Cryptology ePrint Archive: Report 2008/419

Parsing ambiguities in authentication and key establishment protocols

Liqun Chen and Chris J. Mitchell

Abstract: A new class of attacks against authentication and authenticated key establishment protocols is described, which we call parsing ambiguity attacks. If appropriate precautions are not deployed, these attacks apply to a very wide range of such protocols, including those specified in a number of international standards. Three example attacks are described in detail, and possible generalisations are also outlined. Finally, possible countermeasures are given, as are recommendations for modifications to the relevant standards.

Category / Keywords: cryptographic protocols / parsing ambiguity attacks, authentication protocols, authenticated key establishment protocols

Date: received 30 Sep 2008

Contact author: liqun chen at hp com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20081002:021649 (All versions of this report)

Short URL: ia.cr/2008/419

Discussion forum: Show discussion | Start new discussion