Cross-layer verification of type flaw attacks on security protocols

Authors:
Benjamin W. Long;Colin J. Fidge;David A. Carrington
Affiliations:
The University of Queensland, Brisbane, Australia;Queensland University of Technology, Brisbane, Australia;The University of Queensland, Brisbane, Australia
Venue:
ACSC '07 Proceedings of the thirtieth Australasian conference on Computer science - Volume 62
Year:
2007

Citing 10
Cited 4

On a limitation of BAN logic

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Automated protocol verification in linear logic

Proceedings of the 4th ACM SIGPLAN international conference on Principles and practice of declarative programming
How to Prevent Type Flaw Attacks on Security Protocols

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Analyzing the energy consumption of security protocols

Proceedings of the 2003 international symposium on Low power electronics and design
Roles in Cryptographic Protocols

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Generating Formal Cryptographic Protocol Specifications

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Formal specification and analysis of the group domain of interpretation protocol using NPATRL and the NRL protocol analyzer

Journal of Computer Security - Special issue on ACM conference on computer and communications security, 2001
The modelling and analysis of security protocols: the csp approach

The modelling and analysis of security protocols: the csp approach
The AVISPA tool for the automated validation of internet security protocols and applications

CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Formal verification of a type flaw attack on a security protocol using object-z

ZB'05 Proceedings of the 4th international conference on Formal Specification and Development in Z and B

Chosen-name Attacks: An Overlooked Class of Type-flaw Attacks

Electronic Notes in Theoretical Computer Science (ENTCS)
A Formal Analysis of Complex Type Flaw Attacks on Security Protocols

AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
Sender access and data distribution control for inter-domain multicast groups

Computer Networks: The International Journal of Computer and Telecommunications Networking
Deciding recognizability under Dolev-Yao intruder model

ISC'10 Proceedings of the 13th international conference on Information security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security protocols are often specified at the application layer; however, application layer specifications give little detail regarding message data structures at the presentation layer upon which some implementation-dependent attacks rely. In this paper we present an approach to verifying security protocols in which both the application and presentation layers are modelled. Using the Group Domain of Interpretation protocol as an example, our application layer specification of the protocol is used as input to the AVISPA model checking tool for analysis. Two type flaw attacks are found via model checking which are then verified against the corresponding presentation layer specification, thus identifying the minimal requirements to prevent the attacks.