Wide Mouth Frog protocol

Last updated May 24, 2019

The Wide-Mouth Frog protocol^[1] is a computer network authentication protocol designed for use on insecure networks (the Internet for example). It allows individuals communicating over a network to prove their identity to each other while also preventing eavesdropping or replay attacks, and provides for detection of modification and the prevention of unauthorized reading. This can be proven using BAN logic.

A computer network is a digital telecommunications network which allows nodes to share resources. In computer networks, computing devices exchange data with each other using connections between nodes. These data links are established over cable media such as wires or optic cables, or wireless media such as Wi-Fi.

Authentication act of confirming the truth of an attribute of a datum or entity

Authentication is the act of confirming the truth of an attribute of a single piece of data claimed true by an entity. In contrast with identification, which refers to the act of stating or otherwise indicating a claim purportedly attesting to a person or thing's identity, authentication is the process of actually confirming that identity. It might involve confirming the identity of a person by validating their identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product is what its packaging and labeling claim to be. In other words, authentication often involves verifying the validity of at least one form of identification.

A security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.

The protocol was first described under the name "The Wide-mouthed-frog Protocol" in the paper "A Logic of Authentication" (1990), which introduced Burrows–Abadi–Needham logic, and in which it was an "unpublished protocol ... proposed by" coauthor Michael Burrows.^[2] The paper gives no rationale for the protocol's whimsical name.

Burrows–Abadi–Needham logic is a set of rules for defining and analyzing information exchange protocols. Specifically, BAN logic helps its users determine whether exchanged information is trustworthy, secured against eavesdropping, or both. BAN logic starts with the assumption that all information exchanges happen on media vulnerable to tampering and public monitoring. This has evolved into the popular security mantra, "Don't trust the network."

Michael Burrows, FRS is a British computer scientist and the creator of the Burrows–Wheeler transform currently working for Google. Born in Britain, as of 2018 he lives in the United States, although he remains a British citizen.

The protocol can be specified as follows in security protocol notation:^[1]^[2]^[3]

In cryptography, security (engineering) protocol notation, also known as protocol narrations and Alice & Bob notation, is a way of expressing a protocol of correspondence between entities of a dynamic system, such as a computer network. In the context of a formal model, it allows reasoning about the properties of such a system.

A, B, and S are identities of Alice, Bob, and the trusted server respectively
$T_{A}$ and $T_{s}$ are timestamps generated by A and S respectively
$K_{AS}$ is a symmetric key known only to A and S
$K_{AB}$ is a generated symmetric key, which will be the session key of the session between A and B
$K_{BS}$ is a symmetric key known only to B and S

Timestamp sequence of characters or encoded information identifying when a certain event occurred

A timestamp is a sequence of characters or encoded information identifying when a certain event occurred, usually giving date and time of day, sometimes accurate to a small fraction of a second. The term derives from rubber stamps used in offices to stamp the current date, and sometimes time, in ink on paper documents, to record when the document was received. Common examples of this type of timestamp are a postmark on a letter or the "in" and "out" times on a time card.

A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is content encryption key (CEK), traffic encryption key (TEK), or multicast key which refers to any key used to encrypt messages, as opposed to other uses, like encrypting other keys.

A\rightarrow S:A,\{T_{A},B,K_{AB}\}_{K_{AS}}

S\rightarrow B:\{T_{S},A,K_{AB}\}_{K_{BS}}

Note that to prevent active attacks, some form of authenticated encryption (or message authentication) must be used.

The protocol has several problems:

A global clock is required.
The server S has access to all keys.
The value of the session key $K_{AB}$ is completely determined by A, who must be competent enough to generate good keys.
It can replay messages within the period when the timestamp is valid.
A is not assured that B exists.
The protocol is stateful. This is usually undesired because it requires more functionality and capability from the server. For example, S must be able to deal with situations in which B is unavailable.

Related Research Articles

ID-based encryption, or identity-based encryption (IBE), is an important primitive of ID-based cryptography. As such it is a type of public-key encryption in which the public key of a user is some unique information about the identity of the user. This means that a sender who has access to the public parameters of the system can encrypt a message using e.g. the text-value of the receiver's name or email address as a key. The receiver obtains its decryption key from a central authority, which needs to be trusted as it generates secret keys for every user.

