Journal ArticleOPEN ACCESS

A lesson on authentication protocol design

  • Woo T
  • Lam S
ACM SIGOPS Operating Systems Review (1994) 28(3) 24-37
DOI: 10.1145/182110.182113
N/ACitations
Citations of this article
17Readers
Mendeley users who have this article in their library.

Abstract

The purpose of this note is to describe a useful lesson we learned on authentication protocol design. In a recent article [9], we presented a simple authentication protocol to illustrate the concept of a trusted server. The protocol has a flaw, which was brought to our attention by Martin Abadi of DEC.In what follows, we first describe the protocol and its flaw, and how the flaw was introduced in the process of deriving the protocol from its correct full information version. We then introduce a principle, called the Principle of Full Information, and explain how its use could have prevented the protocol flaw. We believe the Principle of Full Information is a useful authentication protocol design principle, and advocate its use. Lastly, we present several heuristics for simplifying full information protocols and illustrate their application to a mutual authentication protocol.

Cite

CITATION STYLE

APA

Woo, T. Y. C., & Lam, S. S. (1994). A lesson on authentication protocol design. ACM SIGOPS Operating Systems Review, 28(3), 24–37. https://doi.org/10.1145/182110.182113

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free