A New Attack on the BAN Modified Andrew Secure RPC Protocol

We have found a new man-in-the-middle attack on the BAN modified Andrew Secure RPC protocol with a model-checker based on SAT. Subsequently, we have reasoned about vulnerability of the protocol and propose a remedial method to improve the protocol. The method, simple and effective, can be helpful to analyze and design other security protocols.

[1]  Mahadev Satyanarayanan,et al.  Integrating security in a large distributed system , 1989, TOCS.

[2]  James W. Gray,et al.  On the Clark-Jacob Version of SPLICE/AS , 1997, Inf. Process. Lett..

[3]  Stephan Merz,et al.  Model Checking , 2000 .

[4]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[5]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[6]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[7]  Dieter Gollmann What do we mean by entity authentication? , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[8]  Chris J. Mitchell,et al.  Fixing a problem in the Helsinki protocol , 1998, OPSR.

[9]  Bart Selman,et al.  Encoding Plans in Propositional Logic , 1996, KR.

[10]  Zhao Dong-ming Formal specification and verification of andrew secure RPC protocol based on strand spaces model , 2007 .

[11]  Hantao Zhang,et al.  SATO: An Efficient Propositional Prover , 1997, CADE.

[12]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[13]  Pieter H. Hartel,et al.  Timed model checking of security protocols , 2004, FMSE '04.

[14]  J. P. Marques,et al.  GRASP : A Search Algorithm for Propositional Satisfiability , 1999 .

[15]  Yuanyuan Yang,et al.  Improvement of SAT-Based Model Checking of Security Protocols , 2009, 2009 International Conference on E-Business and Information System Security.

[16]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[17]  Alessandro Armando,et al.  SAT-based Model-Checking of Security Protocols , 2005 .