Man-In-The-Middle Attack against Certain Authentication Protocols Revisited: Insights into the Approach and Performances Re-Evaluation
Autor: | Miodrag J. Mihaljevic, Milica Knežević, Siniša Tomović |
---|---|
Jazyk: | angličtina |
Rok vydání: | 2020 |
Předmět: |
TheoryofComputation_COMPUTATIONBYABSTRACTDEVICES
Computer Networks and Communications Computer science HB lcsh:TK7800-8360 02 engineering and technology Man-in-the-middle attack law.invention cryptanalysis law Component (UML) man-in-the-middle attack authentication protocol 0202 electrical engineering electronic engineering information engineering Electrical and Electronic Engineering Hamming weight RFID Class (computer programming) lcsh:Electronics 020206 networking & telecommunications Hardware and Architecture Control and Systems Engineering Authentication protocol Signal Processing 020201 artificial intelligence & image processing Noise (video) Cryptanalysis Algorithm performance |
Zdroj: | Electronics Volume 9 Issue 8 Electronics, Vol 9, Iss 1296, p 1296 (2020) |
ISSN: | 2079-9292 |
DOI: | 10.3390/electronics9081296 |
Popis: | We address a class of authentication protocols called &ldquo HB&rdquo ones and the man-in-the-middle (MIM) attack, reported at the ASIACRYPT conference, called OOV-MIM (Ouafi-Overbeck-Vaudenay MIM). Analysis of the considered attack and its systematic experimental evaluation are given. It is shown that the main component of OOV-MIM, the algorithm for measuring the Hamming weight of noise vectors, outputs incorrect results as a consequence of the employed approximation of the probability distributions. The analysis reveals that, practically, the only scenario in which the OOV-MIM attack is effective is the one in which two incorrect estimations produced by the algorithm for measuring the Hamming weight, when coupled, give the correct result. This paper provides additional insights into the OOV-MIM and corrected claims about the performance/complexity showing that the performances of the considered attack have been overestimated, i.e., that the complexity of the attack has been underestimated. Particularly, the analysis points out the reasons for the incorrect claims and to the components of the attack that do not work as expected. |
Databáze: | OpenAIRE |
Externí odkaz: |