Formal verification of type flaw attacks in security protocols

Long, Benjamin W.

doi:10.1109/apsec.2003.1254397

Cited by 5 publications

(2 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These attacks emerge when tags are confused with terms or when parts of a term are confused with another term. The detection of complex type flaws is formalized in [23,24,18,19]. Research in this area focuses on the transitions from abstract message specification into concrete bit strings and vice versa.…”

Section: Related Workmentioning

confidence: 99%

Chosen-name Attacks: An Overlooked Class of Type-flaw Attacks

Ceelen

Mauw

Radomirović

2008

Electronic Notes in Theoretical Computer Science

View full text Add to dashboard Cite

In the context of Dolev-Yao style analysis of security protocols, we consider the capability of an intruder to dynamically choose and assign names to agents. This capability has been overlooked in all significant protocol verification frameworks based on formal methods. We identify and classify new type-flaw attacks arising from this capability. Several examples of protocols that are vulnerable to this type of attack are given, including Lowe's modification of KSL. The consequences for automatic verification tools are discussed.

show abstract

Section: Related Workmentioning

confidence: 99%

Chosen-name Attacks: An Overlooked Class of Type-flaw Attacks

Ceelen

Mauw

Radomirović

2008

Electronic Notes in Theoretical Computer Science

View full text Add to dashboard Cite

show abstract

“…Key Management Architecture for Hierarchical Group Protocols has been verified using AVISPA tool in [20]. Also the Cross-Layer Verification of Type Flaw Attacks on Security Protocols was detected as in [21].…”

Section: Protocols Verified By Using Avispamentioning

confidence: 99%

Formal Verification of Payment protocol using AVISPA

Shaikh¹,

Devane²

2010

IJI

View full text Add to dashboard Cite

Emerging e-commerce activity is giving scope for the design of many new protocols, and to gain confidence, these protocol need to be verified for its designed properties. Specifically protocol used in ecommerce transactions needs to be verified for their security properties. Verification of these protocols is done using the formal verification tools. AVISPA is one of the evolving tools used mainly for verifying security properties. A newly designed electronic payment protocol is verified for its correctness and security properties. This paper discusses various formal verification methods and tools. Also it presents the use of AVISPA for verifying the security properties of the newly evolved electronic transaction protocol.

show abstract

Formal Verification of a Type Flaw Attack on a Security Protocol Using Object-Z

Long

2005

ZB 2005: Formal Specification and Development in Z and B

View full text Add to dashboard Cite

Security protocols are often specified at the application layer ; however, application layer specifications give little detail regarding message data structures at the presentation layer upon which some implementation-dependent attacks rely. In this paper we present an approach to verifying security protocols in which both the application and presentation layers are modelled. Using the Group Domain of Interpretation protocol as an example, our application layer specification of the protocol is used as input to the AVISPA model checking tool for analysis. Two type flaw attacks are found via model checking which are then verified against the corresponding presentation layer specification, thus identifying the minimal requirements to prevent the attacks.

show abstract

Formal verification of type flaw attacks in security protocols

Cited by 5 publications

References 22 publications

Chosen-name Attacks: An Overlooked Class of Type-flaw Attacks

Chosen-name Attacks: An Overlooked Class of Type-flaw Attacks

Formal Verification of Payment protocol using AVISPA

Formal Verification of a Type Flaw Attack on a Security Protocol Using Object-Z

Contact Info

Product

Resources

About