Secure time information in the internet key exchange protocol

• Autorzy: Szałachowski P. , Kotulski Z.
• Języki publikacji: EN

Abstrakty

EN

Many network services and protocols can work correctly only when freshness of messages sent between participants is assured and when the protocol parties’ internal clocks are adjusted. In this paper we present a novel, secure and fast procedure which can be used to ensure data freshness and clock synchronization between two communicating parties. Next, we show how this solution can be used in other cryptographic protocols. As an example of application we apply our approach to the Internet Key Exchange (IKE) protocol family.

Słowa kluczowe

EN

key exchange protocol; IKE; cryptographic protocols

• Wydawca: Wydawnictwo UMCS
• Czasopismo: Annales Universitatis Mariae Curie-Skłodowska. Sectio AI, Informatica
• Rocznik: 2011
• Tom: Vol. 11, no. 3
• Strony: 41--56
• Opis fizyczny: Bibliogr. 41 poz., rys.

Twórcy

autor

Szałachowski P.

• Faculty of Electronics and Information Technology, Warsaw University of Technology, Nowowiejska 15/19, 00-665 Warsaw, Poland

autor

Kotulski Z.

• Faculty of Electronics and Information Technology, Warsaw University of Technology, Nowowiejska 15/19, 00-665 Warsaw, Poland
• Institute of Fundamental Technological Research, Polish Academy of Sciences, Pawinskiego 5 b, 02-106 Warsaw, Poland

