Journal article

Provably repairing the ISO/IEC 9798 standard for entity authentication

Abstract:: We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even the most basic authentication guarantees. We analyze the cause of these weaknesses, propose repaired versions of the protocols, and provide automated, machine-checked proofs of their correctness. From an engineering perspective, we propose two design principles for security protocols that suffice to prevent all the weaknesses. Moreover, we show how modern verification tools can be used for the falsification and certified verification of security standards. Based on our findings, the ISO working group responsible for the ISO/IEC 9798 standard has released an updated version of the standard.

Publication status:: Published

Peer review status:: Peer reviewed

Actions

Email

Email this record

Send the bibliographic details of this record to your email address.

Your Email
Please enter the email address that the record information will be sent to.

-
Your message (optional)
Please add any additional information to be included within the email.
Cite

Cite this record

APA Style

Basin, D., Cremers, C., & Meier, S. (2013). Provably repairing the ISO/IEC 9798 standard for entity authentication. Journal of Computer Security, 21(06), 817–846.

MLA Style

Basin, D., et al. “Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication.” Journal of Computer Security, vol. 21, no. 06, IOS Press, 2013, pp. 817–46.

Chicago Style

Basin, D, C Cremers, and S Meier. 2013. “Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication.” Journal of Computer Security 21 (06): 817–46.
Share
Print

Access Document

Files:: Basin_et_al_2013_provably_repairing_the.pdf

(Preview, Accepted manuscript, pdf, 456.6KB, Terms of use)

Publisher copy:: 10.3233/JCS-130472

Authors

+ Basin, D More by this author

Role:: Author

+ Cremers, C More by this author

Institution:: University of Oxford
Division:: MPLS
Department:: Computer Science
Oxford college:: Kellogg College
Role:: Author

+ Meier, S More by this author

Role:: Author

Publisher:: IOS Press
Journal:: Journal of Computer Security More from this journal
Volume:: 21
Issue:: 06
Pages:: 817-846
Publication date:: 2013-12-20
DOI:: 10.3233/JCS-130472
ISSN:: 0926-227X

Language:: English
Pubs id:: pubs:453082
UUID:: uuid:8be5817c-b5e3-46d2-ae58-36ce0da82c3b
Local pid:: pubs:453082
Source identifiers:: 453082
Deposit date:: 2017-01-03

Terms of use

Copyright holder:: IOS Press
Copyright date:: 2013
Rights statement:: © IOS Press 2013.
Notes:: This is the accepted manuscript version of the article. The final publication is available at IOS Press through https://doi.org/10.3233/JCS-130472

Licence:: Terms and Conditions of Use for Oxford University Research Archive

Views and Downloads

About views and downloads

If you are the owner of this record, you can report an update to it here: Report update to this record

TO TOP