Replay attack is a typical breach of communication between two parties that threatens the very design of authentication
and key distribution protocols. In this paper, an authentication protocol has been proposed that provides a strong authentication
mechanism which is based on time stamping. The authentication protocol enables the sender to encrypt a message with recipient’s
identity only and users do not need certificates to bind identity with specific public key. High Level Protocol Specific Language
(HLPSL), which is based on temporal logic has been used for formal verification.
Published In:IJCSN Journal Volume 6, Issue 6
Date of Publication : December 2017
Pages : 643-651
Figures :07
Tables : --
Arun Kumar Singh : Corresponding Author:
Arun Kumar Singh received his B.Tech in
Electronics and Communication from
SRMCEM College, Lucknow, Uttar Pradesh,
India in 2005. He received his Master degree
in Information Security from Indian Institutes
of Information Technology, Allahabad, Uttar
Pradesh, India in 2008. Currently, he is completed the Ph.D.
degree in Computer Sciences and Engineering at the Motilal
Nehru National Institute of Technology (MNNIT), Uttar
Pradesh, India. His research interests include network
security, network protocol design and verification, in network
security, Cryptography and Computer Forensic fields.
Dr. Arun Kumar Misra : has forty
years of teaching experience at
Motilal Nehru National Institute of
Technology, Allahabad, India and is
presently working at S.P. Memorial
Institute of Technology, Allahabad,
India. His special field of interest
include Software Engineering,
Information Security, Soft
Computing and Optimization
Techniques.
Authentication Mechanism, Time Stamping, Public key cryptosystems, HLPSL
Authentication protocols are generally vulnerable due to
replay attacks.. The two protocols suggested by Li and
Raman have been analysed and both of them were found
to be vulnerable to replay attacks.
1. R. Needham and M. Schroeder, “Using Encryption for
Authentication in Large Networks of Computers,”
Communications of the ACM, Vol. 21, No. 12,
December 1978.
2. Junhong Li , “Design of Authentication Protocols
Preventing Replay Attacks” , College of Mathematics
and Information Science Hebei Normal University,
2009.
3. W. Diffie, M. E. Hellman, “New Directions in
Cryptography,” IEEE transactions on Information
Theory, vol. IT-11, pp. 644-654, November 1976.
4. Jeremy Brun-Nouvion Hicham Hossayni, Logical
Attacks Using RSA, Security Models Lecturer 2010.
5. Danny Dolev and Andrew C. Yao. On the security of
public-key protocols. IEEE Transactions on Information
Theory, 2(29):198–208, 1983.
6. Gavin Lowe, “An attack on the Needham-Schroeder
public key authentication protocol”, Information
Processing Letters, 56(3):131—136, November 1995.
7. L. Gong, “Verifiable-text Attacks in Cryptographic
Protocols,” Proceedings of IEEE
8. Li Gong, Variations on the Themes of Message
Freshness and Replay -or the Difficulty in Devising
Formal Methods to Analyze Cryptographic Protocols,
SRI International Computer Science Laboratory 333
Ravenswood Avenue Menlo Park, California 94025
U.S.A.
9. Amir Herzberg, “Internet Cryptography Tools”,
Computer Science Department, Bar Ilan University,
2003.
10. Arun K Singh and Arun K. Misra, Analysis of
Cryptographically Replay Attacks and Its Mitigation
Mechanism, International Conference on Information
Systems Design and Intelligent Applications-2012
(INDIA-2012)
11. Raman Kumar et. al. “An Image Based Authentication
System- Using Needham Schroeder Protocol, IJCSNS
International Journal of Computer Science and Network
Security, VOL.10 No.11, November 2010.
12. AVISPA, Automated Validation of Internet Security
Protocols and Applications, http://www.avispaproject.
org/.
13. Courtois, N. & Meier, W., Algebraic attacks on stream
cipher with linear feedback, in E. Biham, ed., ‘Advances
in Cryptology - Eurocrypt 2003’, Vol. 2656 of Lecture
Notes in Computer Science, Springer.
14. David Ahmad “Attack Trends :Two Years of Broken
Crypto”, Published by the IEEE Computer Society, IEEE
Security & Privacy, 2008.
15. Fahime Javdan Kherad, Hamid R. Naji, Mohammad V.
Malakooti and Payman Haghighat, A New Symmetric
Cryptography Algorithm to Secure E-Commerce
Transactions, 2010 International Conference on
Financial Theory and Engineering, Department of
Computer Engineering, IAU Dubai, U.A.E.
16. A. Fiat, “Batch RSA”, Journal of Cryptology, (1997)10:
page 75-88.
17. Dan Boneh, “Fast Variants of RSA”, CryptoBytes, Vol.
5, No. 1, pp. 1-9, 2002.
18. Danny Dolev and Andrew C. Yao. On the security of
public-key protocols. IEEE Transactions on Information
Theory, 2(29):198–208, 1983.
19. Eli Biham Orr, Dunkelman, National, Differential
Cryptanalysis in Stream Ciphers, eprint-2007.
20. Joris Claessens, Valentin Dem, Danny De Cock, Bart
Preneel and Joos Vandewalle” On the Security of
Today’s Online Electronic Banking Systems” Elsevier,
Computers & Security, Vol 21, No 3, pp 257-269, 2002
21. L. Gong, “Verifiable-text Attacks in Cryptographic
Protocols,” Proceedings of IEEE
22. Li Gong, Variations on the Themes of Message
Freshness and Replay -or the Difficulty in Devising
Formal Methods to Analyze Cryptographic Protocols,
SRI International Computer Science Laboratory 333 Ravenswood Avenue Menlo Park, California 94025
U.S.A.
23. M.H. Sherif, A. Serhrouchni, A. Y. Gaid and F.
Farazmandnia, “SET and SSL: Electronic payments on
the Internet”, IEEE, 1998.
24. Matt Blumenthal, “Encryption: Strengths and
Weaknesses of Public-key Cryptography”¸ Department of
Computing Sciences Villanova University, Villanova,
PA 19085 CSC 3990 – Computing Research Topics,
1999.
25. Stefek Zaba, “Cryptographic Security in the Internet
Protocol Suite: Practice and Proposals”, Elsevier
Information Security Technical Report, Vol. 2, No. 2
(1997) 54-73.
26. W. Diffie, M. E. Hellman, “New Directions in
Cryptography,” IEEE transactions on Information
Theory, vol. IT-11, pp. 644-654, November 1976.
27. W. Küchlin, “Public key encryption”, ACM SIGSAM
Bulletin Volume 21 Issue 3, Aug. 1987 Pages 69-73.
28. Wang Yanhua Yang Kuihe Zhang Yun, “Research and
Realization of Security Proxy Based on SSL Protocol”
The Eighth International Conference on Electronic
Measurement and Instruments ICEMI’2007.
29. Xianxian Li, Jun Han, Zhaohao Sun, " Design Principles
and Security of Authentication Protocols with Trusted
Third Party" AUG 2004 - Who Are You?
30. Yuping Deng, Xiaowei Guo, and Xiamu Niu , “A New
Design Scheme of Role-Based Access Control Based on
PKI Yuping Deng, Xiaowei Guo, and Xiamu Niu” ,
Proceedings of the First International Conference on
Innovative Computing, Information and Control
(ICICIC'06), 2006 IEEE.
31. Zhikao Ren, Minghua Liu, Chen Ye and Chuansheng
Wang, “A Scheme of E-Commerce Security based on
ECC & SSL Protocol”, 2009 IEEE.