A derivation system and compositional logic for security protocols

Datta, Anupam; Derek, Ante; Mitchell, John C.; Pavlović, Duško

doi:10.3233/jcs-2005-13304

Cited by 113 publications

(159 citation statements)

References 57 publications

Supporting

Mentioning

159

Contrasting

Order By: Relevance

“…In the symbolic model, protocol execution and the possible actions of an attacker are characterized using a symbolic model of computation that allows nondeterminism but does not incorporate probability or computational complexity bounds. In addition to many model checking and bug-finding efforts, there have been some significant correctness proofs carried using the symbolic model, including mechanically checked formal proofs [13,14], unformalized but mathematical proofs about a multiset rewriting model [15][16][17], and work using compositional formal logic approaches [18][19][20][21][22]. Several groups of researchers have taken steps to connect the symbolic model to the probabilistic polynomial-time computational model used in cryptographic studies, e.g., [23-29, 3, 4, 30].…”

Section: Introductionmentioning

confidence: 99%

Analysis of EAP-GPSK Authentication Protocol

Mitchell

Rowe

Scedrov

2008

Applied Cryptography and Network Security

Self Cite

View full text Add to dashboard Cite

Abstract. The EAP-GPSK protocol is a lightweight, flexible authentication protocol relying on symmetric key cryptography. It is part of an ongoing IETF process to develop authentication methods for the EAP framework. We analyze the protocol and find three weaknesses: a repairable Denial-of-Service attack, an anomaly with the key derivation function used to create a short-term master session key, and a ciphersuite downgrading attack. We propose fixes to these anomalies, and use a finite-state verification tool to search for remaining problems after making these repairs. We then prove the fixed version correct using a protocol verification logic. We discussed the attacks and our suggested fixes with the authors of the specification document which has subsequently been modified to include our proposed changes.

show abstract

Section: Introductionmentioning

confidence: 99%

Analysis of EAP-GPSK Authentication Protocol

Mitchell

Rowe

Scedrov

2008

Applied Cryptography and Network Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…Most demonstrated approaches for proving security of complex network protocols, of the scale that appear in IEEE and IETF standards, use a simplified model of protocol execution based on symbolic computation and highly idealized cryptography [9,16,19,24]. However, proofs about symbolic computation do not provide the same level of assurance as proofs about probabilistic polynomial-time attacks.…”

Section: Introductionmentioning

confidence: 99%

“…The axioms presented in this paper are used in Protocol Composition Logic (PCL) [24,26,41,25,39]. Our formalization uses the characterization of "good key" from [27], but improves on previous work in several respects: (i) we fix a bug in the DH axiom in [27] by using the "DHStrongSecretive" formulas developed in the paper, (ii) we present a general inductive method for proving secrecy conditions for Diffie-Hellman key exchange, and (iii) we present axioms for reasoning from ciphertext integrity assumptions.…”

Section: Introductionmentioning

confidence: 99%

“…Additional background appears in [24,26,41,25,39]. Modelling protocols A protocol is given by a set of roles, each specifying a sequence of actions to be executed by an honest agent.…”

Section: Introductionmentioning

confidence: 99%

“…More generally, Abadi and Rogaway [1] initiated computationally sound symbolic analysis of static equivalence, with extensions and completeness explored in [37,2]; a recent extension to Diffie-Hellman appears in [15], covering only passive adversaries, not the stronger active adversaries used in the present paper. Protocol Composition Logic [24] was used in a case study of 802.11i [29], has previous computational semantics [26], and was used to study protocol composition and key exchange [27]. In other studies of DHKE, [30] uses a symbolic model, while [36] imposes nonstandard protocol assumptions.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Formal Proofs of Cryptographic Security of Diffie-Hellman-Based Protocols

Datta

Mitchell

Trustworthy Global Computing

Self Cite

View full text Add to dashboard Cite

Abstract. We present axioms and inference rules for reasoning about Diffie-Hellman-based key exchange protocols and use these rules to prove authentication and secrecy properties of two important protocol standards, the Diffie-Hellman variant of Kerberos, and IKEv2, the revised standard key management protocol for IPSEC. The new proof system is sound for an accepted semantics used in cryptographic studies. In the process of applying our system, we uncover a deficiency in Diffie-Hellman Kerberos that is easily repaired.

show abstract

Security enhancement for dynamic key refreshment in neighborhood area network of smart grid

Toor

2016

Security Comm. Networks

View full text Add to dashboard Cite

Wireless mesh networks are being considered as the most adequate topology for deployment in the neighborhood area network (NAN) domain in the smart‐grid infrastructure, because its features such as self‐organizing, scalability, and cost‐efficiency complement to the NAN requirements. To provide security functionality to the NAN, the key refreshment strategy of the simultaneous authentication of equals or the efficient mesh security association protocol is an efficient way to make the network more resilient against various cyberattacks. However, it is discovered that when the key refreshment strategy is used, the efficient mesh security association protocol demonstrates a security vulnerability, leading to denial of service attacks. In this paper, a simple hash‐based encryption scheme is proposed to prevent the unprotected messages from being replayed by the adversary with an enhancement to the key refreshment scheme to improve the resilience of the mesh key holder security handshake. The Protocol Composition Logic is used to describe the logical correctness of the proposed scheme, while the Process Analysis Toolkit is used to formally verify the security functionality against the malicious attacks. The efficiency analysis and the simulation results prove that the proposed scheme is reliable and efficient. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

A derivation system and compositional logic for security protocols

Cited by 113 publications

References 57 publications

Analysis of EAP-GPSK Authentication Protocol

Analysis of EAP-GPSK Authentication Protocol

Formal Proofs of Cryptographic Security of Diffie-Hellman-Based Protocols

Security enhancement for dynamic key refreshment in neighborhood area network of smart grid

Contact Info

Product

Resources

About