In computer security, challenge–response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

The Otway–Rees protocol is a computer network authentication protocol designed for use on insecure networks. It allows individuals communicating over such a network to prove their identity to each other while also preventing eavesdropping or replay attacks and allowing for the detection of modification.

A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution. This is one of the lower tier versions of a "Man-in-the-middle attack".

The Secure Remote Password protocol (SRP) is an augmented password-authenticated key agreement (PAKE) protocol, specifically designed to work around existing patents.

SILC is a protocol that provides secure synchronous conferencing services over the Internet.

In public-key cryptography, the Station-to-Station (STS) protocol is a cryptographic key agreement scheme. The protocol is based on classic Diffie–Hellman, and provides mutual key and entity authentication. Unlike the classic Diffie–Hellman, which is not secure against a man-in-the-middle attack, this protocol assumes that the parties have signature keys, which are used to sign messages, thereby providing security against man-in-the-middle attacks.

Distributed System Security Architecture or (DSSA) is a computer security architecture that provides a suite of functions including login, authentication, and access control in a distributed system. To differ from other similar architectures, the DSSA architecture offers the ability to access all these functions without the trusted server being active.

Cryptographic nonce arbitrary number used only once in a cryptographic communication

In cryptography, a nonce is an arbitrary number that can be used just once in a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. They can also be useful as initialization vectors and in cryptographic hash functions.

Martín Abadi is an Argentinian computer scientist, currently working at Google. He earned his Ph.D. from Stanford University in 1987 as a student of Zohar Manna.

The Password Authenticated Key Exchange by Juggling is a password-authenticated key agreement protocol, proposed by Feng Hao and Peter Ryan. This protocol allows two parties to establish private and authenticated communication solely based on their shared (low-entropy) password without requiring a Public Key Infrastructure. It provides mutual authentication to the key exchange, a feature that is lacking in the Diffie–Hellman key exchange protocol.

Yahalom is an authentication and secure key-sharing protocol designed for use on an insecure network such as the Internet. Yahalom uses a trusted arbitrator to distribute a shared key between two people. This protocol can be considered as an improved version of Wide Mouth Frog protocol, but less secure than the Needham–Schroeder protocol.

The Neuman–Stubblebine protocol is a computer network authentication protocol designed for use on insecure networks. It allows individuals communicating over such a network to prove their identity to each other. This protocol utilizes time stamps, but does not depend on synchronized clocks.

In cryptography, Woo–Lam refers to various computer network authentication protocols designed by Simon S. Lam and Thomas Woo. The protocols enable two communicating parties to authenticate each other's identity and to exchange session keys, and involve the use of a trusted key distribution center (KDC) to negotiate between the parties. Both symmetric-key and public-key variants have been described. However, the protocols suffer from various security flaws, and in part have been described as being inefficient compared to alternative authentication protocols.

Algebraic Eraser (AE) is an anonymous key agreement protocol that allows two parties, each having an AE public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key that can then be used to encrypt subsequent communications using a symmetric key cipher. Algebraic Eraser was developed by Iris Anshell, Michael Anshell, Dorian Goldfeld and Stephane Lemieux. SecureRF owns patents covering the protocol and is attempting to standardize the protocol as part of ISO/IEC 29167-20, a standard for securing radio-frequency identification devices and wireless sensor networks.

References

1 2 Schneier, Bruce (1996). Applied Cryptography, 2e. Wiley. pp. 56 et seq. ISBN 978-0-471-11709-4.
1 2 Burrows, Abadi, and Needham. "A Logic of Authentication". ACM Transactions on Computer Systems 8 (1990), pp. 18–36.
↑ Wide Mouthed Frog, Security Protocols Open Repository

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[AC-1] 1 2 Schneier, Bruce (1996). Applied Cryptography, 2e. Wiley. pp. 56 et seq. ISBN 978-0-471-11709-4.

[BAN-2] 1 2 Burrows, Abadi, and Needham. "A Logic of Authentication". ACM Transactions on Computer Systems 8 (1990), pp. 18–36.

[spore-3] Wide Mouthed Frog, Security Protocols Open Repository

Wide Mouth Frog protocol

See also

Related Research Articles

References