Verifying Authentication Protocols in CSP
IEEE Transactions on Software Engineering
Inter-protocol interleaving attacks on some authentication and key distribution protocols
Information Processing Letters
An approach to the formal verification of the two-party cryptographic protocols
ACM SIGOPS Operating Systems Review
Strand spaces: proving security protocols correct
Journal of Computer Security
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Protocol Interactions and the Chosen Protocol Attack
Proceedings of the 5th International Workshop on Security Protocols
Security of Public Key Certificate Based Authentication Protocols
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Intensional specifications of security protocols
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Athena: a New Efficient Automatic Checker for Security Protocol Analysis
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Relating Strands and Multiset Rewriting for Security Protocol Analysis
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
An Executable Specification Language for Planning Attacks to Security Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Authentication tests based on test type matrix
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Security protocol analysis with improved authentication tests
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Hi-index | 0.00 |
The growing interest in the application of formal methods of cryptographic protocol analysis has led to the development of a number of different ways for analyzing protocol. In this paper, it is strictly proved that if for any strand, there exists at least one bundle containing it, then an entity authentication protocol is secure in strand space model (SSM) with some small extensions. Unfortunately, the results of attack scenario demonstrate that this protocol and the Yahalom protocol and its modification are de facto insecure. By analyzing the reasons of failure of formal inference in strand space model, some deficiencies in original SSM are pointed out. In order to break through these limitations of analytic capability of SSM, the generalized strand space model (GSSM) induced by some protocol is proposed. In this model, some new classes of strands, oracle strands, high order oracle strands etc., are developed, and some notions are formalized strictly in GSSM, such as protocol attacks, valid protocol run and successful protocol run. GSSM can then be used to further analyze the entity authentication protocol. This analysis sheds light on why this protocol would be vulnerable while it illustrates that GSSM not only can prove security protocol correct, but also can be efficiently used to construct protocol attacks. It is also pointed out that using other protocol to attack some given protocol is essentially the same as the case of using the most of protocol itself.