8,188 research outputs found
How to prevent type-flaw attacks on security protocols under algebraic properties
Type-flaw attacks upon security protocols wherein agents are led to
misinterpret message types have been reported frequently in the literature.
Preventing them is crucial for protocol security and verification. Heather et
al. proved that tagging every message field with it's type prevents all
type-flaw attacks under a free message algebra and perfect encryption system.
In this paper, we prove that type-flaw attacks can be prevented with the same
technique even under the ACUN algebraic properties of XOR which is commonly
used in "real-world" protocols such as SSL 3.0. Our proof method is general and
can be easily extended to other monoidal operators that possess properties such
as Inverse and Idempotence as well. We also discuss how tagging could be used
to prevent type-flaw attacks under other properties such as associativity of
pairing, commutative encryption, prefix property and homomorphic encryption.Comment: 16 pages, Appeared in proceedings of Security with Rewriting
Techniques (SecRet09), Affiliated to CSF Symposium 2009, Port Jefferson, NY
Reasoning about recognizability in security protocols
Although verifying a message has long been recognized as an important concept, which has been used explicitly or implicitly in security protocol analysis, there is no consensus on its exact meaning. Such a lack of formal treatment of the concept makes it extremely difficult to evaluate the vulnerability of security protocols.
This dissertation offers a precise answer to the question: What is meant by saying that a message can be "verified''? The core technical innovation is a third notion of knowledge in security protocols -- recognizability. It can be considered as intermediate between deduction and static equivalence, two classical knowledge notions in security protocols. We believe that the notion of recognizability sheds important lights on the study of security protocols. More specifically, this thesis makes four contributions.
First, we develop a knowledge model to capture an agent's cognitive ability to understand messages. Thanks to a clear distinction between de re/dicto interpretations of a message, the knowledge model unifies both computational and symbolic views of cryptography gracefully.
Second, we propose a new notion of knowledge in security protocols -- recognizability -- to fully capture one's ability or inability to cope with potentially ambiguous messages. A terminating procedure is given to decide recognizability under the standard Dolev-Yao model.
Third, we establish a faithful view of the attacker based on recognizability. This yields new insights into protocol compilations and protocol implementations. Specifically, we identify two types of attacks that can be thawed through adjusting the protocol implementation; and show that an ideal implementation that corresponds to the intended protocol semantics does not always exist. Overall, the obtained attacker's view provides a path to more secure protocol designs and implementations.
Fourth, we use recognizability to provide a new perspective on type-flaw attacks. Unlike most previous approaches that have focused on heuristic schemes to detect or prevent type-flaw attacks, our approach exposes the enabling factors of such attacks. Similarly, we apply the notion of recognizability to analyze off-line guessing attacks. Without enumerating rules to determine whether a guess can be "verified'', we derive a new definition based on recognizability to fully capture the attacker's guessing capabilities. This definition offers a general framework to reason about guessing attacks in a symbolic setting, independent of specific intruder models. We show how the framework can be used to analyze both passive and active guessing attacks
Attacking Group Protocols by Refuting Incorrect Inductive Conjectures
Automated tools for finding attacks on flawed security protocols often fail to deal adequately with group protocols. This is because the abstractions made to improve performance on fixed 2 or 3 party protocols either preclude the modelling of group protocols all together, or permit modelling only in a fixed scenario, which can prevent attacks from being discovered. This paper describes Coral, a tool for finding counterexamples to incorrect inductive conjectures, which we have used to model protocols for both group key agreement and group key management, without any restrictions on the scenario. We will show how we used Coral to discover 6 previously unknown attacks on 3 group protocols
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Verifying security protocols by knowledge analysis
This paper describes a new interactive method to analyse knowledge of participants involved in security protocols and further to verify the correctness of the protocols. The method can detect attacks and flaws involving interleaving sessions besides normal attacks. The implementation of the method in a generic theorem proving environment, namely Isabelle, makes the verification of protocols mechanical and efficient; it can verify a medium-sized security protocol in less than ten seconds. As an example, the paper finds the flaw in the Needham-Schroeder public key authentication protocol and proves the secure properties and guarantees of the protocol with Lowe's fix to show the effectiveness of this method
A formal methodology for integral security design and verification of network protocols
We propose a methodology for verifying security properties of network
protocols at design level. It can be separated in two main parts: context and
requirements analysis and informal verification; and formal representation and
procedural verification. It is an iterative process where the early steps are
simpler than the last ones. Therefore, the effort required for detecting flaws
is proportional to the complexity of the associated attack. Thus, we avoid
wasting valuable resources for simple flaws that can be detected early in the
verification process. In order to illustrate the advantages provided by our
methodology, we also analyze three real protocols
- …