Security Analysis of Leap-of-Faith Protocols

Viet Pham; Tuomas Aura

Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers

Research Article

Security Analysis of Leap-of-Faith Protocols

Download

492 downloads

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1007/978-3-642-31909-9_19,
    author={Viet Pham and Tuomas Aura},
    title={Security Analysis of Leap-of-Faith Protocols},
    proceedings={Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers},
    proceedings_a={SECURECOMM},
    year={2012},
    month={10},
    keywords={leap-of-faith authentication key management SSH TLS BTNS IPsec HIP decentralized system infrastructureless},
    doi={10.1007/978-3-642-31909-9_19}
}

Viet Pham
Tuomas Aura
Year: 2012
Security Analysis of Leap-of-Faith Protocols
SECURECOMM
Springer
DOI: 10.1007/978-3-642-31909-9_19

Viet Pham¹^,*, Tuomas Aura²^,*

1: Royal Holloway, University of London
2: Aalto University

*Contact email: viet.pham.2010@rhul.ac.uk, tuomas.aura@aalto.fi

Abstract

Over the Internet, cryptographically strong authentication is normally achieved with support of PKIs or pre-configured databases of bindings from identifiers to credentials (e.g., DNS to public keys). These are, however, expensive and not scalable solutions. Alternatively, Leap-of-Faith (LoF) provides authentication without additional infrastructure. It allows one endpoint to learn its peer’s identifier-to-credential binding during first time communication, then stores that binding for future authentication. One successful application of LoF is SSH server authentication, encouraging its introduction to other protocols.

Keywords: leap-of-faith authentication key management SSH TLS BTNS IPsec HIP decentralized system infrastructureless

Published: 2012-10-08

: http://dx.doi.org/10.1007/978-3-642-31909-9_19