Provably repairing the ISO/IEC 9798 standard for entity authentication

47Citations
Citations of this article
27Readers
Mendeley users who have this article in their library.

Your institution provides access to this article.

Abstract

We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even the most basic authentication guarantees. We analyze the cause of these weaknesses, propose repaired versions of the protocols, and provide automated, machine-checked proofs of their correctness. From an engineering perspective, we propose two design principles for security protocols that suffice to prevent all the weaknesses. Moreover, we show how modern verification tools can be used for the falsification and certified verification of security standards. Based on our findings, the ISO working group responsible for the ISO/IEC 9798 standard has released an updated version of the standard. © 2013-IOS Press.

Cite

CITATION STYLE

APA

Basin, D., Cremers, C., & Meier, S. (2013). Provably repairing the ISO/IEC 9798 standard for entity authentication. Journal of Computer Security, 21(6), 817–846. https://doi.org/10.3233/JCS-130472

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free