CSE
525 (Winter 2004)
Topic #3: Security Protocols
Artur Saygin
[1] "Dos and don'ts of client authentication on the web. In Proceedings of the 10th USENIX Security Symposium 2001"
paper
by Kevin Fu, Emil Sit, Kendra Smith, and Nick Feamster.
Summary: This paper is a
discussion of client authentication and issues related to the design of possible
authentication scheme. The following aspects are touched:
- Nature and constraints of authentication
- What is authentication
- Limitations of authentication
- Environment analysis
- Types of attacks on authentication protected resources
- Guidelines that should be followed when designing the authentication
scheme
- Cryptography usage hints
- Authenticators handling
- Passwords
- Design and discussion of sample authentication scheme
- Overview of currently used web-authentication protocols
- Examples of authentications schemes of real recourses and discussion of
their vulnerabilities
[2] "Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols", CCS 2002"
paper
by W. Aiello, S. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. Keromytis, O. Reingold
Summary: This paper talks about
JFK key-exchange protocol that was designed as an improvement over current
standard protocol IKE. It discusses:
- Why JFK?
- Problems of IKE
- Solutions of JFK
- JFKi protocol
- In depth discussion of messages and their content
- Protection of responder against DoS attacks
- JFKr protocol
- Proof of security
- Differences of JFK's working strategies from IKE
- Overview of IKE
- Overview of IKE v2
Presentation: slides