A framework for compositional verification of security protocols
Information and Computation
The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Proceedings of the 15th ACM conference on Computer and communications security
Detecting and preventing type flaws at static time
Journal of Computer Security - Security Issues in Concurrency (SecCo'07)
EC-RAC: enriching a capacious RFID attack collection
RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
A typed specification for security protocols
DNCOCO'06 Proceedings of the 5th WSEAS international conference on Data networks, communications and computers
Key exchange in IPsec revisited: formal analysis of IKEv1 and IKEv2
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
A cross-protocol attack on the TLS protocol
Proceedings of the 2012 ACM conference on Computer and communications security
Intrusion attack tactics for the model checking of e-commerce security guarantees
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
Hi-index | 0.00 |
Formal modeling and verification of security protocols typically assumes that a protocol is executed in isolation, without other protocols sharing the network. We investigate the existence of multi-protocol attacks on protocols described in literature. Given two or more protocols, that share key structures and are executed in the same environment, are new attacks possible? Out of 30 protocols from literature, we find that 23 are vulnerable to multi-protocol attacks. We identify two likely attack patterns and sketch a tagging scheme to prevent multi-protocol attacks.