Design of Entrusting Protocols for Software Protection
The paper considers the problem of design and analysis of entrusting protocols used within software protection mechanisms, including the protection mechanisms for Geographical Information Systems (GIS). The main goal of these mechanisms is to protect software against malicious tampering accomplished by potential intruders. The given protocol set is intended for data exchange between the trusted server and the client program being protected as necessary for the entire protection mechanism function. The paper presents the main security requirements for the entrusting protocols and their analysis. The model of the intruder attempting to fulfill attacks on the protocol to compromise it as well as issues connected with protocol implementation are considered. We propose the general technique to design these types of protocols, including formal methods of protocol construction and analysis. Specifically, besides conventional protocol development methods that embrace the search of possible attacks on the protocol (including formal means), consequent protocol correction, and formal verification, the paper considers the methods of automatic synthesis proposing correct-by-construction protocol design.
Keywords:Software protection Security protocol design Remote entrusting Attacks Protocol analysis and verification
Unable to display preview. Download preview PDF.
- 1.Bellare M, Canetti R, and Krawczyk H (1996) Keying hash functions for message authentication, Advances in Cryptology. CRYPTO '96. Lecture Notes in Computer Science, vol 1109, Springer-VerlagGoogle Scholar
- 2.Boichut Y, Heam P-C, Kouchnarenko O (2005) Automatic Verification of Security Protocols Using Approximations, INRIA Research ReportBoichut Y, Heam P-C, Kouchnarenko O (2005) Automatic Verification of Security Protocols Using Approximations, INRIA Research ReportGoogle Scholar
- 3.Ceccato M, Ofek Y, and Tonella P (2008) Remote entrusting by run- time software authentication. SOFSEM 2008 - Conference on Current Trends in Theory and Practice of Computer Science, Tatras, SlovakiaGoogle Scholar
- 4.Cederquist J, Dashti MT (2006) An intruder model for verifying liveness in security protocols. In: Proceedings of the fourth ACM workshop on Formal methods in security, Alexandria, Virginia, USAGoogle Scholar
- 5.Chen H (2007) A Search-Based Framework for Security Protocol Synthesis. The University of York, Department of Computer ScienceGoogle Scholar
- 6.Ellison C, Schneier B (2000) Ten Risks of PKI: What you're not being told about public key infrastructure. J Computer Security Journal 16(1)Google Scholar
- 7.Khan AS, Mukund M, Suresh SP (2005) Generic verification of security protocols. In: Proceedings of SPIN 2005, LNCS, vol 3639Google Scholar
- 8.Lampson B, Abadi M, Burrows M, Wobber E (1992) Authentication in distributed systems: theory and practice. ACM Trans. on Computer Systems 10( 4)Google Scholar
- 9.Plasto D (2004) Automated analysis of industrial scale security protocols. Bond University, Faculty of Information TechnologyGoogle Scholar
- 10.Zhou H, Foley SN (2003) Fast Automatic Synthesis of Security Protocols using Backward Search. In: Proceedings of the 2003 ACM Workshop on Formal Methods in Security Engineering (FMSE'03). Washington, DCGoogle Scholar
- 11.Zhou H, Foley SN (2004) A collaborative approach to autonomic security protocols. In: Proceedings of the 2004 workshop on New Security Paradigms. CanadaGoogle Scholar