|
|
Program Systems: Theory and Applications, 2015, Volume 6, Issue 1, Pages 135–145
(Mi ps160)
|
 |
|
 |
This article is cited in 2 scientific papers (total in 2 papers)
Hardware, software and distributed supercomputer systems
On the cryptographic security of the “BotikKey” authentication protocol against attacks on MD5 hash function
A. A. Kuznetsov
Program Systems Institute of RAS
Abstract:
In this paper vulnerabilities of the BotikKey network protocol are described. It is being used in the “Botik” telecommunication system of Pereslavl-Zalesskiy for secure subscribers' authentication. Protocol was developed as part of Botik-technologies initiative, according to which all software and hardware is based on open source, or on the inhouse developments. We outline the purpose and implementation details of the protocol and its pros and cons. It is pointed out that majority of the protocol's vulnerabilities arise from the weaknesses of MD5 cryptographic hash function being used. With a number of assumptions, the BotikKey protocol can be compromised by committing an APOP-attack on a subscriber. It is noted that “Botik” network service provider should use contemporary cryptographic methods for subscribers' authentication or avoid using the BotikKey system at all. (In Russian).
Key words and phrases:
BotikKey protocol, secure authentication, cryptography, MD5 hash function, APOP attack.
Received: 26.12.2014
Accepted: 24.02.2015
Citation:
A. A. Kuznetsov, “On the cryptographic security of the “BotikKey” authentication protocol against attacks on MD5 hash function”, Program Systems: Theory and Applications, 6:1 (2015), 135–145
Linking options:
https://www.mathnet.ru/eng/ps160 https://www.mathnet.ru/eng/ps/v6/i1/p135
|
| Statistics & downloads: |
| Abstract page: | 285 | | Full-text PDF : | 84 | | References: | 33 |
|
Citation in format AMSBIB
Contact us: