Security Analysis of ECC Based Protocols

Author

Chanchal Khatwani, University of North FloridaFollow

Year

2017

Season

Spring

Paper Type

Master's Thesis

College

College of Computing, Engineering & Construction

Degree Name

Master of Science in Computer and Information Sciences (MS)

Department

Computing

NACO controlled Corporate Body

University of North Florida. School of Computing

First Advisor

Dr. Swapnoneel Roy

Second Advisor

Dr. Karthikeyan Umapathy

Third Advisor

Dr. Daniel Dreibelbis

Department Chair

Dr. Sherif Elfayoumy

College Dean

Dr. Mark A. Tumeo

Abstract

Elliptic curve cryptography (ECC) is extensively used in various multifactor authentication protocols. In this work, various recent ECC based authentication and key exchange protocols are subjected to threat modeling and static analysis to detect vulnerabilities, and to enhance them to be more secure against threats. This work demonstrates how currently used ECC based protocols are vulnerable to attacks. If protocols are vulnerable, damages could include critical data loss and elevated privacy concerns. The protocols considered in thiswork differ in their usage of security factors (e.g. passwords, pins, and biometrics), encryption and timestamps. The threatmodel considers various kinds of attacks including denial of service, man in the middle, weak authentication and SQL injection. Countermeasures to reduce or prevent such attacks are suggested. Beyond cryptanalysis of current schemes and proposal of new schemes, the proposed adversary model and criteria set forth provide a benchmark for the systematic evaluation of future two-factor authentication proposals.

Suggested Citation

Khatwani, Chanchal, "Security Analysis of ECC Based Protocols" (2017). UNF Graduate Theses and Dissertations. 734.
https://digitalcommons.unf.edu/etd/734