Security

Parsing Ambiguities in Authentication and Key Establishment Protocols

Free registration required

Executive Summary

A new class of attacks against authentication and authenticated key establishment protocols is described, which the authors call parsing ambiguity attacks. If appropriate precautions are not deployed, these attacks apply to a very wide range of such protocols, including those specified in a number of international standards. Three example attacks are described in detail, and possible generalisations are also outlined. Finally, possible countermeasures are given, as are recommendations for modifications to the relevant standards.

  • Format: PDF
  • Size: 99.6 KB