Deriving the type flaw attacks in the Otway-Rees protocol by rewriting

  • Authors:
  • Monica Nesi;Giustina Nocera

  • Affiliations:
  • Università degli Studi di L'Aquila, Dipartimento di Informatica, L'Aquila, Italy;Università degli Studi di L'Aquila, Dipartimento di Informatica, L'Aquila, Italy

  • Venue:
  • Nordic Journal of Computing - Selected papers of the 17th nordic workshop on programming theory (NWPT'05), October 19-21, 2005
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper presents an approach to formalizing and verifying security protocol specifications based on rewriting techniques. A rewrite system Rp describes the steps of a protocol and the properties under consideration, and a rewrite system RI defines an intruder's ability of decomposing and decrypting messages. The equational theory generated by R = RP∪RI characterizes the recognizability of terms by an intruder, i.e. how an intruder can learn (parts of) messages exchanged among principals communicating over an insecure network. Security properties, such as authentication and secrecy, can be expressed by means of intruder's recognizability, and verifying whether a term is recognized by an intruder reduces to checking whether such a term can be rewritten to a normal form in the intruder's initial knowledge. A rewriting strategy is defined that, given a term t that represents a property to be proved, suitably expands and reduces t using the rules in R to derive whether or not t is recognized by an intruder. The approach is applied on the Otway-Rees symmetric-key protocol by deriving its well-known type flaw attacks.