Web security: Authentication protocols and their analysis

Authentication is one of the basic building blocks of computer security. It is achieved through the execution of an authentication protocol between tw o or more parties. One such protocol, the Secure Socket Layer (SSL) protoco l, has become the de facto standard for Web security. This paper provides a n overview of results and methods used in analyzing authentication protocol s. The aim is to provide a bird's eye view of the assumptions, methods, and results that are available for anyone who is interested in designing new s ecurity protocols or applying a new analysis approach. A detailed descripti on of the SSL handshake protocol as well as how changes in environment assu mption can lead to unexpected consequences, is provided. A fix to the weakn ess is also described.