Skip to main content
SpringerLink
Log in

Multi-Attacker Protocol Validation

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

Security protocols have been analysed focusing on a variety of properties to withstand the Dolev-Yao attacker. The Multi-Attacker treat model allows each protocol participant to behave maliciously intercepting and forging messages. Each principal may then behave as a Dolev-Yao attacker while neither colluding nor sharing knowledge with anyone else. This feature rules out the applicability of existing equivalence results in the Dolev-Yao model. The analysis of security protocols under the Multi-Attacker threat model brings forward yet more insights, such as retaliation attacks and anticipation attacks, which formalise currently realistic scenarios of principals competing each other for personal profit. They are variously demonstrated on a classical protocol, Needham-Schroeder’s, and on a modern deployed protocol, Google’s SAML-based single sign-on protocol. The general threat model for security protocols based on set-rewriting that was adopted in AVISPA (Armando et al. 2005) is extended to formalise the Multi-Attacker. The state-of-the-art model checker SATMC (Armando and Compagna, Int J Inf Secur 6(1):3–32, 2007) is then used to automatically validate the protocols under the new threats, so that retaliation and anticipation attacks can automatically be found. The tool support scales up to the Multi-Attacker threat model at a reasonable price both in terms of human interaction effort and of computational time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M., Gordon, A.: A calculus for cryptographic protocols: the spi calculus. Inf. Comput. 148(1), 1–70 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  2. Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). In: Proc. of the International Conference IFIP on Theoretical Computer Science (TCS’00), pp. 3–22. Springer, Heidelberg (2000)

    Google Scholar 

  3. Aiyer, A.S., Alvisi, L., Clement, A., Dahlin, M., Martin, J.-P., Porth, C.: Bar fault tolerance for cooperative services. ACM SIGOPS Oper. Syst. Rev. 39(5), 45–58 (2005)

    Article  Google Scholar 

  4. Anderson, R.: Why cryptosystems fail. In: CCS93, pp. 217–227. ACMP (1993)

  5. Armando, A., Basin, D.A., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P.H., Héam, P.-C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV. Lecture Notes in Computer Science, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)

  6. Armando, A., Carbone, R., Compagna, L.: LTL model checking for security protocols. In: Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF20), 6–8 July 2007, Venice, Italy. LNCS. Springer, Heidelberg (2007)

  7. Armando, A., Carbone, R., Compagna, L., Cuellar, J., Abad, L.T.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering (FMSE 2008). ACM, New York (2008)

    Google Scholar 

  8. Armando, A., Compagna, L.: SATMC: a SAT-based model checker for security protocols. In: Proceedings of the 9th European Conference on Logics in Artificial Intelligence (JELIA’04). LNAI, vol. 3229, pp. 730–733, Lisbon, Portugal. Springer, Heidelberg (2004)

  9. Armando, A., Compagna, L.: SAT-based model-checking for security protocols analysis. Int. J. Inf. Secur. 6(1), 3–32 (2007)

    Google Scholar 

  10. Arsac, W., Bella, G., Chantry, X., Compagna, L.: Attacking each other. In: Proc. of the 17th International Workshop on Security Protocols (CIWSP’09). Springer, Heidelberg (2009)

  11. Arsac, W., Bella, G., Chantry, X., Compagna, L.: Validating security protocols under the general attacker. In: Proc. of the Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPA-WITS’09). Springer, Heidelberg (2009)

  12. AVISPA: AVISPA Library of security protocols. http://www.avispa-project.org/library/index.html

  13. Backes, M., Pfitzmann, B.: Relating symbolic and cryptographic secrecy. In: IEEE Symposium on Security and Privacy (2005)

  14. Bella, G.: Formal Correctness of Security Protocols. Information Security and Cryptography. Springer (2007)

  15. Bella, G.: The rational attacker. http://www.dmi.unict.it/~giamp/Seminars/rationalattackerSAP08.pdf. Invited talk at SAP Research France, Sophia Antipolis (2008)

  16. Bella, G.: What is correctness of security protocols? Springer J. Univers. Comput. Sci. 14(12), 2083–2107 (2008)

    Google Scholar 

  17. Bella, G., Bistarelli, S.: Confidentiality levels and deliberate/indeliberate protocol attacks. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Proc. of the 10th Security Protocols Workshop (SPW’02). LNCS 2845, pp. 104–119. SV (2004)

  18. Bella, G., Bistarelli, S., Massacci, F.: Retaliation: can we live with flaws? In: Essaidi, M., Thomas, J. (eds.) Proc. of the Nato Advanced Research Workshop on Information Security Assurance and Security. Nato Through Science, vol. 6, pp. 3–14. IOS, Amsterdam (2006). http://www.iospress.nl/loadtop/load.php?isbn=9781586036782

