Title: Parsing ambiguities in authentication and key establishment protocols

Authors: Liqun Chen, Chris J. Mitchell

Addresses: Hewlett-Packard Laboratories, Long Down Avenue, Stoke Gifford, Bristol BS34 8QZ, UK ' Royal Holloway, University of London, Egham, Surrey TW20 0EX, UK

Abstract: A new class of attacks against authentication and authenticated key establishment protocols is described, which we call parsing ambiguity attacks. If appropriate precautions are not deployed, these attacks apply to a very wide range of such protocols, including those specified in a number of international standards. Three example attacks are described in detail, and possible generalisations are also outlined. Finally, possible countermeasures are given, as are recommendations for modifications to the relevant standards.

Keywords: authentication; key establishment protocols; parsing ambiguity attacks; security protocols; electronic security.

DOI: 10.1504/IJESDF.2010.032333

International Journal of Electronic Security and Digital Forensics, 2010 Vol.3 No.1, pp.82 - 94

Published online: 31 Mar 2010 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article