Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on Tools and Algorithms for the Construction and Analysis of Systems

TACAS 2007: Tools and Algorithms for the Construction and Analysis of Systems pp 538–552Cite as

  1. Home
  2. Tools and Algorithms for the Construction and Analysis of Systems
  3. Conference paper
Automatic Analysis of the Security of XOR-Based Key Management Schemes

Automatic Analysis of the Security of XOR-Based Key Management Schemes

  • Véronique Cortier1,
  • Gavin Keighren2 &
  • Graham Steel2 
  • Conference paper

  • 1449 Accesses

  • 18 Citations

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 4424)

Abstract

We describe a new algorithm for analysing security protocols that use XOR, such as key-management APIs. As a case study, we consider the IBM 4758 CCA API, which is widely used in the ATM (cash machine) network. Earlier versions of the CCA API were shown to have serious flaws, and the fixes introduced by IBM in version 2.41 had not previously been formally analysed. We first investigate IBM’s proposals using a model checker for security protocol analysis, uncovering some important issues about their implementation. Having identified configurations we believed to be safe, we describe the formal verification of their security. We first define a new class of protocols, containing in particular all the versions of the CCA API. We then show that secrecy after an unbounded number of sessions is decidable for this class. Implementing the decision procedure requires some improvements, since the procedure is exponential. We describe a change of representation that leads to an implementation able to verify a configuration of the API in a few seconds. As a consequence, we obtain the first security proof of the fixed IBM 4758 CCA API with unbounded sessions.

Keywords

  • Decision Procedure
  • Security Protocol
  • Automate Teller Machine
  • Unbounded Number
  • Security Module

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

  1. Baader, F., Schulz, K.: Unification in the Union of Disjoint Equational Theories: Combining Decision Procedures. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 50–65. Springer, Heidelberg (1992)

    Google Scholar 

  2. Bond, M.: Attacks on cryptoprocessor transaction sets. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 220–234. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  3. CCA Basic Services Reference and Guide (October 2006), Available online at http://www-03.ibm.com/security/cryptocards/pdfs/bs327.pdf

  4. Chevalier, Y., et al.: An NP decision procedure for protocol insecurity with XOR. In: Proc. of 18th Annual IEEE Symposium on Logic in Computer Science (LICS ’03), pp. 261–270 (2003)

    Google Scholar 

  5. Comon-Lundh, H., Cortier, V.: New decidability results for fragments of first-order logic and application to cryptographic protocols. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 148–164. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  6. Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proc. of 18th Annual IEEE Symposium on Logic in Computer Science (LICS ’03), pp. 271–280 (2003)

    Google Scholar 

  7. Cortier, V., Keighren, G., Steel, G.: Automatic analysis of the security of XOR-based key management schemes. Inf. Research Report EDI-INF-RR-0863, U. of Edinburgh (2006)

    Google Scholar 

  8. Courant, J., Monin, J.-F.: Defending the bank with a proof assistant. In: Proceedings of Workshop on Issues in the Theory of Security (WITS ’06), Vienna (March 2006)

    Google Scholar 

  9. IBM Comment on “A Chosen Key Difference Attack on Control Vectors” (January 2001) Available from http://www.cl.cam.ac.uk/~mkb23/research.html

  10. Keighren, G.: Model checking IBM’s common cryptographic architecture API. Informatics Research Report EDI-INF-RR-0862, University of Edinburgh (2006)

    Google Scholar 

  11. Nieuwenhuis, R. (ed.): CADE 2005. LNCS (LNAI), vol. 3632. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  12. Steel, G.: Deduction with XOR constraints in security API modelling. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 322–336. Springer, Heidelberg (2005)

    Google Scholar 

  13. Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  14. Verma, K.N., Seidl, H., Schwentick, T.: On the complexity of equational Horn clauses. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 337–352. Springer, Heidelberg (2005)

    Google Scholar 

  15. Youn, P., et al.: Robbing the bank with a theorem prover. Technical Report UCAM-CL-TR-644, University of Cambridge (August 2005)

    Google Scholar 

  16. AVISPA Tool Set. Available from http://www.avispa-project.org/

  17. AVISPA User Manual, version 1.1 (June 2006) Available online at http://www.avispa-project.org/package/user-manual.pdf

Download references

Author information

Authors and Affiliations

  1. Loria UMR 7503 & CNRS & INRIA Lorraine projet Cassis, France

    Véronique Cortier

  2. School of Informatics, University of Edinburgh, Scotland

    Gavin Keighren & Graham Steel

Authors
  1. Véronique Cortier
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gavin Keighren
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Graham Steel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

    Rights and permissions

    Reprints and Permissions

    Copyright information

    © 2007 Springer Berlin Heidelberg

    About this paper

    Cite this paper

    Cortier, V., Keighren, G., Steel, G. (2007). Automatic Analysis of the Security of XOR-Based Key Management Schemes. In: Grumberg, O., Huth, M. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2007. Lecture Notes in Computer Science, vol 4424. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71209-1_42

    Download citation

    • .RIS
    • .ENW
    • .BIB

    • DOI: https://doi.org/10.1007/978-3-540-71209-1_42

    • Publisher Name: Springer, Berlin, Heidelberg

    • Print ISBN: 978-3-540-71208-4

    • Online ISBN: 978-3-540-71209-1

    • eBook Packages: Computer ScienceComputer Science (R0)

    Share this paper

    Anyone you share the following link with will be able to read this content:

    Sorry, a shareable link is not currently available for this article.

    Provided by the Springer Nature SharedIt content-sharing initiative

    Search

    Navigation

    • Find a journal
    • Publish with us

    Discover content

    • Journals A-Z
    • Books A-Z

    Publish with us

    • Publish your research
    • Open access publishing

    Products and services

    • Our products
    • Librarians
    • Societies
    • Partners and advertisers

    Our imprints

    • Springer
    • Nature Portfolio
    • BMC
    • Palgrave Macmillan
    • Apress
    • Your US state privacy rights
    • Accessibility statement
    • Terms and conditions
    • Privacy policy
    • Help and support

    167.114.118.212

    Not affiliated

    Springer Nature

    © 2023 Springer Nature