ACM SIGOPS Operating Systems Review
Timestamps in key distribution protocols
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
Automated protocol verification in linear logic
Proceedings of the 4th ACM SIGPLAN international conference on Principles and practice of declarative programming
Computer Networks
Evaluating and Improving Protocol Analysis by Automatic Proof
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Analyzing the energy consumption of security protocols
Proceedings of the 2003 international symposium on Low power electronics and design
Generating Formal Cryptographic Protocol Specifications
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Formal Verification of Type Flaw Attacks in Security Protocols
APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Cross-layer verification of type flaw attacks on security protocols
ACSC '07 Proceedings of the thirtieth Australasian conference on Computer science - Volume 62
A Formal Analysis of Complex Type Flaw Attacks on Security Protocols
AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
Hi-index | 0.00 |
We have identified a type flaw attack on the Amended Needham Schroeder Protocol with Conventional Keys due to a potential oversight at the presentation layer of the network architecture. Using Object-Z, a formal specification of the protocol is presented allowing us to state the assumed properties of the presentation layer explicitly. Object-Z's schema calculus is used to verify the attack we have found and the weaknesses upon which the attack depends, thus enabling us to minimise the effort required to prevent the attack and to specify this as part of the model accordingly.