A typed specification for security protocols

Security protocol attacks are known to have various sources, from flawed implementations, to running parallel sessions of the same protocol. Because of this attack diversity, it is quite difficult (or impossible) to create an abstract model that is suitable for analyzing a protocol against all possible attacks. However, if we categorize the attacks based on their characteristics we should be able to create multiple abstract models that simplify the analysis. Therefore, in this paper we identify attacks based on message similarities, that we call "structural attacks", and create an abstract model, based on message component types (session keys, nonces, participants), that is powerful enough to capture the structure of security protocol messages.

[1]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[2]  John A. Clark,et al.  Attacking Authentication Protocols , 1996 .

[3]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[4]  Cjf Cas Cremers Verification of multi-protocol attacks , 2005 .

[5]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[6]  B. Clifford Neuman,et al.  A note on the use of timestamps as nonces , 1993, OPSR.

[7]  Mizuhito Ogawa,et al.  Type-directed Trace Analysis of Security Protocols in Process Calculus , 2005 .

[8]  Martín Abadi,et al.  Secrecy Types for Asymmetric Communication , 2001, FoSSaCS.

[9]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[10]  Catherine Meadows Identifying Potential Type Confusion in Authenticated Messages , 2002 .

[11]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[12]  Simon Thompson,et al.  Type theory and functional programming , 1991, International computer science series.

[13]  Iliano Cervesato Typed Multiset Rewriting Specifications of Security Protocols , 2000, Electron. Notes Theor. Comput. Sci..

[14]  Cas J. F. Cremers Feasibility of multi-protocol attacks , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[15]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[16]  G. Hollestelle Systematic Analysis of Attacks on Security Protocols , 2005 .

[17]  Peter Csaba Ölveczky,et al.  Formal Modeling and Analysis of the OGDC Wireless Sensor Network Algorithm in Real-Time Maude , 2007, FMOODS.