87 research outputs found
Compiling symbolic attacks to protocol implementation tests
Recently efficient model-checking tools have been developed to find flaws in
security protocols specifications. These flaws can be interpreted as potential
attacks scenarios but the feasability of these scenarios need to be confirmed
at the implementation level. However, bridging the gap between an abstract
attack scenario derived from a specification and a penetration test on real
implementations of a protocol is still an open issue. This work investigates an
architecture for automatically generating abstract attacks and converting them
to concrete tests on protocol implementations. In particular we aim to improve
previously proposed blackbox testing methods in order to discover automatically
new attacks and vulnerabilities. As a proof of concept we have experimented our
proposed architecture to detect a renegotiation vulnerability on some
implementations of SSL/TLS, a protocol widely used for securing electronic
transactions.Comment: In Proceedings SCSS 2012, arXiv:1307.802
Performance Evaluations of Cryptographic Protocols Verification Tools Dealing with Algebraic Properties
International audienceThere exist several automatic verification tools of cryptographic protocols, but only few of them are able to check protocols in presence of algebraic properties. Most of these tools are dealing either with Exclusive-Or (XOR) and exponentiation properties, so-called Diffie-Hellman (DH). In the last few years, the number of these tools increased and some existing tools have been updated. Our aim is to compare their performances by analysing a selection of cryptographic protocols using XOR and DH. We compare execution time and memory consumption for different versions of the following tools OFMC, CL-Atse, Scyther, Tamarin, TA4SP, and extensions of ProVerif (XOR-ProVerif and DH-ProVerif). Our evaluation shows that in most of the cases the new versions of the tools are faster but consume more memory. We also show how the new tools: Tamarin, Scyther and TA4SP, can be compared to previous ones. We also discover and understand for the protocol IKEv2-DS a difference of modelling by the authors of different tools, which leads to different security results. Finally, for Exclusive-Or and Diffie-Hellman properties, we construct two families of protocols P xori and P dhi that allow us to clearly see for the first time the impact of the number of operators and variables in the tools' performances
KEDGEN2: A key establishment and derivation protocol for EPC Gen2 RFID systems
International audienceThe EPC Class-1 Generation-2 (Gen2 for short) is a Radio Frequency IDentification (RFID) technology that is gaining a prominent place in several domains. However, the Gen2 standard lacks verifiable security functionalities. Eavesdropping attacks can, for instance, affect the security of applications based on the Gen2 technology. To address this problem, RFID tags must be equipped with a robust mechanism to authenticate readers before authorising them to access their data. In this paper, we propose a key establishment and derivation protocol, which is applied at both identification phase and those remainder operations requiring security. Our solution is based on a pseudorandom number generator that uses a low computational workload, while ensuring long term secure communication to protect the secrecy of the exchanged data. Mutual authentication of the tag and the sensor and strong notions of secrecy such as forward and backward secrecy are analysed, and we prove formally that after being amended, our protocol is secure with respect to these properties
Resource Efficient Authentication and Session Key Establishment Procedure for Low-Resource IoT Devices
open access journalThe Internet of Things (IoT) can includes many resource-constrained devices, with most usually needing to securely communicate with their network managers, which are more resource-rich devices in the IoT network. We propose a resource-efficient security scheme that includes authentication of devices with their network managers, authentication between devices on different networks, and an attack-resilient key establishment procedure. Using automated validation with internet security protocols and applications tool-set, we analyse several attack scenarios to determine the security soundness of the proposed solution, and then we evaluate its performance analytically and experimentally. The performance analysis shows that the proposed solution occupies little memory and consumes low energy during the authentication and key generation processes respectively. Moreover, it protects the network from well-known attacks (man-in-the-middle attacks, replay attacks, impersonation attacks, key compromission attacks and denial of service attacks)
Intruder deducibility constraints with negation. Decidability and application to secured service compositions
The problem of finding a mediator to compose secured services has been
reduced in our former work to the problem of solving deducibility constraints
similar to those employed for cryptographic protocol analysis. We extend in
this paper the mediator synthesis procedure by a construction for expressing
that some data is not accessible to the mediator. Then we give a decision
procedure for verifying that a mediator satisfying this non-disclosure policy
can be effectively synthesized. This procedure has been implemented in CL-AtSe,
our protocol analysis tool. The procedure extends constraint solving for
cryptographic protocol analysis in a significative way as it is able to handle
negative deducibility constraints without restriction. In particular it applies
to all subterm convergent theories and therefore covers several interesting
theories in formal security analysis including encryption, hashing, signature
and pairing.Comment: (2012
Optimistic Non-repudiation Protocol Analysis
The original publication is available at www.springerlink.com ; ISBN 978-3-540-72353-0 (Pring) 0302-9743 (Online) 1611-3349International audienceNon-repudiation protocols with session labels have a number of vulnerabilities. Recently Cederquist, Corin and Dashti have proposed an optimistic non-repudiation protocol that avoids altogether the use of session labels. We have specified and analysed this protocol using an extended version of the AVISPA Tool and one important fault has been discovered. We describe the protocol, the analysis method, show two attack traces that exploit the fault and propose a correction to the protocol
Secure Refinements of Communication Channels
It is a common practice to design a protocol (say Q) assuming some secure channels. Then the secure channels are implemented using any standard protocol, e.g. TLS. In this paper, we study when such a practice is indeed secure.
We provide a characterization of both confidential and authenticated channels. As an application, we study several protocols of the literature including TLS and BAC protocols. Thanks to our result, we can consider a larger number of sessions when analyzing complex protocols resulting from explicit implementation of the secure channels of some more abstract protocol Q
A Formal Approach to Exploiting Multi-Stage Attacks based on File-System Vulnerabilities of Web Applications (Extended Version)
Web applications require access to the file-system for many different tasks.
When analyzing the security of a web application, secu- rity analysts should
thus consider the impact that file-system operations have on the security of
the whole application. Moreover, the analysis should take into consideration
how file-system vulnerabilities might in- teract with other vulnerabilities
leading an attacker to breach into the web application. In this paper, we first
propose a classification of file- system vulnerabilities, and then, based on
this classification, we present a formal approach that allows one to exploit
file-system vulnerabilities. We give a formal representation of web
applications, databases and file- systems, and show how to reason about
file-system vulnerabilities. We also show how to combine file-system
vulnerabilities and SQL-Injection vulnerabilities for the identification of
complex, multi-stage attacks. We have developed an automatic tool that
implements our approach and we show its efficiency by discussing several
real-world case studies, which are witness to the fact that our tool can
generate, and exploit, complex attacks that, to the best of our knowledge, no
other state-of-the-art-tool for the security of web applications can find
Formal Verification of a Key Establishment Protocol for EPC Gen2 RFID Systems: Work in Progress
International audienceThe EPC Class-1 Generation-2 (Gen2 for short) is a standard Radio Frequency Identification (RFID) technology that has gained a prominent place on the retail industry. The Gen2 standard lacks, however, of verifiable security functionalities. Eavesdropping attacks can, for instance, affect the security of monitoring applications based on the Gen2 technology. We are working on a key establishment protocol that aims at addressing this problem. The protocol is applied at both the initial identification phase and those remainder operations that may require security, such as password protected operations. We specify the protocol using the High Level Protocol Specification Language (HLPSL). Then, we verify the secrecy property of the protocol using the AVISPA model checker tool. The results that we report show that the current version of the protocol guarantees sensitive data secrecy under the presence of a passive adversary
- …