Verifying Parameterized Timed Security Protocols

Quantitative timing is often explicitly used in systems for better security, e.g., the credentials for automatic website logon often has limited lifetime. Verifying timing relevant security protocols in these systems is very challenging as timing adds another dimension of complexity compared with the untimed protocol verification. In our previous work, we proposed an approach to check the correctness of the timed authentication in security protocols with fixed timing constraints. However, a more difficult question persists, i.e., given a particular protocol design, whether the protocol has security flaws in its design or it can be configured secure with proper parameter values? In this work, we answer this question by proposing a parameterized verification framework, where the quantitative parameters in the protocols can be intuitively specified as well as automatically analyzed. Given a security protocol, our verification algorithm either produces the secure constraints of the parameters, or constructs an attack that works for any parameter values. The correctness of our algorithm is formally proved. We implement our method into a tool called PTAuth and evaluate it with several security protocols. Using PTAuth, we have successfully found a timing attack in Kerberos V which is unreported before.

[1]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[2]  Andre Scedrov,et al.  Formal analysis of Kerberos 5 , 2006, Theor. Comput. Sci..

[3]  Hugo Krawczyk,et al.  SKEME: a versatile secure key exchange mechanism for Internet , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[4]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[5]  Elaine B. Barker,et al.  SP 800-57. Recommendation for Key Management, Part 1: General (revised) , 2007 .

[6]  Martín Abadi,et al.  Prudent engineering practice for cryptographic protocols , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[8]  Lawrence C. Paulson,et al.  Kerberos Version 4: Inductive Analysis of the Secrecy Goals , 1998, ESORICS.

[9]  Srdjan Capkun,et al.  Distance enlargement and reduction attacks on ultrasound ranging , 2005, SenSys '05.

[10]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[11]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[12]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[13]  Srdjan Capkun,et al.  Secure positioning in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[14]  Taylor Yu The Kerberos Network Authentication Service (Version 5) , 2007 .

[15]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[16]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[17]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[18]  Roberto Bagnara,et al.  Possibly Not Closed Convex Polyhedra and the Parma Polyhedra Library , 2002, SAS.

[19]  Li Li,et al.  TAuth: Verifying Timed Security Protocols , 2014, ICFEM.

[20]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[21]  Gavin Lowe A Family of Attacks upon Authentication Protocols , 1997 .

[22]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[23]  Giorgio Delzanno,et al.  Automatic Verification of Time Sensitive Cryptographic Protocols , 2004, TACAS.

[24]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).