Advertisement

Safe Comp 97 pp 123-137 | Cite as

Cryptographic Protocols over Open Distributed Systems: A Taxonomy of Flaws and related Protocol Analysis Tools

  • S. Gritzalis
  • D. Spinellis

Abstract

When designing and implementing cryptographic protocols one must avoid a number of possible flaws. In this paper we divide possible flaws based on the flaw pathology and the corresponding attack method, into elementary protocol flaws, password/key guessing flaws, stale message flaws, parallel session flaws, internal protocol flaws, and cryptosystem flaws. We then outline and comment on different attack construction and inference-based formal methods, protocol analysis tools, and process integration techniques and their effectiveness in aiding the cryptographic protocol design process by discovering protocol flaws with regard to the aforementioned proposed taxonomy of them.

Keywords

IEEE Computer Society Secret Message Authentication Protocol Cryptographic Protocol Parallel Session 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Carlsen U. Cryptographic Protocol Flaws. In: Proceedings of the 1994 IEEE Computer Security Foundations Workshop VII. IEEE Computer Society Press, 1994, pp. 192–200Google Scholar
  2. 2.
    Carlsen U. Using Logics to Detect Implementation-Dependent Flaws. In: P roceedings of the 9th IEEE Annual Computer Security Applications Conference. IEEE Computer Society Press, 1993, pp. 64–73Google Scholar
  3. 3.
    Nesset D. A Critique of the BAN Logic. ACM Operating Systems Review 1990; 24(2) 35–38CrossRefGoogle Scholar
  4. 4.
    Burrows M., Abadi M., Needham R. A Logic of Authentication. ACM Transactions on Computer Systems 1990; 8(1) 18–36CrossRefGoogle Scholar
  5. 5.
    CCITT X.509: The Directory - An Authentication framework. CCITT, 1988Google Scholar
  6. 6.
    Morris R. Password Security: A C’ase History. Communications of the ACM 1979; 22(11) 594–597CrossRefGoogle Scholar
  7. 7.
    Klein D. Foiling the Cracker: A Survey of, and Improvements to, Password Security. In: Proceedings of the USENIX Security Workshop II. USENIX Association, 1990, pp. 5–14Google Scholar
  8. 8.
    Gong L. Attacks in Cryptographic Protocols. In: Proceedings of IEEE INFOCOM ’90. IEEE Computer Security Society Press, 1990Google Scholar
  9. 9.
    Janson P., Molva R. Security in Open Networks and Distributed Systems.Computer Networks and ISDN Systems 1991;22(5) 323–346CrossRefGoogle Scholar
  10. 10.
    Ding Y., Horster P. Undetectable on-line password guessing attacks, ACM Operating Systems Review 1995; Vol. 29, No. 4, 77–86CrossRefGoogle Scholar
  11. 11.
    G.Tsudik, E.Van Herreweghen Some Remarks on Protecting Weak Keys and Poorly-Chosen Secrets from Guessing Attacks. In: Proceedings of the 12th IEEE Symposium on Reliable Distributed Systems. IEEE Computer Society Press, 1993, pp. 136–141Google Scholar
  12. 12.
    Gong L. Optimal Authentication Protocols Resistant to Password Guessing Attacks. In: Proceedings of the 1995 IEEE Computer Security Foundations Workshop VIII. IEEE Computer Society Press, 1995, pp. 24–29Google Scholar
  13. 13.
    Tardo J., Alagappan K. SPX: Global Authentication Using Public Key Certificates. In: Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, 1991, pp. 23–244Google Scholar
  14. 14.
    Bellovin S., Merritt M. Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1992, pp. 72–84Google Scholar
  15. 15.
    Gong L., Lomas M., Needham R. Saltzer J. Protecting Poorly Chosen Secrets from Guessing Attacks. IEEE Journal on Selected Areas in Communications 1993; Vol. 11, No. 5,648–656CrossRefGoogle Scholar
  16. 16.
    Jobusch D., Oldehoeft A. A survey of Password Mechanisms: Weaknesses and Potential Improvements. Computers and Security 1989 ;Vol. 8, No. 7, 587–603CrossRefGoogle Scholar
  17. 17.