  19. Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: Proceedings 27th Annual Symposium on the Theory of Computing, pp. 57–66. ACM (1995)

  20. Blanchet, B.: Automatic verification of cryptographic protocols: a logic programming approach. In: Proceedings of the 5th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming, 27–29 August 2003, pp. 1–3. Uppsala, Sweden (2003)

  21. Buttyán, L., Hubaux, J.-P., Čapkun, S.: A formal model of rational exchange and its application to the analysis of syverson’s protocol. J. Comput. Secur. 12(3,4), 551–587 (2004)

    Google Scholar 

  22. Caleiro, C., Viganò, L., Basin, D.: Metareasoning about security protocols using distributed temporal logic. In: Electronic Notes in Theoretical Computer Science (Proceedings of the Workshop on Automated Reasoning for Security Protocol Analysis, ARSPA 2004), vol. 125(1), pp. 67–89. http://www.sciencedirect.com (2005)

  23. Caleiro, C., Viganò, L., Basin, D.: Relating strand spaces and distributed temporal logic for security protocol analysis. Log. J. IGPL 13(6), 637–663 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  24. Compagna, L.: SAT-based model-checking of security protocols. Phd, Università degli Studi di Genova, Italy, and University of Edinburgh, Scotland (2005). Available at www.ai-lab.it/compa/PhD-Thesis/main.ps

  25. Dolev, D., and Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29) 350–357 (1981)

    Google Scholar 

  26. Fábrega, F.J.T., Herzog, J.C., Guttman, J.D.: Strand spaces: proving security protocols correct. J. Comput. Secur. 7, 191–230 (1999)

    Google Scholar 

  27. Gollmann, D.: On the verification of cryptographic protocols—a tale of two committees. In: Proc. of the Workshop on Secure Architectures and Information Flow, ENTCS 32. Elsevier Science (2000)

  28. Jacquemard, F., Rusinowitch, M., Vigneron, L.: Compiling and verifying security protocols. In: Parigot, M., Voronkov, A. (eds.) Proceedings of LPAR 2000. LNCS 1955, pp. 131–160. Springer, Heidelberg (2000)

  29. Kremer, S., Raskin, J.-F.: Game analysis of abuse-free contract signing. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop (CSFW’02), pp. 206–230. IEEE, New York (2002)

  30. Lowe, G.: Breaking and fixing the needham-shroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) Proceedings of TACAS’96. LNCS 1055, pp. 147–166. Springer, Heidelberg (1996)

  31. Lowe, G.: Towards a completeness result for model checking of security protocols. J. Comput. Secur. 7(2–3), 89–146 (1999)

    Google Scholar 

  32. Maurer, U.M., Schmid, P.E.: A calculus for security bootstrapping in distributed systems. J. Comput. Secur. 4(1), 55–80 (1996)

    Google Scholar 

  33. Needham, R.M.: Keynote address: the changing environment. In: Christianson, B., Crispo, B., Malcolm, J.A., Michael, R. (eds.) Proc. of the 7th Security Protocols Workshop (SPW’99). LNCS 1796, pp. 1–5. Springer, Heidelberg (2000)

  34. Neuman, B.C., Ts’o, T.: Kerberos: an authentication service for computer networks, from IEEE communications magazine, september (1994). In: Stallings, W. (ed.) Practical Cryptography for Data Internetworks. IEEE, New York (1996)

  35. OASIS. Security assertion markup language (SAML) v2.0. Available at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security (2005)

  36. Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6, 85–128 (1998)

    Google Scholar 

  37. Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theor. Comput. Sci. 299, 451–475 (2003). http://www.loria.fr/~rusi/pub/tcsprotocol.ps.gz

  38. Ryan, P.Y.A., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, A.W.: Modelling and Analysis of Security Protocols. AW (2001)

Download references

Author information

Authors and Affiliations

  1. SAP Research, Sophia Antipolis, France

    Wihem Arsac, Xavier Chantry & Luca Compagna

  2. Dipartimento di Matematica e Informatica, Università di Catania, Catania, Italy

    Giampaolo Bella

  3. Software Technology Research Laboratory, De Montfort University, Leicester, UK

    Giampaolo Bella

Authors
  1. Wihem Arsac
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giampaolo Bella
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xavier Chantry
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Luca Compagna
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Giampaolo Bella.

Additional information

This work was partially supported by the FP7-ICT-2007-1 Project no. 216471, “AVANTSSAR: Automated Validation of Trust and Security of Service-oriented Architectures” (www.avantssar.eu).

Rights and permissions

Reprints and permissions

About this article

Cite this article

Arsac, W., Bella, G., Chantry, X. et al. Multi-Attacker Protocol Validation. J Autom Reasoning 46, 353–388 (2011). https://doi.org/10.1007/s10817-010-9185-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-010-9185-y

Keywords

Search

Navigation