Errors in Attacks on Authentication Protocols

A tool for automated validation of attacks on authentication protocols has been used to find several flaws and ambiguities in the list of attacks described in the well known report by Clark and Jacob. In this paper the errors are presented and classified. Corrected descriptions of the incorrect attacks are given for the attacks that can be easily repaired

[1]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[2]  Luca Viganò,et al.  Deconstructing Alice and Bob , 2005, ARSPA@ICALP.

[3]  Ross J. Anderson,et al.  Programming Satan's Computer , 1995, Computer Science Today.

[4]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[5]  Dawn Xiaodong Song,et al.  Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis , 2001, J. Comput. Secur..

[6]  Tzonelih Hwang,et al.  Two Attacks on Neuman-Stubblebine Authentication Protocols , 1995, Inf. Process. Lett..

[7]  Sebastian Mödersheim,et al.  Symbolic and Cryptographic Analysis of the Secure WS-ReliableMessaging Scenario , 2006, IACR Cryptol. ePrint Arch..

[8]  Luca Viganò,et al.  Automated Reasoning for Security Protocol Analysis , 2005, Journal of automated reasoning.

[9]  Mahadev Satyanarayanan,et al.  Integrating security in a large distributed system , 1989, TOCS.

[10]  Stephen H. Brackin Evaluating and improving protocol analysis by automatic proof , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[11]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[12]  Gavin Lowe Analyzing a Library of Security Protocols using Casper and FDR , 1999 .

[13]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[14]  Sandro Etalle,et al.  A logic for constraint-based security protocol analysis , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[15]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[16]  Anders Moen Hagalisletto,et al.  Attacks are Protocols Too , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[17]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[18]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[19]  Roberto Gorrieri,et al.  Techniques for Security Checking: Non-Interference vs Control Flow Analysis , 2001, Electron. Notes Theor. Comput. Sci..