    Syverson P. A Taxonomy of Replay Attacks. In: Proceedings of the 1994 IEEE Computer Security Foundations Workshop VII. IEEE Computer Society Press, 1994, pp. 187–191Google Scholar
  18. 18.
    Denning D., Sacco G. Timestamps in Key Distribution Protocols. Communications of the ACM 1981 ;Vol. 24, No. 8, 533–536CrossRefGoogle Scholar
  19. 19.
    Needham R., Schroeder M. Using Encryption for Authentication in large networks of computers. Communications of the ACM 1978 ;21(12) 993–999zbMATHCrossRefGoogle Scholar
  20. 20.
    Syverson P. On Key Distribution Protocols for Repeated Authentication.ACM Operating Systems Review 1993 ;27(4) 24–30CrossRefGoogle Scholar
  21. 21.
    Neuman B., Stubblebine S. A Note on the Use of Timestamps as Nonces. ACM Operating Systems Review 1993 ;27(2) 10–14CrossRefGoogle Scholar
  22. 22.
    Snekkenes E. Roles in Cryptographic Protocols. In: Proceedings of the 1992 IEEE Computer Security Symposium on Security and Privacy IEEE Computer Society Press, 1992, pp. 105–120Google Scholar
  23. 23.
    Shamir A., Rivest R., Adleman L. Mental Poker. MIT Laboratory for Compute Science, 1978, Report TM-125: 178–184Google Scholar
  24. 24.
    Massey J. An Introduction to Contemporary Cryptology. In: Proceedings of the IEEE. IEEE Computer Society Press, 1988, Vol. 76, No. 5, pp. 533–549Google Scholar
  25. 25.
    Moore J. Protocol Failures in Cryptosystems. In: Proceedings of the IEEE IEEE Computer Society Press, 1988, Vol. 76, No. 5, pp. 594–602Google Scholar
  26. 26.
    Kemmerer R., Meadows C., Millen J. Three Systems for Cryptographic Protocol Analysis. Journal of Cryprology 1994; (7) 79–130zbMATHGoogle Scholar
  27. 27.
    Brackin S. A. HOL Extension of GNY for Automatically Analysing Cryptographic Protocols. In: Proceedings of the 1996 IEEE Computer Security Foundations Workshop IX. IEEE Computer Society Press, 1996, pp. 62–76Google Scholar
  28. 28.
    Dolev D., Yao A. On the Security of Public Key Protocols. IEEE Transactions on Information Theory 1983 ;29(2) 198–208MathSciNetzbMATHCrossRefGoogle Scholar
  29. 29.
    Kemmerer R. Analysing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications 1989 ; 7(4) 448–457CrossRefGoogle Scholar
  30. 30.
    Meadows C. Applying Formal Methods to the Analysis of a Key-Management Protocol. Journal of Computer Security 1992 ;vol. 1, 5–35Google Scholar
  31. 31.
    Millen J. The Interrogator Model. In: Proceedings of the 1995 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1995, pp. 251–260Google Scholar
  32. 32.
    Sidhu D. Authentication Protocols for Computer Networks. Computer Networks and ISDN Systems 1986 ;11, 297–310CrossRefGoogle Scholar
  33. 33.
    Varadharajan V. Verification of Network Security Protocols. Computers and Security 1989 ;Vol. 8, 693–708CrossRefGoogle Scholar
  34. 34.
    Gong L., Needham R., Yahalom R. Reasoning about Belief in Cryptographic Protocols. In: Proceedings of the 1990 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1990, pp. 234–248Google Scholar
  35. 35.
    Syverson P., van Oorschot P.C. On Unifying some Cryptographic Protocol Logics. In: Proceedings of the 1994 IEEE Computer Security Foundations Workshop VII. IEEE Computer Society Press, 1994, pp. 14–29Google Scholar
  36. 36.
    S.Gritzalis BAN logic for the analysis and verification of authentication protocols in distributed systems: A Review. In: Proceedings of the 1st meeting of the IKAROS Human Network for the Safety, Quality, and Reliability in Information and Communication Technologies, 1996, (in Greek)Google Scholar
  37. 37.
    Kessler V., Wedel G. AUTLOG-An advanced Logic of Authentication. In: Proceedings of the 1994 IEEE Computer Security Foundations Workshop VII. IEEE Computer Society Press, 1994, pp. 90–99Google Scholar
  38. 38.
    Syverson P. The Use of Logic in the Analysis of Cryptographic Protocols. In: Proceedings of the 1991 IEEE Computer Security Symposium on Security and Privacy. IEEE Computer Society Press, 1991, pp. 156–170Google Scholar
