Formal Verification of Confidentiality in DNSSEC and E-DNSSEC Protocols using pi-calculus and ProVerif

Chetioui, Kaouthar; Orhanou, Ghizlane; Bensaid, Hicham; Cherkaoui, Ilias; Chibi, Youness

doi:10.1016/j.procs.2019.11.015

Cited by 1 publication

(1 citation statement)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…an infrastructure attacker, but also the first automated verification result for DNSSEC. Chetioui et al [14] investigate (weak) secrecy in E-DNSSEC, a variant of DNSSEC that adds encryption, in ProVerif. Kammuller [31] also cover authentication in a handwritten, but automatically verified proof in Isabelle/HOL.…”

Section: ) Analysis Of Dnssecmentioning

confidence: 99%

On the Soundness of Infrastructure Adversaries

Dax¹,

Künnemann²

2021

Preprint

View full text Add to dashboard Cite

Companies and network operators perform risk assessment to inform policy-making, guide infrastructure investments or to comply with security standards such as ISO 27001. Due to the size and complexity of these networks, risk assessment techniques such as attack graphs or trees describe the attacker with a finite set of rules. This characterization of the attacker can easily miss attack vectors or overstate them, potentially leading to incorrect risk estimation.In this work, we propose the first methodology to justify a rule-based attacker model. Conceptually, we add another layer of abstraction on top of the symbolic model of cryptography, which reasons about protocols and abstracts cryptographic primitives. This new layer reasons about Internet-scale networks and abstracts protocols.We show, in general, how the soundness and completeness of a rule-based model can be ensured by verifying trace properties, linking soundness to safety properties and completeness to liveness properties. We then demonstrate the approach for a recently proposed threat model that quantifies the confidentiality of email communication on the Internet, including DNS, DNSSEC, and SMTP. Using off-the-shelf protocol verification tools, we discover two flaws in their threat model. After fixing them, we show that it provides symbolic soundness.1 For other techniques, consider the study by Wang et al. [55].

show abstract

Section: ) Analysis Of Dnssecmentioning

confidence: 99%