An Approach for the Analysis of Security Standards for Authentication in Distributed Systems

In this paper, we present our analysis of the leading standards for authentication in distributed systems and the inference rule used for our analysis. The inference rule here is similar to that used in the finite proof system of [3] and thus, is of the same family. However the rule of [3] can only reveal vulnerabilities of simpler protocols similar to Woo and Lam. Our inference rule proved that Kerberos version 5 remains vulnerable in scenarios of an attacker having reasonable communication and computational power especially in a single broadcast network. This vulnerability can aid a masquerade participating in the protocol. We also prove the possibility of a masquerade attack when an intruder participates in the SAML protocol. Though our inference rule, as part of our pre-emptive protocol tool is still in early stages of development, it has the potential to reveal subtle flaws that may not be detected by inference rules of the same family.

[1]  C. Meadows Extending Formal Cryptographic Protocol Analysis Techniques for Group Protocols and Low-Level Cryptographic Primitives , 2000 .

[2]  Daniel A. Menascé,et al.  A methodology for analyzing the performance of authentication protocols , 2002, TSEC.

[3]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[4]  Nadia Tawbi,et al.  From protocol specifications to flaws and attack scenarios: an automatic and formal algorithm , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[5]  Thomas Groß,et al.  Security analysis of the SAML single sign-on browser/artifact profile , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[6]  Peter Honeyman,et al.  Formal Methods for the Analysis of Authentication Protocols , 1993 .

[7]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[8]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[9]  Taylor Yu The Kerberos Network Authentication Service (Version 5) , 2007 .

[10]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[11]  John Hughes,et al.  Security Assertion Markup Language (SAML) 2.0 Technical Overview , 2004 .

[12]  Li Gong,et al.  Logics for cryptographic protocols-virtues and limitations , 1991, Proceedings Computer Security Foundations Workshop IV.

[13]  Catherine A. Meadows,et al.  Applying Formal Methods to the Analysis of a Key Management Protocol , 1992, J. Comput. Secur..

[14]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[15]  Orhan Gemikonakli,et al.  Analysis of security protocols for authentication in distributed systems , 2005, IADIS AC.

[16]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[17]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[18]  J. Doug Tygar,et al.  A model for secure protocols and their compositions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  Colin Boyd,et al.  Towards formal analysis of security protocols , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.