Attacking Group Protocols by Refuting Incorrect Inductive Conjectures

Automated tools for finding attacks on flawed security protocols often fail to deal adequately with group protocols. This is because the abstractions made to improve performance on fixed 2 or 3 party protocols either preclude the modelling of group protocols all together, or permit modelling only in a fixed scenario, which can prevent attacks from being discovered. This paper describes Coral, a tool for finding counterexamples to incorrect inductive conjectures, which we have used to model protocols for both group key agreement and group key management, without any restrictions on the scenario. We will show how we used Coral to discover 6 previously unknown attacks on 3 group protocols

The importance of non-theorems and counterexamples in program verification.

Abstract. We argue that the detection and refutation of non-theorems, and the discovery of appropriate counterexamples, is of vital importance to the Grand Challenge of a Program Verifier

Attacking the Asokan-Ginzboorg Protocol for Key Distribution in an Ad-Hoc Bluetooth Network Using CORAL

We describe Coral, a counterexample finder for incorrect inductive conjectures. By devising a first-order version of Paulson's formalism for cryptographic protocol analysis, we are able to use Coral to attack protocols which may have an unbounded number of principals involved in a single run. We show two attacks we have found on the Asokan--Ginzboorg protocol for establishing a group key in an ad-hoc network of Bluetooth devices

Visualising First-Order Proof Search

This paper describes a method for visualising proof search in automatic resolution-style first-order theorem provers. The method has been implemented in a simple tool called viz, which takes advantage of the widely-supported scalar vector graphics format to produce graphs which can be viewed interactively. This allows the user to zoom in and out, pan, and get more information by clicking on particular parts of the graph. We demonstrate how the graphs can be used to suggest improvements to the strategy and heuristics used in the proof attempt

Attacking Group Multicast Key Management Protocol using CORAL

This paper describes the modelling of a two multicast group key management protocols in a first-order inductive model, and the discovery of previously unknown attacks on them by the automated inductive counterexample finder CORAL. These kinds of protocols had not been analysed in a scenario with an active intruder before. CORAL proved to be a suitable tool for a job because, unlike most automated tools for discovering attacks, it deals directly with an open-ended model where the number of agents and the roles they play are unbounded. Additionally, CORAL’s model allows us to reason explicitly about lists of terms in a message, which proved to be essential for modelling the second protocol. In the course of the case studies, we also discuss other issues surrounding multicast protocol analysis, including identifying the goals of the protocol with respect to the intended trust model, modelling of the control conditions, which are considerably more complex than for standard two and three party protocols, and effective searching of the state space generated by the model, which has a much larger branching rate than for standard protocols