An attack-finding algorithm for security protocols

This paper proposes an, automatic attack construction algorithm in order to find potential attacks on security protocols. It is based on a dynamic strand space model, which enhances the original strand space model by introducing active nodes on strands so as to characterize the dynamic procedure of protocol execution. With exact causal dependency relations between messages considered in the model, this algorithm can avoid state space explosion caused by asynchronous composition. In order to get a finite state space, a new method called strand-added on demand is exploited, which extends a bundle in an incremental manner without requiring explicit configuration of protocol execution parameters. A finer granularity model of term structure is also introduced, in which subterms are divided into check subterms and data subterms. Moreover, data subterms can be further classified based on the compatible data subterm relation to obtain automatically the finite set of valid acceptable terms for an honest principal. In this algorithm, terms core is designed to represent the intruder’s knowledge compactly, and forward search technology is used to simulate attack patterns easily. Using this algorithm, a new attack on the Dolve-Yao protocol can be found, which is even more harmful because the secret is revealed before the session terminates.

[1]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[2]  Somesh Jha,et al.  Using state space exploration and a natural deduction style message derivation engine to verify security protocols , 1998, PROCOMET.

[3]  Vitaly Shmatikov,et al.  Finite-State Analysis of SSL 3.0 , 1998, USENIX Security Symposium.

[4]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[5]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[7]  S. H. Brackin,et al.  Automatically detecting most vulnerabilities in cryptographic protocols , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[8]  Dawn Xiaodong Song Athena: a new efficient automatic checker for security protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[9]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[10]  Diomidis Spinellis,et al.  Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification , 1999, Comput. Commun..

[11]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[12]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[13]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[14]  Sanjit A. Seshia,et al.  Combining Theory Generation and Model Checking for Security Protocol Analysis , 2000 .

[15]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[16]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[17]  Jeannette M. Wing,et al.  Theory generation for security protocols , 1999 .

[18]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.