Efficient and Secure Authentication and Key Agreement Protocol

Al-Saraireh, Jaafer

doi:10.5121/iju.2011.2201

Cited by 2 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Formal verification is the use of mathematical techniques to ensure that a certain design conforms to some precisely expressed notion of functional correctness. The absence of formal methods for verification of security protocols could lead to security errors remaining undetected [13]. Moreover, formal verification techniques can provide a systematic way of discovering protocol flaws [14] [20].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Formal Analysis of MCAP Protocol Against Replay Attack

Nashwan

Alshammari

2017

BJMCS

View full text Add to dashboard Cite

Replay attack is considered a common attacking technique that is used by adversaries to gain access to confidential information. Several approaches have been proposed to prevent replay attack in security-critical systems such as Automated Teller Machines (ATM) systems. Among those approaches is a recent one called the Mutual Chain Authentication Protocol for the Saudi Payments Network transactions (MCAP). This protocol aims to allow Saudi banking systems to overcome existing weaknesses in the currently used Two-Factor Authentication (2FA) protocols. In this paper, we analyze and verify the recent MCAP authentication protocol against replay attacks. Therefore, we examine the mutual authentication between the ATM Terminal, Sponsoring Banks (SBAT), Saudi Payments Network (SPAN) and the Issuing of Financial Bank (CIFI). The paper also provides a formal analysis of the MCAP to conduct formal proofs of the MCAP protocols against replay attacks.According to the specifications of MCAP [1], the mutual chain in the authentication session consists of four pairs of initiator-responder messages. These pairs are divided into two classes (direct and indirect) [1]. In direct class, the mutual authentications between (ATM terminals and Sponsoring banks (SBAT)), (SBAT and SPAN), and (SPAN and CIFI) depend on the values of (old and new) transaction numbers as freshness values. On the

show abstract

Section: Introductionmentioning

confidence: 99%

“…Nashwan and Alshammari; BJMCS, 22(1),[1][2][3][4][5][6][7][8][9][10][11][12][13][14] 2017; Article no.BJMCS.32744 Indirect Mutual Authentication (ATM Terminal -CIFI)…”

mentioning

confidence: 99%

Formal Analysis of MCAP Protocol Against Replay Attack

Nashwan

Alshammari

2017

BJMCS

View full text Add to dashboard Cite

show abstract

“…The structure of the MCAP is based on the concepts of AKA [18] which include mutual authentication and key agreement. The mutual authentication means that users identify and prove themselves to the system and the same thing for the opposite direction in which the system identifies and proves itself to the user [19].…”

Section: International Journal Of Computer and Communication Engineermentioning

confidence: 99%

“…It also has to meet the ATM Security Specifications described in [15]- [17]. The MCAP is developed based on Authentication and Key Agreement protocol (AKA) concepts [18], [19].…”

Section: Introductionmentioning

confidence: 99%