Formal verification of a type flaw attack on a security protocol using object-z

Authors:
Benjamin W. Long
Affiliations:
School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, Qld, Australia
Venue:
ZB'05 Proceedings of the 4th international conference on Formal Specification and Development in Z and B
Year:
2005

Citing 11
Cited 2

Authentication revisited

ACM SIGOPS Operating Systems Review
Timestamps in key distribution protocols

Communications of the ACM
Using encryption for authentication in large networks of computers

Communications of the ACM
Automated protocol verification in linear logic

Proceedings of the 4th ACM SIGPLAN international conference on Principles and practice of declarative programming
Computer Networks

Computer Networks
Evaluating and Improving Protocol Analysis by Automatic Proof

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Analyzing the energy consumption of security protocols

Proceedings of the 2003 international symposium on Low power electronics and design
Generating Formal Cryptographic Protocol Specifications

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Formal Verification of Type Flaw Attacks in Security Protocols

APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
The modelling and analysis of security protocols: the csp approach

The modelling and analysis of security protocols: the csp approach

Cross-layer verification of type flaw attacks on security protocols

ACSC '07 Proceedings of the thirtieth Australasian conference on Computer science - Volume 62
A Formal Analysis of Complex Type Flaw Attacks on Security Protocols

AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

We have identified a type flaw attack on the Amended Needham Schroeder Protocol with Conventional Keys due to a potential oversight at the presentation layer of the network architecture. Using Object-Z, a formal specification of the protocol is presented allowing us to state the assumed properties of the presentation layer explicitly. Object-Z's schema calculus is used to verify the attack we have found and the weaknesses upon which the attack depends, thus enabling us to minimise the effort required to prevent the attack and to specify this as part of the model accordingly.