Is cryptyc able to detect insider attacks?

Authors:
Behnam Sattarzadeh;Mehran S. Fallah
Affiliations:
Department of Computer Engineering and Information Technology, Amirkabir University of Technology (Tehran Polytechnic), Tehran, Iran;Department of Computer Engineering and Information Technology, Amirkabir University of Technology (Tehran Polytechnic), Tehran, Iran,School of Mathematics, Institute for Research in Fundamental Sc ...
Venue:
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Year:
2011

Citing 13
Cited 0

An attack on the Needham-Schroeder public-key authentication protocol

Information Processing Letters
A calculus for cryptographic protocols

Information and Computation
Secrecy by typing in security protocols

Journal of the ACM (JACM)
Using encryption for authentication in large networks of computers

Communications of the ACM
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
A Hierarchy of Authentication Specifications

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
How to prevent type flaw attacks on security protocols

Journal of Computer Security - CSFW13
A Semantic Model for Authentication Protocols

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Authenticity by typing for security protocols

Journal of Computer Security - Special issue on CSFW14
Pattern-matching spi-calculus

Information and Computation
Types and effects for asymmetric cryptographic protocols

Journal of Computer Security - Special issue on CSFW15
Typing one-to-one and one-to-many correspondences in security protocols

ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
On the security of public key protocols

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

The use of type checking for analyzing security protocols has been recognized for several years. A state-of-the-art type checker based on such an idea is Cryptyc. It has been proven that if an authentication protocol is well-typed in Cryptyc, it provides authenticity in any environment containing external adversaries. The type system implemented by Cryptyc, however, is such that one may hope to be able to detect insider attacks as well. The lack of any report of a well-typed protocol being vulnerable to insider attacks has strengthened such a conjecture. This has been an open question from the last version of Cryptyc. In this paper, we show that the answer to this question is "No". More precisely, we first introduce a public-key authentication protocol which is vulnerable to a man-in-the-middle attack mounted by a legitimate principal. Then, it is shown that this protocol is typable in Cryptyc. We also make slight changes in Cryptyc so that it can trap the protocols being vulnerable to this kind of insider attacks. The new type system is sound.