Abstract
As a part of a continued effort towards a logical framework for incremental reasoning about security, we attempted a derivational reconstruction of GDOI, the protocol proposed in IETF RFC 3547 for authenticated key agreement in group communication over IPsec. The difficulties encountered in deriving one of its authentication properties led us to derive an attack that had not surfaced in the previous extensive analyses of this protocol. The derivational techniques turned out to be helpful not only for constructing, analyzing and modifying protocols, but also attacks on them. We believe that the presented results demonstrate the point the derivational approach, which tracks and formalizes the way protocols are designed informally: by refining and composing basic protocol components.
After a brief overview of the simple authentication logic, we outline a derivation of GDOI, which displays its valid security properties, and the derivations of two attacks on it, which display its undesired properties. We also discuss some modifications that eliminate these vulnerabilities. Their derivations suggest proofs of the desired authentication. At the time of writing, we are working together with the Msec Working Group to develop a solution to this problem.
Chapter PDF
Similar content being viewed by others
Keywords
- Authentication Protocol
- Security Protocol
- Mutual Authentication
- Cryptographic Protocol
- Internet Engineer Task Force
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Asokan, N., Niemi, V., Nyberg, K.: Man-in-the-middle in tunnelled authentication protocols. In: 2003 Cambridge Security Protocol Workshop (April 2-4, 2003)
Backes, M., Pfitzmann, B., Waidner, M.: A universally composable cryptographic library. Cryptology ePrint Archive, Report 2003/015 (2003), http://eprint.iacr.org/
Baugher, M., Weis, B., Hardjono, T., Harney, H.: The group domain of interpretation. IETF RFC 3547 (July 2003)
Blunk, L., Vollbrecht, J., Aboba, B., Carlson, J., Levkowetz, H.: Extensible authentication protocol (eap). IETF RFC 2284bis (November 27, 2003)
Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions in Computer Systems 8(1), 18–36 (1990)
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on the Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos (2001)
Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: A derivation system for security protocols and its logical formalization. In: IEEE Computer Security Foundations Workshop, Pacific Grove, CA, June 2003, pp. 109–125. IEEE Computer Society Press, Los Alamitos (2003)
Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: Secure protocol composition. In: Proceedings of ACM FMCS 2003, Washington, DC, October 2003, pp. 109–125. ACM Press, New York (2003)
Diffie, W., van Oorschot, P.C., Wiener, M.l.J.: Authentication and Authenticated Key Exchanges. Designs,Codes, and Cryptography 2, 107–125 (1992)
Durgin, N.A., Mitchell, J.C., Pavlovic, D.: A compositional logic for proving security properties of protocols. Journal of Computer Security 11(4), 667–721 (2003)
Durgin, N., Mitchell, J.C., Pavlovic, D.: A compositional logic for protocol correctness. In: Schneider, S. (ed.) Proceedings of CSFW 2001, pp. 241–255. IEEE, Los Alamitos (2001)
Guttman, J., Thayer, F.J.: Authentication tests and the structure of bundles. Theor. Comput. Sci. 283(2), 333–380 (2002)
Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). IETF RFC 2409 (November 1998)
Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop, pp. 31–43. IEEE Computer Society Press, Los Alamitos (1997)
Mateus, P., Mitchell, J.C., Scedrov, A.: Composition of cryptographic protocols in a probabilistic polynomial-time process calculus. In: Amadio, R.M., Lugiez, D. (eds.) CONCUR 2003. LNCS, vol. 2761, pp. 327–349. Springer, Heidelberg (2003)
Meadows, C., Syverson, P., Cervesato, I.: Formal specification and analysis of the Group Domain of Interpretation Protocol using NPATRL and the NRL Protocol Analyzer. Journal of Computer Security (2004) (to appear), Currently available at http://chacs.nrl.navy.mil/publications/CHACS/2003/2003meadows-gdoi.pdf
Thayer, F.J., Herzog, J., Guttman, J.: Strand Spaces: What Makes a Security Protocol Correct? Journal of Computer Security 7, 191–230 (1999)
Thomas, Y.C.: Woo and Simon S. Lam. A Semantic Model for Authentication Protocols. In: Proceedings IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, Los Alamitos (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Meadows, C., Pavlovic, D. (2004). Deriving, Attacking and Defending the GDOI Protocol. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds) Computer Security – ESORICS 2004. ESORICS 2004. Lecture Notes in Computer Science, vol 3193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30108-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-30108-0_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22987-2
Online ISBN: 978-3-540-30108-0
eBook Packages: Springer Book Archive