Establishing and fixing a freshness flaw in a key-distribution and Authentication Protocol

The security of electronic networks and information systems is nowadays seen as a critical issue for the growth of information and communication technologies. Cryptographic protocols are used to provide security services such as confidentiality, message integrity, authentication, certified E-mail and non-repudiation. Traditionally, security protocols have been designed and verified using informal techniques. However, the absence of formal verification can lead to security errors remaining undetected. Formal verification techniques provide a systematic way of discovering protocol flaws. This paper establishes a freshness flaw in a key-distribution and authentication protocol using an automated logic-based verification engine. The performed verification reveals a freshness flaw in the protocol that allows an intruder to impersonate legitimate principals. The cause of the freshness flaw is discussed and an amended protocol is proposed. Formal verification of the amended protocol provides confidence in the correctness and effectiveness of the proposed modifications.

[1]  C. H. West,et al.  General technique for communications protocol validation , 1978 .

[2]  Carsten Rudolph,et al.  Security Analysis of (Un-) Fair Non-repudiation Protocols , 2002, FASec.

[3]  Reiner Dojen,et al.  The concept of layered proving trees and its application to the automation of security protocol verification , 2005, TSEC.

[4]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Vijay Varadharajan,et al.  A logic for modeling the dynamics of beliefs in cryptographic protocols , 2001, Proceedings 24th Australian Computer Science Conference. ACSC 2001.

[6]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[7]  MARIAN VENTUNEAC,et al.  Automated Verification of Wireless Security Protocols using Layered Proving Trees , .

[8]  Randy Chow,et al.  An efficient and secure authentication protocol using uncertified keys , 1995, OPSR.

[9]  Reiner Dojen,et al.  A Novel Approach to the Automation of Logic-Based Security Protocol Verification , 2004 .

[10]  David L. Dill,et al.  The Murphi Verification System , 1996, CAV.

[11]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[12]  Dawn Xiaodong Song,et al.  Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis , 2001, J. Comput. Secur..

[13]  Reiner Dojen,et al.  Formal verification: an imperative step in the design of security protocols , 2003, Comput. Networks.

[14]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[15]  Somesh Jha,et al.  Verifying security protocols with Brutus , 2000, TSEM.

[16]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  T. Coffey,et al.  Logic for verifying public-key cryptographic protocols , 1997 .

[18]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[19]  Fabio Massacci,et al.  Formal Verification of Cardholder Registration in SET , 2000, ESORICS.

[20]  Reiner Dojen,et al.  On Different Approaches to Establish the Security of Cryptographic Protocols , 2003, Security and Management.

[21]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.