Identifying Potential Type Confusion in Authenticated Messages

Abstract : A type confusion attack is one in which a principal accepts data of one type as data of another. Although it has been shown by Heather et al. that there are simple formatting conventions that will guarantee that protocols are free from simple type confusions in which fields of one type are substituted for fields of another, it is not clear how well they defend against more complex attacks, or against attacks arising from interaction with protocols that are formatted according to different conventions. In this paper we show how type confusion attacks can arise in realistic situations even when the types are explicitly defined in at least some of the messages, using examples from our recent analysis of the Group Domain of Interpretation Protocol. We then develop a formal model of types that can capture potential ambiguity of type notation, and outline a procedure for determining whether or not the types of two messages can be confused. We also discuss some open issues.

[1]  Jim Alves-Foss,et al.  Provably Insecure Mutual Authentication Protocols: The Two-Party Symmetric-Encryption Case , 1999 .

[2]  Gavin Lowe,et al.  How to prevent type flaw attacks on security protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[3]  Brian Weis,et al.  The Group Domain of Interpretation , 2003, RFC.

[4]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[5]  Catherine A. Meadows,et al.  Analyzing the Needham-Schroeder Public-Key Protocol: A Comparison of Two Approaches , 1996, ESORICS.

[6]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[7]  E. Snekkenes Roles in cryptographic protocols , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.