Multi-protocol Attack: A Survey of Current Research

Traditionally, verification methods for security protocols typically assume that the protocols are used in isolation of other protocols (i.e., there is only a single protocol using a network at a given time). However, in practice it is unrealistic to assume that a security protocol runs in isolation in an insecure network. A multi-protocol attack is an attack in which more than one protocol is involved. The verification methods for security protocols that assume a single protocol on a network will fail to verify a protocol�s resistance/vulnerability to multi-protocol attacks. Further, multiple security protocols that are verified to be correct in isolation can be susceptible to multiprotocol attacks when used over the same network. However, the verification of security properties for multiple protocols existing on the same network is difficult since security properties are not compositional. This paper surveys some of the recent approaches and contributions into the verification of security properties in the context of multiple protocols being run in an insecure network and the efforts to prevent multi-protocol attacks

Statically detecting message confusions in a multi-protocol setting

In a multi-protocol setting, different protocols are concurrently executed, and each principal can participate in more than one. The possibilities of attacks therefore increase, often due to the presence of similar patterns in messages. Messages coming from one protocol can be confused with similar messages coming from another protocol. As a consequence, data of one type may be interpreted as data of another, and it is also possible that the type is the expected one, but the message is addressed to another protocol. In this paper, we shall present an extension of the LySa calculus [7, 4] that decorates encryption with tags including the protocol identifier, the protocol step identifier and the intended types of the encrypted terms. The additional information allows us to find the messages that can be confused and therefore to have hints to reconstruct the attack. We extend accordingly the standard static Control Flow Analysis for LySa, which over-approximates all the possible behaviour of the studied protocols, included the possible message confusions that may occur at run-time. Our analysis has been implemented and successfully applied to small sets of protocols. In particular, we discovered an undocumented family of attacks, that may arise when Bauer-Berson-Feiertag and the Woo-Lam authentication protocols are running in parallel. The implementation complexity of the analysis is low polynomial

A framework for compositional verification of security protocols

Automatic security protocol analysis is currently feasible only for small protocols. Since larger protocols quite often are composed of many small protocols, compositional analysis is an attractive, but non-trivial approach. We have developed a framework for compositional analysis of a large class of security protocols. The framework is intended to facilitate automatic as well as manual verification of large structured security protocols. Our approach is to verify properties of component protocols in a multi-protocol environment, then deduce properties about the composed protocol. To reduce the complexity of multi-protocol verification, we introduce a notion of protocol independence and prove a number of theorems that enable analysis of independent component protocols in isolation. To illustrate the applicability of our framework to real-world protocols, we study a key establishment sequence in WiMAX consisting of three subprotocols. Except for a small amount of trivial reasoning, the analysis is done using automatic tools

Scyther : semantics and verification of security protocols

Recent technologies have cleared the way for large scale application of electronic communication. The open and distributed nature of these communications implies that the communication medium is no longer completely controlled by the communicating parties. As a result, there has been an increasing demand for research in establishing secure communications over insecure networks, by means of security protocols. In this thesis, a formal model for the description and analysis of security protocols at the process level is developed. At this level, under the assumption of perfect cryptography, the analysis focusses on detecting aws and vulnerabilities of the security protocol. Starting from ??rst principles, operational semantics are developed to describe security protocols and their behaviour. The resulting model is parameterized, and can e.g. capture various intruder models, ranging from a secure network with no intruder, to the strongest intruder model known in literature. Within the security protocol model various security properties are de??ned, such as secrecy and various forms of authentication. A number of new results about these properties are formulated and proven correct. Based on the model, an automated veri??cation procedure is developed, which signi ??cantly improves over existing methods. The procedure is implemented in a prototype, which outperforms other tools. Both the theory and tool are applied in two novel case studies. Using the tool prototype, new results are established in the area of protocol composition, leading to the discovery of a class of previously undetected attacks. Furthermore, a new protocol in the area of multiparty authentication is developed. The resulting protocol is proven correct within the framework

