Timed analysis of security protocols

We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol, where timing information allows the study of different attack scenarios. We model check the protocols using UPPAAL. Further, a taxonomy is obtained by studying and categorising protocols from the well known Clark Jacob library and the Security Protocol Open Repository (SPORE) library. Finally, we present some new challenges and threats that arise when considering time in the analysis, by providing a novel protocol that uses time challenges and exposing a timing attack over an implementation of an existing security protocol.

[1]  David L. Mills Cryptographic authentication for real-time network protocols , 1997, Networks in Distributed Computing.

[2]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[3]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[4]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[5]  Sandro Etalle,et al.  An Improved Constraint-Based System for the Verification of Security Protocols , 2002, SAS.

[6]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[7]  David L. Mills Cryptographic Authentication for Real-Time Network Protocols 1,2 , 1997 .

[8]  Sandro Etalle,et al.  Proof Theory, Transformations, and Logic Programming for Debugging Security Protocols , 2001, LOPSTR.

[9]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[10]  Pieter H. Hartel,et al.  Timed model checking of security protocols , 2004, FMSE '04.

[11]  Neil Evans,et al.  Analysing Time Dependent Security Properties in CSP Using PVS , 2000, ESORICS.

[12]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[13]  Tuomas Aura,et al.  Analysis of the HIP Base Exchange Protocol , 2005, ACISP.

[14]  Enrico Tronci,et al.  Formal Models of Timing Attacks on Web Privacy , 2002, TOSCA.

[15]  Joost-Pieter Katoen,et al.  MoDeST - A Modelling and Description Language for Stochastic Timed Systems , 2001, PAPM-PROBMIV.

[16]  Marta Z. Kwiatkowska,et al.  Probabilistic symbolic model checking with PRISM: a hybrid approach , 2004, International Journal on Software Tools for Technology Transfer.

[17]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[18]  G. Takeuti Proof Theory , 1975 .

[19]  Lawrence C. Paulson,et al.  Kerberos Version 4: Inductive Analysis of the Secrecy Goals , 1998, ESORICS.

[20]  Paul Syverson,et al.  A Taxonomy of Replay Attacks , 1994 .

[21]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[22]  Roberto Gorrieri,et al.  A Simple Language for Real-Time Cryptographic Protocol Analysis , 2003, ESOP.

[23]  Martín Abadi,et al.  Hiding Names: Private Authentication in the Applied Pi Calculus , 2002, ISSS.

[24]  Giorgio Delzanno,et al.  Automatic Verification of Time Sensitive Cryptographic Protocols , 2004, TACAS.

[25]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[26]  Sergio Yovine,et al.  KRONOS: a verification tool for real-time systems , 1997, International Journal on Software Tools for Technology Transfer.

[27]  Sjouke Mauw,et al.  Defining authentication in a trace model , 2003 .

[28]  Leslie Lamport,et al.  Using Time Instead of Timeout for Fault-Tolerant Distributed Systems. , 1984, TOPL.

[29]  Edward W. Felten,et al.  Timing attacks on Web privacy , 2000, CCS.

[30]  Wang Yi,et al.  UPPAAL - Now, Next, and Future , 2000, MOVEP.

[31]  LoweGavin An attack on the Needham-Schroeder public-key authentication protocol , 1995 .

[32]  Vitaly Shmatikov,et al.  Constraint solving for bounded-process cryptographic protocol analysis , 2001, CCS '01.