  39. 39.
    Roscoe A.W. Modelling and verifying key-exchange protocols using CSP and FDR. In:Proceedings of the 1995 IEEE Computer Security Foundations Workshop137IIX.IEEE Computer Society Press, 1995, pp. 98–107Google Scholar
  40. 40.
    Lowe D. Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR. In: Proceedings of TACAS. Springer Verlag, 1996, pp. 147–166Google Scholar
  41. 41.
    Scheid J., Holtsberg S. Ina Jo Specification Language Reference Manual, System Development Group, Unisys Corporation, CA, 1988Google Scholar
  42. 42.
    Diffie W., Hellman M. New Directions in Cryptography. IEEE Transactions on Information Theory 1976 ;Vol. IT-22, No. 6, 644–654MathSciNetCrossRefGoogle Scholar
  43. 43.
    Tatebayashi M., Matsuzaki N., Newman D. Key Distribution Protocol for Digital Mobile Communications Systems. In: Advances in Cryptology, CRYPTO ’89. Springer Verlag, 1989, pp. 324–333 (Lecture Notes in Computer Science no. 435)Google Scholar
  44. 44.
    Purdy G., Simmons G., Studier J. A Software Protection Scheme. In: Proceedings of the 1982 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, pp. 99–103Google Scholar
  45. 45.
    Simmons G. How to Selectively Broadcast a Secret. In: Proceedings of the 1985 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1985Google Scholar
  46. 46.
    Syverson P. Knowledge, belief and Semantics in the Analysis of Cryptographic Protocols. Journal of Computer Security 1992 ;Vol. 1, No. 3 317–334Google Scholar
  47. 47.
    Satyanarayanan M. Integrating Security in a large distributed system. ACM Transactions on Computer Systems 1989 ; 7(3) 247–280CrossRefGoogle Scholar
  48. 48.
    J.Millen, C.Neuman, J.Schiller, J.Saltzer Kerberos Authentication and Authorisation system, Project Athena Technical Plan, Section E.2.1. M.I.T., 1987Google Scholar
  49. 49.
    Otway D., Rees O. Efficient and timely mutual authentication. A CM Operating Systems Review 1987; 2 \(\) 8–10CrossRefGoogle Scholar
  50. 50.
    Mao W. An Augmentation of BAN-like Logics. In: Proceedings of the 1995 IEEE Computer Security Foundations Workshop VIII. IEEE Computer Society Press, 1995, pp. 44–56Google Scholar
  51. 51.
    Bellare M., Garay J., Hauser R., etal. iKP - a family of secure electronic payment protocols. In: Proceedings of the First USENIX Workshop on Electronic Commerce, USENIX Association, 1995Google Scholar
  52. 52.
    G.Pal Verification of the iKP family of secure electronic payment protocols, http://web.mit.edu/gnpal/www/ikp/verify_ikp.html, 1996Google Scholar
  53. 53.
    Brackin S. An Interface Specification Language for Automatically Analysing Cryptographic Protocols. In: Proceedings of the 1997 Symposium on Network and Distributed System Security. IEEE Computer Society Press, 1997, pp. 40–51Google Scholar
  54. 54.
    Brackin S. Automatic Formal Analyses of Cryptographic Protocols. In: Proceedings of the 19th National Conference on Information Systems Security, IEEE Computer Society Press, 1996Google Scholar
  55. 55.
    Brackin S. Automatic Formal Analyses of Cryptographic Protocols, updated version of [54], private communication, 1997Google Scholar
  56. 56.
    J.Millen CAPSL - Common Authentication Protocol Specification Language, work in progress: http://www.mitre.org/research/capsl/,1997Google Scholar

Copyright information

© Springer-Verlag London Limited 1997

Authors and Affiliations

  • S. Gritzalis
    • 1
    • 2
  • D. Spinellis
    • 3
    • 4
  1. 1.Department of InformaticsUniversity of AthensAthensGreece
  2. 2.Department of InformaticsTechnological Educational Institute of Athens (T.E.I.) of AthensGreece
  3. 3.Department of MathematicsUniversity of the AegeanSamosGreece
  4. 4.SENA SAGreece

Personalised recommendations