Affine Refinement Types for Secure Distributed Programming

Recent research has shown that it is possible to leverage general-purpose theorem-proving techniques to develop powerful type systems for the verification of a wide range of security properties on application code. Although successful in many respects, these type systems fall short of capturing resource-conscious properties that are crucial in large classes of modern distributed applications. In this article, we propose the first type system that statically enforces the safety of cryptographic protocol implementations with respect to authorization policies expressed in affine logic. Our type system draws on a novel notion of "exponential serialization" of affine formulas, a general technique to protect affine formulas from the effect of duplication. This technique allows formulate of an expressive logical encoding of the authentication mechanisms underpinning distributed resource-aware authorization policies. We discuss the effectiveness of our approach on two case studies: the EPMO e-commerce protocol and the Kerberos authentication protocol. We finally devise a sound and complete type-checking algorithm, which is the key to achieving an efficient implementation of our analysis technique.Recent research has shown that it is possible to leverage general-purpose theorem-proving techniques to develop powerful type systems for the verification of a wide range of security properties on application code. Although successful in many respects, these type systems fall short of capturing resource-conscious properties that are crucial in large classes of modern distributed applications. In this article, we propose the first type system that statically enforces the safety of cryptographic protocol implementations with respect to authorization policies expressed in affine logic. Our type system draws on a novel notion of "exponential serialization" of affine formulas, a general technique to protect affine formulas from the effect of duplication. This technique allows formulate of an expressive logical encoding of the authentication mechanisms underpinning distributed resource-aware authorization policies. We discuss the effectiveness of our approach on two case studies: the EPMO e-commerce protocol and the Kerberos authentication protocol. We finally devise a sound and complete type-checking algorithm, which is the key to achieving an efficient implementation of our analysis technique

A theory of types for security and privacy

Im modernen Internet sind kryptographische Protokolle allgegenwärtig. Ihre Entwicklung ist jedoch schwierig und eine manuelle Sicherheitsanalyse mühsam und fehleranfällig. Ein Mangel an exakten Sicherheitsbeweisen führt daher zu oft gravierenden Sicherheitsmängeln in vielen Protokollen. Um Datenschutz und Sicherheit kryptographischer Protokolle zu verbessern und deren Verifikation zu vereinfachen, konzentriert sich ein Großteil der Forschung auf formale Protokollanalyse. Dies führte zur Entwicklung automatischer Tools, die auf symbolischen Kryptographie-Abstraktionen basieren. Jedoch gibt es weiterhin zahlreiche Protokolle und Sicherheitseigenschaften, deren Analyse zu komplex für aktuelle Systeme ist. Diese Dissertation stellt drei neuartige Frameworks zur Verifikation von Sicherheitsprotokollen und ihren Implementierungen vor. Sie nutzen eine leistungsstarker Typisierung für Sicherheit und Datenschutz und verbessern damit die aktuelle, Beschränkungen unterworfene Situation. Mit AF7 präsentieren wir die erste statische Typisierung von Protokollimplementierungen bezüglich Sicherheitseigenschaften, die in affiner Logik formuliert sind. Zudem sorgt unsere neuartige typbasierte, automatische Analysetechnik von elektronischen Wahlsystemen für Datenschutz und Überprüfbarkeit im Wahlprozess. Schließlich stellen wir mit DF7 das erste affine Typsystem zur statischen, automatischen Verifikation der sogenannten Distributed Differential Privacy in Protokollimplementierungen vor.Cryptographic protocols are ubiquitous in the modern web. However, they are notoriously difficult to design and their manual security analysis is both tedious and error-prone. Due to the lack of rigorous security proofs, many protocols have been discovered to be flawed. To improve the security and privacy guarantees of cryptographic protocols and their implementations and to facilitate their verification, a lot of research has been directed towards the formal analysis of such protocols. This has led to the development of several automated tools based on symbolic abstractions of cryptography. Unfortunately, there are still various cryptographic protocols and properties that are out of the scope of current systems. This thesis introduces three novel frameworks for the verification of security protocols and their implementations based on powerful types for security and privacy, overcoming the limitations of current state-of-the-art approaches. With AF7 we present the first type system that statically enforces the safety of cryptographic protocol implementations with respect to authorization policies expressed in affine logic. Furthermore, our novel approach for the automated analysis of e-voting systems based on refinement type systems can be used to enforce both privacy and verifiability. Finally, with DF7, we present the first affine, distanceaware type system to statically and automatically enforce distributed differential privacy in cryptographic protocol implementations