/p26.pdf

Abstract or Summary:
Protocol failure, which occurs when an active wiretapper can obtain confidential information or impersonate a legitimate user, without performing cryptanalysis, by blocking, replaying, or modifying messages, is a surprisingly difficult, and surprisingly common, problem. This paper describes how the Automatic Authentication Protocol Analyzer, 2nd Version (AAPA2), a fast and completely automatic tool for finding the vulnerabilities that give rise to protocol failure, reveals errors in assumptions about the authentication capabilities of two large commercial protocols.



Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com