On Preventing Replay Attacks on Security Protocols

Abstract : Replay attacks on security protocols have been discussed for quite some time in the literature. However, the efforts to address these attacks have been largely incomplete, lacking generality and many times in fact, proven unsuccessful. In this paper we address these issues and prove the efficacy of a simple and general scheme in defending a protocol against these attacks. We believe that our work will be particularly useful in security critical applications and to protocol analyzers that are unable to detect some or all of the attacks in this class.

[1]  Catherine A. Meadows,et al.  Analyzing the Needham-Schroeder Public-Key Protocol: A Comparison of Two Approaches , 1996, ESORICS.

[2]  Chris J. Mitchell,et al.  Limitations of challenge-response entity authentication , 1989 .

[3]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[4]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[5]  Paul Syverson,et al.  Fail-Stop Protocols: An Approach to Designing Secure Protocols (Preprint) , 1995 .

[6]  Ulf Carlsen,et al.  Cryptographic Protocols Flaws , 1994, CSFW.

[7]  Jim Alves-Foss Multi-Protocol Attacks and the Public Key Infrastructure , 1998 .

[8]  ProtocolsLi GongSRI InternationalComputer Fail-Stop Protocols : An Approach to Designing Secure , 1994 .

[9]  Li Gong,et al.  Variations on the themes of message freshness and replay-or the difficulty in devising formal methods to analyze cryptographic protocols , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[10]  Gavin Lowe,et al.  How to prevent type flaw attacks on security protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[11]  Joshua D. Guttman,et al.  Protocol independence through disjoint encryption , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[12]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[13]  Tuomas Aura,et al.  Strategies against replay attacks , 1997, Proceedings 10th Computer Security Foundations Workshop.

[14]  Catherine A. Meadows Open Issues in Formal Methods for Cryptographic Protocol Analysis , 2001, MMM-ACNS.

[15]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[16]  Paul Syverson,et al.  A Taxonomy of Replay Attacks , 1994 .

[17]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[18]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[19]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[20]  Joshua D. Guttman,et al.  Honest ideals on strand spaces , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[21]  Joshua D. Guttman,et al.  Mixed strand spaces , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[22]  William Allen Simpson,et al.  Photuris: Session-Key Management Protocol , 1999, RFC.