Determining a parallel session attack on a key distribution protocol using a model checker

Authors:
Vladimir Paşca;Anca Jurcuţ;Reiner Dojen;Tom Coffey
Affiliations:
University of Limerick, Limerick, Ireland;University of Limerick, Limerick, Ireland;University of Limerick, Limerick, Ireland;University of Limerick, Limerick, Ireland
Venue:
Proceedings of the 6th International Conference on Advances in Mobile Computing and Multimedia
Year:
2008

Citing 15
Cited 0

A logic of authentication

ACM Transactions on Computer Systems (TOCS)
Two attacks on Neuman-Stubblebine authentication protocols

Information Processing Letters
An attack on the Needham-Schroeder public-key authentication protocol

Information Processing Letters
Casper: a compiler for the analysis of security protocols

Journal of Computer Security
Using state space exploration and a natural deduction style message derivation engine to verify security protocols

PROCOMET '98 Proceedings of the IFIP TC2/WG2.2,2.3 International Conference on Programming Concepts and Methods
Some new attacks upon security protocols

CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Protocols for Key Establishment and Authentication

Protocols for Key Establishment and Authentication
Automated analysis of cryptographic protocols using Mur/spl phi/

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A hybrid authentication protocol for large mobile network

Journal of Systems and Software
Formal verification: an imperative step in the design of security protocols

Computer Networks: The International Journal of Computer and Telecommunications Networking
Cryptanalysis of a hybrid authentication protocol for large mobile networks

Journal of Systems and Software
Security weakness in a three-party pairing-based protocol for password authenticated key exchange

Information Sciences: an International Journal
On the security of public key protocols

SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
The AVISPA tool for the automated validation of internet security protocols and applications

CAV'05 Proceedings of the 17th international conference on Computer Aided Verification

Quantified Score

Hi-index	0.00

Visualization

Abstract

The use of security protocols to protect sensitive information is critical. However, flaws in the design of security protocols can make them ineffective. This paper discusses various attacks against security protocols that exploit weaknesses in their design and a key-distribution protocol is analysed using a model checker. The analysis reveals weaknesses in the protocol, which can be exploited in a parallel session attack that allows an attacker to impersonate a legitimate principal. Correction to the protocol are proposed and a formal analysis of the fix is presented. The results of this analysis provide confidence in the correctness and effectiveness of the proposed corrected protocol.