Using Logics to Detect Implementation-Dependent Flaws

Vulnerabilities may be introduced at all stages of cryptographic protocol design. Reasoning about a protocol at a functional level does not unveil flaws which are inherently implementation-dependent. This document uncovers a potential implementation-dependent flaw in a previously published protocol. Formal techniques should be able to analyse protocols with respect to such flaws. The epidemic logic CKT5 is modified and shown to operate at a suficiently detailed level to capture implementation-dependent flaws.

[1]  Martín Abadi,et al.  Rejoinder to Nessett , 1990, OPSR.

[2]  Li Gong,et al.  Logics for cryptographic protocols-virtues and limitations , 1991, Proceedings Computer Security Foundations Workshop IV.

[3]  Colin Boyd,et al.  Towards formal analysis of security protocols , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[4]  Raphael Yahalom Optimality of Asynchronous Two-Party Secure Data-Exchange Protocols , 1993, J. Comput. Secur..

[5]  Paul F. Syverson The use of logic in the analysis of cryptographic protocols , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Einar Snekkenes Exploring the BAN approach to protocol analysis , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[8]  Paul F. Syverson Formal semantics for logics of cryptographic protocols , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[9]  Dan M. Nessett,et al.  A critique of the Burrows, Abadi and Needham logic , 1990, OPSR.

[10]  B. Clifford Neuman,et al.  A note on the use of timestamps as nonces , 1993, OPSR.

[11]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[12]  Paul F. Syverson On key distribution protocols for repeated authentication , 1993, OPSR.