Protocol independence through disjoint encryption

One protocol (called the primary protocol) is independent of other protocols (jointly called the secondary protocol) if the question whether the primary protocol achieves a security goal never depends on whether the secondary protocol is in use. We use multiprotocol strand spaces to prove that two cryptographic protocols are independent if they use encryption in non-overlapping ways. This theorem applies even if the protocols share public key certificates and secret key "tickets". We use the method of Guttman et al. (2000) to study penetrator paths, namely sequences of penetrator actions connecting regular nodes (message transmissions or receptions) in the two protocols. Of special interest are inbound linking paths, which lead from a message transmission in the secondary protocol to a message reception in the primary protocol. We show that bundles can be modified to remove all inbound linking paths, if encryption does not overlap in the two protocols. The resulting bundle does not depend on any activity of the secondary protocol. We illustrate this method using the Neuman-Stubblebine protocol as an example.

[1]  Somesh Jha,et al.  A model checker for authentication protocols , 1997 .

[2]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[3]  Scott D. Stoller Lower and upper bounds for attacks on authentication protocols , 1999, PODC '99.

[4]  T. Dierks,et al.  The TLS protocol , 1999 .

[5]  Simon S. Lam,et al.  Verifying authentication protocols: methodology and example , 1993, 1993 International Conference on Network Protocols.

[6]  Gavin Lowe,et al.  How to prevent type flaw attacks on security protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[7]  Martín Abadi,et al.  Prudent engineering practice for cryptographic protocols , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[9]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[10]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[11]  Scott D. Stoller A Bound on Attacks on Authentication Protocols , 2002, IFIP TCS.

[12]  Gavin Lowe,et al.  Towards a completeness result for model checking of security protocols , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[13]  Somesh Jha,et al.  Using state space exploration and a natural deduction style message derivation engine to verify security protocols , 1998, PROCOMET.

[14]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[15]  Joshua D. Guttman,et al.  Authentication tests , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[16]  Catherine A. Meadows,et al.  Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[17]  Catherine A. Meadows Open Issues in Formal Methods for Cryptographic Protocol Analysis , 2001, MMM-ACNS.

[18]  B. Clifford Neuman,et al.  A note on the use of timestamps as nonces , 1993, OPSR.

[19]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[20]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[21]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[22]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[23]  Paul Syverson,et al.  Fail-Stop Protocols: An Approach to Designing Secure Protocols (Preprint) , 1995 .

[24]  Joshua D. Guttman,et al.  Mixed strand spaces , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[25]  D. Prawitz Natural Deduction: A Proof-Theoretical Study , 1965 .

[26]  Gavin Lowe,et al.  Safe Simplifying Transformations for Security Protocols. , 1999 .

[27]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[28]  Dawn Xiaodong Song Athena: a new efficient automatic checker for security protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[29]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[30]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.