Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers

Research Article

Security Analysis of Leap-of-Faith Protocols

Download
558 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-642-31909-9_19,
    author={Viet Pham and Tuomas Aura},
    title={Security Analysis of Leap-of-Faith Protocols},
    proceedings={Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers},
    proceedings_a={SECURECOMM},
    year={2012},
    month={10},
    keywords={leap-of-faith authentication key management SSH TLS BTNS IPsec HIP decentralized system infrastructureless},
    doi={10.1007/978-3-642-31909-9_19}
}
  • Viet Pham
    Tuomas Aura
    Year: 2012
    Security Analysis of Leap-of-Faith Protocols
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-31909-9_19
Viet Pham1,*, Tuomas Aura2,*
  • 1: Royal Holloway, University of London
  • 2: Aalto University
*Contact email: viet.pham.2010@rhul.ac.uk, tuomas.aura@aalto.fi

Abstract

Over the Internet, cryptographically strong authentication is normally achieved with support of PKIs or pre-configured databases of bindings from identifiers to credentials (e.g., DNS to public keys). These are, however, expensive and not scalable solutions. Alternatively, Leap-of-Faith (LoF) provides authentication without additional infrastructure. It allows one endpoint to learn its peer’s identifier-to-credential binding during first time communication, then stores that binding for future authentication. One successful application of LoF is SSH server authentication, encouraging its introduction to other protocols.

Keywords
leap-of-faith authentication key management SSH TLS BTNS IPsec HIP decentralized system infrastructureless
Published
2012-10-08
http://dx.doi.org/10.1007/978-3-642-31909-9_19
Copyright © 2011–2024 ICST
EAI Logo

About EAI

Community

Publish with EAI