Summary
Nowadays mobile and fixed networks are trusted with highly sensitive information, which must be protected by security protocols. However, security protocols are vulnerable to a host of subtle attacks, such as replay, parallel session and type-flaw attacks. Designing protocols to be impervious to these attacks has been proven to be extremely challenging and error prone.
This paper discusses various attacks against security protocols. As an example, the security of the Wide-Mouthed Frog key distribution protocol when subjected to known attacks is discussed. Significantly, a hitherto unknown attack on Lowe’s modified version of the Wide-Mouthed Frog protocol is presented. Finally, a correction for the protocol to prevent this attack is proposed and discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Boyd, C., Mathuria, A.: Protocols for authentication and key establishment. Springer, Berlin (2003)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems TOCS 8(1), 18–36 (1990)
Lowe, G.: An attack on the Needham-Schroeder public key authentication protocol. Information Processing Letters 56(3), 131–136 (1995)
Lowe, G.: Some new attacks upon security protocols. In: Proceedings of Computer Security Foundations Workshop VIII. IEEE Computer Society Press, Los Alamitos (1996)
Denning, D., Sacco, G.: Timestamps in key distributed protocols. Communication of the ACM 24(8), 533–535 (1981)
Aura, T.: Strategies against replay attacks. In: Proceedings of the 10th IEEE Computer Society Foundations Workshop, Rockport, MA, pp. 59–68 (June 1997)
Nam, J., Kim, S., Park, S., Won, D.: Security analysis of a nonce-based user authentication scheme using smart cards. IEICE Transactions Fundamentals 90(1), 299–302 (2007)
Hwang, T., Lee, N.Y., Li, C.M., Ko, M.Y., Chen, Y.H.: Two attacks on Neumann-Stubblebine authentication protocols. Information Processing Letters 53, 103–107 (1995)
Heather, J., Lowe, G., Schneider, S.: How to prevent type flaw attacks on security protocols, pp. 255–268. IEEE Computer Society, Los Alamitos (2000)
Anderson, R., Needham, R.: Programming Satan’s Computer. In: van Leeuwen, J. (ed.) Computer Science Today. LNCS, vol. 1000, pp. 426–440. Springer, Heidelberg (1995)
Lowe, G.: A family of attacks upon authentication protocols. Technical Report 1997/5, Dept. Mathematics & Computer Science, University of Leicester (1997)
Basin, D., Mdersheim, S., Vigan, L.: OFMC: A symbolic model checker for security protocols. Int. Journal of Information Security 4(3), 181–208 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dojen, R., Jurcut, A., Coffey, T., Gyorodi, C. (2008). On Establishing and Fixing a Parallel Session Attack in a Security Protocol. In: Badica, C., Mangioni, G., Carchiolo, V., Burdescu, D.D. (eds) Intelligent Distributed Computing, Systems and Applications. Studies in Computational Intelligence, vol 162. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85257-5_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-85257-5_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85256-8
Online ISBN: 978-3-540-85257-5
eBook Packages: EngineeringEngineering (R0)