ProVerif Analysis of the ZRTP Protocol

Bresciani, Riccardo; Butterfield, Andrew

doi:10.20533/iji.1742.4712.2010.0033

Cited by 6 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There have been several studies about security verification of standardized cryptographic protocols with formal methods. ProVerif and CryptoVerif [18] have been used to verify other standardized protocols such as ZRTP [19], SN-MPv3 [20], mutual authentication protocol for GSM [21], LTE [22], OpenID Connect protocol [23], and others. Cremers and Horvat [8] verified 30 key exchange protocols standardized in ISO/IEC 11770-2 [9] and ISO/IEC 11770-3 [10] with automated security verification tool Scyther [11], and found some spoofing attacks.…”

Section: Related Workmentioning

confidence: 99%

Verification of Group Key Management of IEEE 802.21 Using ProVerif

Noguchi

Hanatani

Yoneyama

2021

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Home Energy Management Systems (HEMS) contain devices of multiple manufacturers. Also, a large number of groups of devices must be managed according to several clustering situations. Hence, since it is necessary to establish a common secret group key among group members, the group key management scheme of IEEE 802.21 is used. However, no security verification result by formal methods is known. In this paper, we give the first formal verification result of secrecy and authenticity of the group key management scheme of IEEE 802.21 against insider and outsider attacks using ProVerif, which is an automatic verification tool for cryptographic protocols. As a result, we clarify that a spoofing attack by an insider and a replay attack by an outsider are found for the basic scheme, but these attacks can be prevented by using the scheme with the digital signature option.

show abstract

Section: Related Workmentioning

confidence: 99%

Verification of Group Key Management of IEEE 802.21 Using ProVerif

Noguchi

Hanatani

Yoneyama

2021

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…There have been several studies about security verification of standardized cryptographic protocols with formal methods. ProVerif and CryptoVerif [17] have been used to verify other standardized protocols such as ZRTP [18], SNMPv3 [19], mutual authentication protocol for GSM [20], LTE [21], OpenID Connect protocol [22], and others. Cremers and Horvat [7] verified 30 key exchange protocols standardized in ISO/IEC 11770-2 [8] and ISO/IEC 11770-3 [9] with automated security verification tool Scyther [10], and found some spoofing attacks.…”

Section: Related Workmentioning

confidence: 99%

Verification of Group Key Management of IEEE 802.21 using ProVerif

Noguchi

Hanatani

Yoneyama

2020

Proceedings of the 7th ACM Workshop on ASIA Public-Key Cryptography

View full text Add to dashboard Cite

Home Energy Management Systems (HEMS) contain devices of multiple manufacturers. Also, a large number of groups of devices must be managed according to several clustering situations. Hence, since it is necessary to establish a common secret group key among group members, the group key management scheme of IEEE 802.21 is used. However, no security verification result by formal methods is known. In this paper, we give the first formal verification result of secrecy and authenticity of the group key management scheme of IEEE 802.21 against insider and outsider attacks using ProVerif, which is an automatic verification tool for cryptographic protocols. As a result, we clarify that a spoofing attack by an insider and a reply attack by an outsider are found for the basic scheme, but these attacks can be prevented by using the scheme with the digital signature option. CCS CONCEPTS • Security and privacy → Logic and verification.

show abstract

“…ZRTP has been verified formally by Bresciani et al [4][5][6]. It was shown that it is a secure key agreement protocol under the Dolev-Yao model.…”

Section: Related Workmentioning

confidence: 99%

“…Before its standardization, ZRTP has been formally verified by Bresciani et al [6]. The authors analyzed the protocol with the "correctly verified SAS" assumption.…”

Section: Introductionmentioning

confidence: 99%

Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP

Schürmann

Kabus

Hildermeier

et al. 2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Voice calls are still one of the most common use cases for smartphones. Often, sensitive personal information but also confidential business information is shared. End-to-end security is required to protect against wiretapping of voice calls. For such real-time communication, the ZRTP key-agreement protocol has been proposed. By verbally comparing a small number of on-screen characters or words, called Short Authentication Strings, the participants can be sure that no one is wiretapping the call. Since 2011, ZRTP is an IETF standard implemented in several VoIP clients. In this paper, we analyzed attacks on real-world VoIP systems, in particular those implementing the ZRTP standard. We evaluate the protocol compliance, error handling, and user interfaces of the most common ZRTP-capable VoIP clients. Our extensive analysis uncovered a critical vulnerability that allows wiretapping even though Short Authentication Strings are compared correctly. We discuss shortcomings in the clients' error handling and design of security indicators potentially leading to insecure connections.

show abstract

ProVerif Analysis of the ZRTP Protocol

Cited by 6 publications

References 8 publications

Verification of Group Key Management of IEEE 802.21 Using ProVerif

Verification of Group Key Management of IEEE 802.21 Using ProVerif

Verification of Group Key Management of IEEE 802.21 using ProVerif

Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP

Contact Info

Product

Resources

About