In this dissertation, we design and analyze five authentication protocols that answer
to the a firmative the following fi ve questions associated with the authentication
functions in computer networks.
1. The transport protocol HTTP is intended to be lightweight. In particular,
the execution of applications on top of HTTP is intended to be relatively
inexpensive and to take full advantage of the middle boxes in the Internet. To
achieve this goal, HTTP does not provide any security guarantees, including
any authentication of a server by its clients. This situation raises the following
question. Is it possible to design a version of HTTP that is still lightweight and
yet provides some security guarantees including the authentication of servers
by their clients?
2. The authentication protocol in HTTPS, called TLS, allows a client to authenti-
cate the server with which it is communicating. Unfortunately, this protocol is
known to be vulnerable to human mistakes and Phishing attacks and Pharm-
ing attacks. Is it possible to design a version of TLS that can successfully
defend against human mistakes and Phishing attacks and Pharming attacks?
3. In both HTTP and HTTPS, a server can authenticate a client, with which
it is communicating, using a standard password protocol. However, standard
password protocols are vulnerable to the mistake of a client that uses the same
password with multiple servers and to Phishing and Pharming attacks. Is it
possible to design a password protocol that is resilient to client mistakes (of
using the same password with multiple servers) and to Phishing and Pharming
attacks?
4. Each sensor in a sensor network needs to store n - 1 symmetric keys for
secure communication if the sensor network has n sensor nodes. The storage
is constrained in the sensor network and the earlier approaches succeeded to
reduce the number of keys, but failed to achieve secure communications in the
face of eavesdropping, impersonation, and collusion. Is it possible to design
a secure keying protocol for sensor networks, which is e fficient in terms of
computation and storage?
5. Most authentication protocols, where one user authenticates a second user,
are based on the assumption that the second user has an "identity", i.e. has
a name that is (1) fi xed for a relatively long time, (2) unique, and (3) ap-
proved by a central authority. Unfortunately, the adoption of user identities
in a network does create some security holes in that network, most notably
anonymity loss, identity theft, and misplaced trust. This situation raises the
following question. Is it possible to design an authentication protocol where
the protocol users have no identities? / text
| Identifer | oai:union.ndltd.org:UTEXAS/oai:repositories.lib.utexas.edu:2152/19532 |
| Date | 22 February 2013 |
| Creators | Choi, Taehwan |
| Source Sets | University of Texas |
| Language | en_US |
| Detected Language | English |
| Format | application/pdf |
Page generated in 0.0019 seconds