Understanding the intruder through attacks on cryptographic protocols

The vulnerability and importance of computers, robots, internet etc, demand the employment of exceedingly reliable methods in the design of secure systems. Security protocols are one of the most important design parameters. History has proven security protocols to be vulnerable even after they enjoyed circumspect design and meticulous review by experts. We posit that understanding the subtle issues in security protocols is important when designing a protocol. In particular, understanding a penetrator and the knowledge of different attack strategies that a penetrator can apply are among the most important issues that affect the design of security protocols. We describe the notion of a penetrator and specify his characteristics. Our purpose is to emphasize the design criteria of an authentication protocol through the use of some nice and subtle attacks that existed in the literature in the field of the design of security protocols.

[1]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[3]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[5]  Jonathan K. Millen,et al.  The Interrogator: Protocol Secuity Analysis , 1987, IEEE Transactions on Software Engineering.

[6]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[7]  Steve A. Schneider,et al.  Towards automatic verification of authentication protocols on an unbounded network , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[8]  Oded Goldreich,et al.  On the security of multi-party ping-pong protocols , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[9]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[10]  Ernie Cohen TAPS: a first-order verifier for cryptographic protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[11]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[12]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[13]  Somesh Jha,et al.  Partial Order Reductions for Security Protocol Verification , 2000, TACAS.

[14]  Catherine A. Meadows,et al.  Applying Formal Methods to the Analysis of a Key Management Protocol , 1992, J. Comput. Secur..

[15]  Catherine A. Meadows,et al.  Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[16]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[17]  Gavin Lowe,et al.  Towards a completeness result for model checking of security protocols , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[18]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[19]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[20]  Dawn Xiaodong Song,et al.  Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis , 2001, J. Comput. Secur..

[21]  Lawrence C. Paulson,et al.  Proving security protocols correct , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[22]  Steve A. Schneider Verifying authentication protocols with CSP , 1997, Proceedings 10th Computer Security Foundations Workshop.

[23]  Dennis Longley,et al.  An automatic search for security flaws in key management schemes , 1992, Comput. Secur..

[24]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[25]  Richard A. Kemmerer Using Formal Methods to Analyze Encryption Protocols , 1989 .

[26]  J. Doug Tygar,et al.  A model for secure protocols and their compositions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[27]  Richard M. Karp,et al.  On the Security of Ping-Pong Protocols , 1982, Inf. Control..

[28]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[29]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[30]  Stephen H. Brackin Evaluating and improving protocol analysis by automatic proof , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[31]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[32]  Richard M. Karp,et al.  On the Security of Ping-Pong Protocols , 1982, Information and Control.

[33]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[34]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[35]  Gavin Lowe Towards a Completeness Result for Model Checking of Security Protocols (Extended Abstract) , 1998 .