Abstract
Over the Internet, cryptographically strong authentication is normally achieved with support of PKIs or pre-configured databases of bindings from identifiers to credentials (e.g., DNS to public keys). These are, however, expensive and not scalable solutions. Alternatively, Leap-of-Faith (LoF) provides authentication without additional infrastructure. It allows one endpoint to learn its peer’s identifier-to-credential binding during first time communication, then stores that binding for future authentication. One successful application of LoF is SSH server authentication, encouraging its introduction to other protocols.
In this paper we analyze the security of LoF protocols. Various aspects are discussed to show that several proposed LoF protocols have weaker security than SSH, and that their security also depends on design and implementation details. Several protocols were analyzed, including SSH, TLS, BTNS, and HIP, revealing attacks such as impersonation, man-in-the-middle attacks, and credentials flooding. Consequently, additional mechanisms and best practices are proposed to strengthen LoF applications.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
Kohl, J.T., Neuman, B.C., Ts’o, T.Y.: The Evolution of the Kerberos Authentication Service, pp. 78–94. IEEE Computer Society Press (1994)
VeriSign, Inc.: VeriSign Certification Practice Statement (2009), http://www.verisign.com/repository/CPS/
Potter, B.: Dangerous URLs: Unicode & IDN (2005), http://www.sciencedirect.com/science/article/B6VJG-4FVC3YD-6/2/9d0fa84d322964a8c9ac42cba2936dea
Abdul-Rahman, A.: The PGP Trust Model. The Journal of Electronic Commerce 10(3), 27–31 (1997)
Jsang, A.: An Algebra for Assessing Trust in Certification Chains. In: Network and Distributed Systems Security Symposium (NDSS 1999), San Diego, USA (1999)
Arkko, J. (ed.), Kempf, J., Zill, B., Nikander, P.: SEcure Neighbor Discovery (SEND). RFC 3971 (2005)
Aura, T.: Cryptographically Generated Addresses (CGA). RFC 3972 (2005)
Aura, T.: Cryptographically Generated Addresses (CGA). In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 29–43. Springer, Heidelberg (2003)
Baek, J., Newmarch, J., Safavi-naini, R., Susilo, W.: A Survey of Identity-Based Cryptography. In: Proc. of Australian Unix Users Group Annual Conference, pp. 95–102 (2004)
Arkko, J., Nikander, P.: Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 5–19. Springer, Heidelberg (2004)
Stutzbach, D., Rejaie, R.: Towards a Better Understanding of Churn in Peer-to-Peer Networks. Department of Computer Science, University of Oregon (2004)
Mchugh, J.: Intrusion and Intrusion Detection. International Journal of Information Security 1, 14–35 (2001)
Eddy, W.: TCP SYN Flooding Attacks and Common Mitigations. RFC 4987 (2007), http://tools.ietf.org/html/rfc4987
Ylonen, T.: SSH - Secure Login Connections over the Internet. In: Proceedings of the 6th USENIX Security Symposium, pp. 37–42 (1996)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (2008), http://tools.ietf.org/html/rfc5246
Kaufman, C.: Internet Key Exchange (IKEv2) Protocol. RFC 4306 (2005), http://tools.ietf.org/html/rfc4306
Williams, N., Richardson, M.: Better-Than-Nothing Security: An Unauthenticated Mode of IPsec. RFC 5386 (2008)
Touch, J., Black, D., Wang, Y.: Problem and Applicability Statement for Better-Than-Nothing Security (BTNS). RFC 5387 (2008)
Aura, T., Roe, M., Mohammed, A.: Experiences with Host-to-Host IPsec. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2005. LNCS, vol. 4631, pp. 3–22. Springer, Heidelberg (2007)
Williams, N.: IPsec Channels: Connection Latching. Internet Drafts (2005), http://www.ietf.org/id/draft-ietf-btns-connection-latching-11.txt
Williams, N.: On the Use of Channel Bindings to Secure Channels. RFC 5056 (2007), http://tools.ietf.org/html/rfc5056
Moskowitz, R., Nikander, P., Jokela, P. (ed.), Henderson, T.: Host Identity Protocol. RFC 5201 (2008), http://www.ietf.org/rfc/rfc5201.txt
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS Security Introduction and Requirements. RFC 4033 (2007)
Komu, M., Lindqvist, J.: Leap-of-Faith Security is Enough for IP Mobility. In: Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference, CCNC (2009)
Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. In: Proceedings of the USENIX Annual Technical Conference, Usenix ATC (2008)
Desmedt, Y.: Unconditionally Private and Reliable Communication in an Untrusted Network. In: IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, pp. 38–41 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Pham, V., Aura, T. (2012). Security Analysis of Leap-of-Faith Protocols. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds) Security and Privacy in Communication Networks. SecureComm 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 96. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31909-9_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-31909-9_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31908-2
Online ISBN: 978-3-642-31909-9
eBook Packages: Computer ScienceComputer Science (R0)