ABSTRACT
The vulnerability and importance of computers, robots, internet etc, demand the employment of exceedingly reliable methods in the design of secure systems. Security protocols are one of the most important design parameters. History has proven security protocols to be vulnerable even after they enjoyed circumspect design and meticulous review by experts. We posit that understanding the subtle issues in security protocols is important when designing a protocol. In particular, understanding a penetrator and the knowledge of different attack strategies that a penetrator can apply are among the most important issues that affect the design of security protocols. We describe the notion of a penetrator and specify his characteristics. Our purpose is to emphasize the design criteria of an authentication protocol through the use of some nice and subtle attacks that existed in the literature in the field of the design of security protocols.
- M. Abadi, Secrecy by typing in security protocols, Journal of the ACM, vol. 46, pp. 749--786, September 1999.]] Google ScholarDigital Library
- M. Abadi and P. Rogaway, Reconciling two views of cryptography (the computational soundeness of formal encryption), Journal of Cryptology, vol. 5, pp. 103--127, Spring 2002.]]Google ScholarDigital Library
- S. Brackin, Evaluating and improving protocol analysis by automatic proof, In Proceedings of the 11th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, June 1998.]] Google ScholarDigital Library
- M. Burrows, M. Abadi, and R. Needham, A logic of authentication, ACM Transactions in Computer Systems, vol. 8, pp. 18--36, February 1990.]] Google ScholarDigital Library
- I. Cervesato, N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov, A metanotation for protocol analysis, In Proceedings of 12th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, June 1999.]] Google ScholarDigital Library
- E. Clarke, S. Jha, and W. Marrero, Partial order reductions for security protocol verification, In Tools and Algorithms for the Construction and Analysis of Systems, 2000.]] Google ScholarDigital Library
- E. Cohen, TAPS:a first-order verifier for cryptographic protocols, In Proceedings of the 13th IEEE Computer Security Foundations Workshop, pp. 144--158. IEEE Computer Society Press, June 2000.]] Google ScholarDigital Library
- D. Dolev, and A. Yao, On the security of public key protocols, IEEE Transactions on Information Theory, vol. 29, pp. 198--208, March 1983.]]Google ScholarDigital Library
- D. Dolev, S. Even, and R. karp, On the security of Ping-Pong protocols, Information and Control, pp. 57--68, 1982.]]Google Scholar
- S. Even, and O. Goldreich, On the security of multi-party ping-pong protocols, In Proceedings of the 24th IEEE Symposium on the Foundations of Computer Science, pp. 34--39, IEEE Computer Society Press, 1983.]]Google ScholarDigital Library
- L. Gong, R. Needham, and R. Yahalom, Reasoning about belief in cryptographic protocols, In Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 234--248, May 1990.]]Google ScholarCross Ref
- J. Heather and S. Schneider, Towards automatic verification of authentication protocols on an unbounded network, In Proceedings of the 13th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, June 2000.]] Google ScholarDigital Library
- N. Heintze and J. D. Tygar, A model for secure protocols and their composition, IEEE Transactions on Software Engineering, vol. 2, pp. 16--30, January 1996.]] Google ScholarDigital Library
- R. Kemmerer, Using formal methods to analyze encryption protocols, IEEE Journal on Selected Areas in Communication, vol. 7, pp. 448--457, 1989.]]Google ScholarDigital Library
- D. Longley and S. Rigby, An automatic search for security flaws in key management schemes, Computers and Security, vol. 11, pp. 75--90, 1992.]] Google ScholarDigital Library
- G. Lowe, Breaking and fixing the Needham-Schroeder public-key protocol using FDR, Software - Concepts and Tools, vol. 17, pp. 93--102, 1996.]]Google ScholarCross Ref
- G. Lowe, Towards a completeness results for model checking security protocols, Journal of Computer Security, vol. 7, pp. 89--146, 1999.]] Google ScholarDigital Library
- C. Meadows, Applying Formal Methods to the Analysis of a Key Management Protocol, Journal of Computer Security, vol. 1, pp. 5--53, 1992.]]Google ScholarDigital Library
- C. Meadows, Formal methods for cryptographic protocol analysis: Emerging issues and trends, IEEE Journal on Selected Areas in Communications, vol. 21, pp. 44--54, January 2003.]]Google ScholarDigital Library
- J. K. Millen, S. C. Clark, and S. B. Freedman, The Interrogator: protocol security analysis, IEEE Transactions on Software Engineering, vol. 13, 1987.]] Google ScholarDigital Library
- J. Mitchell, M. Mitchell, and U. Stern, Automated analysis of cryptographic protocols using Mur$\phi$, In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 141--151. IEEE Computer Society Press, May 1997.]] Google ScholarDigital Library
- R. Needham and M. Schroeder, Using Encryption for authentication in large networks of computers, Communications of the ACM, vol. 21, pp. 993--999, December 1978.]] Google ScholarDigital Library
- D. Otway and O. Rees, Efficient and timely mutual authentication, Operating Systems Review, vol. 21, pp. 8--10, January 1987.]] Google ScholarDigital Library
- L. Paulson, The inductive approach to verifying cryptographic protocols, Journal of Computer Security, vol. 6, pp. 85--128, 1998.]] Google ScholarDigital Library
- S. Schneider, Verifying authentication protocols with CSP, In Proceedings of the 10th IEEE Computer Security Foundations Workshop, pp. 3--17, IEEE Computer Society Press, 1997.]] Google ScholarDigital Library
- D. Song, S. Berezin, and A. Perrig, Athena: a novel approach to efficient automatic security protocol analysis, Journal of Computer Security, vol. 9, pp. 47--74, 2001.]] Google ScholarDigital Library
- P. F. Syverson and P. C. van Oorschot, On unifying some cryptographic protocol logics, In 1994 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 14--28. IEEE Computer Society, May 1994.]] Google ScholarDigital Library
- F. Thayer Fábrega, J. Herzog, and J. Guttman, Strand spaces: Why is a security protocol correct?, In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 160--171. IEEE Computer Society Press, May 1998.]]Google ScholarCross Ref
- F. Thayer Fábrega, J. Herzog, and J. Guttman, Strand Spaces: Proving security protocols correct, Journal of Computer Security, vol. 7, pp. 191--230. 1999.]] Google ScholarDigital Library
- T. Y. C. Woo and S. S. Lam, A semantic model for authentication protocols, In Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 178--194. IEEE Computer Society Press, 1993.]] Google ScholarDigital Library
- F. J. Thayer Fábrega, J. Herzog, and J. Guttman, Strand space pictures. In Proceedings of the Workshop on Formal Methods and Security Protocols, 1998.]]Google Scholar
- T. Y. C. Woo and S. S. Lam, A Lesson on Authentication Protocol Design, Operating Systems Review, pages 24--37, 1994.]] Google ScholarDigital Library
Index Terms
- Understanding the intruder through attacks on cryptographic protocols
Recommendations
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityWe introduce the key reinstallation attack. This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key's associated parameters such as transmit nonces and receive replay counters. ...
Verifying security protocols by knowledge analysis
This paper describes a new interactive method to analyse knowledge of participants involved in security protocols and further to verify the correctness of the protocols. The method can detect attacks and flaws involving interleaving sessions besides ...
An intruder model for verifying liveness in security protocols
FMSE '06: Proceedings of the fourth ACM workshop on Formal methods in securityWe present a process algebraic intruder model for verifying a class of liveness properties of security protocols. For this class, the proposed intruder model is proved to be equivalent to a Dolev-Yao intruder that does not delay indefinitely the ...
Comments