Bibliografia

• [1] Maughan D., Schertler M., Schneider M., Turner J., Internet Security Association and Key Management Protocol (ISAKMP), RFC 2408, November (1998).
• [2] IEEE, IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems (2008).
• [3] Barak B., Halevi S., Herzberg A., Naor D., Clock synchronization with faults and recoveries (extended abstract), Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing, Portland, Oregon, United States July 16-19 (2000): 133.
• [4] Dias J.S., Demetrio D.B., Custodio R.F., De Rolt C.R., Reliable clock synchronization for electronic documents, in: Proceedings of III IEEE Latin American Network Management Systems (2003): 550.
• [5] Mills D.L., Internet time synchronization: the Network Time Protocol, IEEE Trans. Communications COM- 39(10) (1991): 1482.
• [6] Elson J., Girod L., Estrin D., Fine-grained network time synchronization using reference broadcasts, Proceedings of the 5th symposium on Operating systems design and implementation, Boston, Massachusetts, USA, December 09-11 (2002); DOI:10.1145/1060289.1060304.
• [7] Maroti M., Kusy B., Simon G., Ledeczi A., The flooding time synchronization protocol, Proceedings of the 2nd international conference on Embedded networked sensor systems, Baltimore, MD, USA, November 03-05 (2004); DOI:10.1145/1031495.1031501.
• [8] Johannessen S., Time synchronization in a local area network, Control Systems Magazine, IEEE 24(2) (2004): 61.
• [9] Syed A. A., Heidemann J., Time Synchronization for High Latency Acoustic Networks, INFOCOM 2006. Proc. 25th IEEE International Conference on Computer Communications, April (2006): 1; DOI:10.1109/INFOCOM.2006.161.
• [10] Iwanicki K., van Steen M., Voulgaris S., Gossip-Based Clock Synchronization for Large Decentralized Systems, Springer-Verlag, Berlin Heidelberg, Lecture Notes in Computer Science 3996 (2006): 28.
• [11] Manzo M., Roosta T., Sastry S., Time synchronization attacks in sensor networks, Proceedings of the 3rd ACM Workshop on Security of Ad hoc and Sensor Networks, Alexandria, VA, USA, November 07 (2005): 107.
• [12] Ganeriwal S., Capkun S., Han Ch-Ch., Srivastava M.B., Secure time synchronization service for sensor networks, Proceedings of the 4th ACM Workshop on Wireless Security, Cologne, Germany, September 02 (2005): 97.
• [13] Li H., Chen K., Wen M., Zheng Y., A Secure Time Synchronization Protocol for Sensor Network, In: T.Washio, Z.H.Zhou, J.Z.Huang, X.Hu, J.Li, C.Xie, J.He, D.Zou, K.-C.Li, M.M.Freire (eds.) PAKDD 2007, Springer-Verlag, Berlin Heidelberg, Lecture Notes in Computer Science (LNAI) 4819 (2007): 515.
• [14] Sun K.,Ning P., Wang C., Secure and resilient clock synchronization in wireless sensor networks, IEEE J. Selected Area Comm. 24(2) (2006): 395.
• [15] Sundararaman B., Buy U., Kshemkalyan A. D., Clock synchronization for wireless sensor networks: a survey, Ad Hoc Networks 3(3) (2005): 281.
• [16] Boukerche A., Turgut D., Secure time synchronization protocols for wireless sensor networks, IEEE Wireless Communications 14(5) (2007): 64.
• [17] Gong L., Variations on the Themes of Message Freshness and Replay or, the Difficulty of Devising Formal Methods to Analyze Cryptographic Protocols, 6th IEEE Comp. Security Foundations Workshop (1993): 131.
• [18] Liang Z., Verma R. M., Complexity of Checking Freshness of Cryptographic Protocols, In: R. Sekar and A.K. Pujari, [Eds.], Proceedings of the 4th international Conference on information Systems Security (Hyderabad, India, December 16-20, 2008), Springer-Verlag, Berlin, Heidelberg, LNCS 5352 (2008): 86.
• [19] Corin R. J., Analysis models for security protocols, Ph.D. Thesis, University of Twente (2006).
• [20] Sharp R., Hansen M., Timed Traces and Strand Spaces, Proceedings of the 16th Nordic Workshop on Programming Theory (2004): 96.
• [21] Harkins D., Carrel D., The Internet Key Exchange (IKE), RFC 2409 (1998).
• [22] Kaufman C., Internet Key Exchange (IKEv2) Protocol, RFC 4306 (2005).
• [23] Orman H., The Oakley key determination protocol, RFC 2412 (1998).
• [24] Diffie W., Hellman M., New Directions in Cryptography, IEEE Transactions on Information Theory IT–22(6) (1977).
• [25] ANSI X3.106, American National Standard for Information Systems-Data Link Encryption, American National Standards Institute (1983).
• [26] Rivest R., The MD5 Message Digest Algorithm, RFC 1321 (1992).
• [27] NIST, Secure Hash Standard, FIPS 180-1, National Institue of Standards and Technology, U.S. Department of Commerce, May (1994).
• [28] Frier A., Karlton P., Kocher P., The SSL 3.0 Protocol, Netscape Communications Corp., Nov 18 (1996).
• [29] Dierks T., Allen C., The TLS Protocol Version 1.0, RFC 2246 (1999).
• [30] Kent S., IP Encapsulating Security Payload (ESP), RFC 4303 (2005).
• [31] Ashton P., Algorithms for off-line clock synchronization, Technical Report TR COSC 12/952 Department of Computer Sciences University of Canterbury, December (1995).
• [32] ISO/IEC FCD 29192-1, May (2011).
• [33] Adjih C., Clausen T., Jacquet P., Laouiti A., Muhlethaler P., Raffo D., Securing the OLSR protocol, In Proceedings of Med-Hoc-Net, Mahdia, Tunisia, June 25-27 (2003).
• [34] Lam K., Beth T., Timely Authentication in Distributed Systems, Proceedings of the Second European Symposium on Research in Computer Security, November 23-25 (1992): 293.
• [35] Goyal V., Jain A., Quisquater J.-J., Improvements to Mitchell’s Remote User Authentication Protocol, ICISC (2005): 69.
• [36] Aslan H. K., Logical analysis of AUTHMAC DH: A new protocol for authentication and key distribution, Computers & Security 23(4) (2004): 290.
• [37] Li Y., Pang J., Extending the Strand Space Method with Timestamps: Part I the Theory, Journal of Information Security 1(2) (2010): 45.
• [38] Li Y., Pang J., Extending the Strand Space Method with Timestamps: Part II Application to Kerberos V, Journal of Information Security 1(2) (2010): 56.
• [39] Davis D., Geer D., Ts’o T., Kerberos with clocks adrift: History, protocols, and implementation, In Proceedings of the 5th USENIX UNIX Security Symposium, Salt Lake City, June (1995).
• [40] Szałachowski P., Kotulski Z., Ksi¸e˙zopolski B., Secure position-based selecting scheme for WSN communication, In: A. Kwiecien, P. Gaj, and P. Stera [Eds.], CN 2011, Communications in Computer and Information Science 160 (2011).
• [41] Szałachowski P., Kotulski Z., Enhancing the Oakley key agreement protocol with secure time information, (Submitted for publication) (2011).