Computer Science – Cryptography and Security
Scientific paper
2012-01-05
Computer Science
Cryptography and Security
32 pages, 7 figures, 8 listings, 1 table
Scientific paper
In this work we present and formally analyze CHAT-SRP (CHAos based Tickets-Secure Registration Protocol), a protocol to provide interactive and collaborative platforms with a cryptographically robust solution to classical security issues. Namely, we focus on the secrecy and authenticity properties while keeping a high usability. Indeed, most interactive platforms currently base their security properties almost exclusively on the correct implementation and configuration of the systems. In this sense, users are forced to blindly trust the system administrators and developers. Moreover, as far as we know, there is a lack of formal methodologies for the verification of security properties for interactive applications. We propose here a methodology to fill this gap, i.e., to analyse both the security of the proposed protocol and the pertinence of the underlying premises. In this concern, we propose the definition and formal evaluation of a protocol for the distribution of digital identities. Once distributed, these identities can be used to verify integrity and source of information. We base our security analysis on tools for automatic verification of security protocols widely accepted by the scientific community, and on the principles they are based upon. In addition, it is assumed perfect cryptographic primitives in order to focus the analysis on the exchange of protocol messages. The main property of our protocol is the incorporation of tickets, created using digests of chaos based nonces (numbers used only once) and users' personal data. Combined with a multichannel authentication scheme with some previous knowledge, these tickets provide security during the whole protocol by linking univocally each user with a single request. This way, we prevent impersonation and Man In The Middle attacks, which are the main security problems in registration protocols for interactive platforms. [..]
Arroyo David
Diaz Jesus
Rodriguez Francisco B.
No associations
LandOfFree
Formal security analysis of registration protocols for interactive systems: a methodology and a case of study does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Formal security analysis of registration protocols for interactive systems: a methodology and a case of study, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Formal security analysis of registration protocols for interactive systems: a methodology and a case of study will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-609644