Chosen-name Attacks: An Overlooked Class of Type-flaw Attacks

Authors:
Pieter Ceelen;Sjouke Mauw;Saša Radomirović
Affiliations:
Université du Luxembourg, Faculté des Sciences, de la Technologie et de la Communication, 6, rue Richard Coudenhove-Kalergi, L-1359 Luxembourg;Université du Luxembourg, Faculté des Sciences, de la Technologie et de la Communication, 6, rue Richard Coudenhove-Kalergi, L-1359 Luxembourg;Université du Luxembourg, Faculté des Sciences, de la Technologie et de la Communication, 6, rue Richard Coudenhove-Kalergi, L-1359 Luxembourg
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2008

Citing 14
Cited 1

A nonce-based protocol for multiple authentications

ACM SIGOPS Operating Systems Review
Constraint solving for bounded-process cryptographic protocol analysis

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
The homograph attack

Communications of the ACM - Ontology: different ways of representing the same concept
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
The AVISS Security Protocol Analysis Tool

CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Some new attacks upon security protocols

CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
How to prevent type flaw attacks on security protocols

Journal of Computer Security - CSFW13
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Formal Verification of Type Flaw Attacks in Security Protocols

APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Security properties: two agents are sufficient

Science of Computer Programming - Special issue on 12th European symposium on programming (ESOP 2003)
Protocol Composition Logic (PCL)

Electronic Notes in Theoretical Computer Science (ENTCS)
Cross-layer verification of type flaw attacks on security protocols

ACSC '07 Proceedings of the thirtieth Australasian conference on Computer science - Volume 62
Operational semantics of security protocols

SMTT'03 Proceedings of the 2003 international conference on Scenarios: models, Transformations and Tools
The CL-Atse protocol analyser

RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications

Towards the attacker's view of protocol narrations (or, how to compile security protocols)

Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In the context of Dolev-Yao style analysis of security protocols, we consider the capability of an intruder to dynamically choose and assign names to agents. This capability has been overlooked in all significant protocol verification frameworks based on formal methods. We identify and classify new type-flaw attacks arising from this capability. Several examples of protocols that are vulnerable to this type of attack are given, including Lowe's modification of KSL. The consequences for automatic verification tools are discussed.