CVS at Work: A Report on New Failures upon Some Cryptographic Protocols

Authors:
Antonio Durante;Riccardo Focardi;Roberto Gorrieri
Affiliations:
-;-;-
Venue:
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Year:
2001

Citing 14
Cited 1

Authentication for Distributed Systems

Computer
Authentication and authenticated key exchanges

Designs, Codes and Cryptography
Prudent Engineering Practice for Cryptographic Protocols

IEEE Transactions on Software Engineering
The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties

IEEE Transactions on Software Engineering
A compiler for analyzing cryptographic protocols using noninterference

ACM Transactions on Software Engineering and Methodology (TOSEM)
Communication and Concurrency

Communication and Concurrency
Non Interference for the Analysis of Cryptographic Protocols

ICALP '00 Proceedings of the 27th International Colloquium on Automata, Languages and Programming
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Casper: A Compiler for the Analysis of Security Protocols

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Two Facets of Authentication

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Honest Ideals on Strand Spaces

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
CVS: A Compiler for the Analysis of Cryptographic Protocols

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Automated analysis of cryptographic protocols using Mur/spl phi/

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy

Classification of Security Properties (Part I: Information Flow)

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures

Quantified Score

Hi-index	0.00

Visualization

Abstract

CVS is an automatic tool for the verification of cryptographic protocols, we have presented in [9], [10], that uses a noninterference based analysis technique which has been successfully applied to many case-studies, essentially most of those belonging to the Clark & Jacob's library [4]. In this paper we report some new failures we have found. More precisely, we have been able to detect attacks upon two unflawed (to the best of our knowledge) protocols: Woo & Lam public key one-way authentication protocol and ISO public key two-pass parallel mutual authentication protocol; and new failures upon two flawed protocols: Encrypted Key Exchange and Station to Station protocols.