Cryptographic protocol flaws: know your enemy

Carlsen, Ulf

doi:10.1109/csfw.1994.315934

Cited by 42 publications

(27 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attacks that might exist if there are terms that may be "read" as having more than one form are referred to as type flaw attacks [4]. Some type flaw attacks seem implausible, in the sense that most implementations would not be vulnerable to them, while others are more troublesome.…”

Section: Terms and Encryptionmentioning

confidence: 99%

See 1 more Smart Citation

Strand Spaces: Why is a Security Protocol Correct?

Fabrega¹,

Herzog²,

Gutman³

1998

View full text Add to dashboard Cite

show abstract

Section: Terms and Encryptionmentioning

confidence: 99%

“…Copyright 1998 IEEE. Published in Proceedings, 1998 IEEE Symposium on Security and Privacy, [3][4][5][6] May 1998 in Oakland, California. an ideal cryptosystem. In other cases, characteristics of the cryptosystem and characteristics of the protocol combine to cause protocol failure [16,5,18].…”

Section: Introductionmentioning

confidence: 99%

Strand Spaces: Why is a Security Protocol Correct?

Fabrega¹,

Herzog²,

Gutman³

1998

View full text Add to dashboard Cite

show abstract

“…Figure 3 shows the open-ended base of attack actions that in the current implementation of the MI intruder model are checked for their feasibility. The selected attack actions appear as primitive steps in attacks reported in the related bibliography and have been proposed in published taxonomies [17,18,19] that formalize the observations of intruder misbehaviors, where the intruder redirects messages among protocol participants. In [15], we provided formal definitions of the selected primitive attack actions, as well as bibliographic examples, where these attack actions violate security properties of existing protocols.…”

Section: The MI Intruder Model In Usementioning

confidence: 99%

An intruder model with message inspection for model checking security protocols

Basagiannis

Katsaros

Pombortsis

2010

Computers & Security

View full text Add to dashboard Cite

Model checking security protocols is based on an intruder model that represents the eavesdropping or interception of the exchanged messages, while at the same time performs attack actions against the ongoing protocol session(s). Any attempt to enumerate all messages that can be deduced by the intruder and the possible actions in all protocol steps results in an enormous branching of the model's state space. In current work, we introduce a new intruder model that can be exploited for state space reduction, optionally in combination with known techniques, such as partial order and symmetry reduction. The proposed intruder modeling approach called Message Inspection (MI) is based on enhancing the intruder's knowledge with metadata for the exchanged messages. In a preliminary simulation run, the intruder tags the analyzed messages with protocol-specific values for a set of predefined parameters. This metadata is used to identify possible attack actions, for which it is a priori known that they cannot cause a security violation. The MI algorithm selects attack actions that can be discarded, from an open-ended base of primitive attack actions. Thus, model checking focuses only on attack actions that may disclose a security violation. The most interesting consequence is a non negligible state-space pruning, but at the same time our approach also allows customizing the behavior of the intruder model, in order e.g. to make it appropriate for model checking problems that involve liveness. We provide experimental results obtained with the SPIN model checker, for the Needham Schroeder security protocol.

show abstract

“…or suggesting one should use different encryption systems or add hashings to each message, e.g. [6,3]. Protocol designers are often unwilling to follow these guidelines.…”

Section: Introductionmentioning

confidence: 99%

On the Automated Correction of Protocols with Improper Message Encoding

Hutter¹,

Monroy

2009

Foundations and Applications of Security Analysis

View full text Add to dashboard Cite

Abstract. Security protocols are crucial to achieve trusted computing. However, designing security protocols is not easy and so security protocols are typically faulty and have to be repaired. Continuing previous work we present first steps to automate this repairing process, especially for protocols that are susceptible to type-flaw attacks. To this end, we extend the notion of strand spaces by introducing an implementation layer for messages and extending the capabilities of a penetrator to swap messages that share the same implementation. Based on this framework we are able to track type flaw attacks to incompatibilities between the way messages are implemented and the design of concrete security protocols. Heuristics are given to either change the implementation or the protocol to avoid these situations.

show abstract

Cryptographic protocol flaws: know your enemy

Cited by 42 publications

References 31 publications

Strand Spaces: Why is a Security Protocol Correct?

Strand Spaces: Why is a Security Protocol Correct?

An intruder model with message inspection for model checking security protocols

On the Automated Correction of Protocols with Improper Message Encoding

Contact Info

Product

Resources

About