Research Article
Security Analysis of Leap-of-Faith Protocols
559 downloads
@INPROCEEDINGS{10.1007/978-3-642-31909-9_19, author={Viet Pham and Tuomas Aura}, title={Security Analysis of Leap-of-Faith Protocols}, proceedings={Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers}, proceedings_a={SECURECOMM}, year={2012}, month={10}, keywords={leap-of-faith authentication key management SSH TLS BTNS IPsec HIP decentralized system infrastructureless}, doi={10.1007/978-3-642-31909-9_19} }
- Viet Pham
Tuomas Aura
Year: 2012
Security Analysis of Leap-of-Faith Protocols
SECURECOMM
Springer
DOI: 10.1007/978-3-642-31909-9_19
Abstract
Over the Internet, cryptographically strong authentication is normally achieved with support of PKIs or pre-configured databases of bindings from identifiers to credentials (e.g., DNS to public keys). These are, however, expensive and not scalable solutions. Alternatively, Leap-of-Faith (LoF) provides authentication without additional infrastructure. It allows one endpoint to learn its peer’s identifier-to-credential binding during first time communication, then stores that binding for future authentication. One successful application of LoF is SSH server authentication, encouraging its introduction to other protocols.
Copyright © 2011–2024 ICST