Establishing and fixing a freshness flaw in a key-distribution and Authentication Protocol

2008 4th International Conference on Intelligent Computer Communication and Processing Pub Date : 2008-10-10 DOI:10.1109/ICCP.2008.4648371

R. Dojen, I. Lasc, T. Coffey

{"title":"Establishing and fixing a freshness flaw in a key-distribution and Authentication Protocol","authors":"R. Dojen, I. Lasc, T. Coffey","doi":"10.1109/ICCP.2008.4648371","DOIUrl":null,"url":null,"abstract":"The security of electronic networks and information systems is nowadays seen as a critical issue for the growth of information and communication technologies. Cryptographic protocols are used to provide security services such as confidentiality, message integrity, authentication, certified E-mail and non-repudiation. Traditionally, security protocols have been designed and verified using informal techniques. However, the absence of formal verification can lead to security errors remaining undetected. Formal verification techniques provide a systematic way of discovering protocol flaws. This paper establishes a freshness flaw in a key-distribution and authentication protocol using an automated logic-based verification engine. The performed verification reveals a freshness flaw in the protocol that allows an intruder to impersonate legitimate principals. The cause of the freshness flaw is discussed and an amended protocol is proposed. Formal verification of the amended protocol provides confidence in the correctness and effectiveness of the proposed modifications.","PeriodicalId":169031,"journal":{"name":"2008 4th International Conference on Intelligent Computer Communication and Processing","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 4th International Conference on Intelligent Computer Communication and Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCP.2008.4648371","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

Abstract

The security of electronic networks and information systems is nowadays seen as a critical issue for the growth of information and communication technologies. Cryptographic protocols are used to provide security services such as confidentiality, message integrity, authentication, certified E-mail and non-repudiation. Traditionally, security protocols have been designed and verified using informal techniques. However, the absence of formal verification can lead to security errors remaining undetected. Formal verification techniques provide a systematic way of discovering protocol flaws. This paper establishes a freshness flaw in a key-distribution and authentication protocol using an automated logic-based verification engine. The performed verification reveals a freshness flaw in the protocol that allows an intruder to impersonate legitimate principals. The cause of the freshness flaw is discussed and an amended protocol is proposed. Formal verification of the amended protocol provides confidence in the correctness and effectiveness of the proposed modifications.

查看原文本刊更多论文

建立并修复密钥分发和身份验证协议中的新鲜度缺陷

电子网络和信息系统的安全如今被视为信息和通信技术发展的一个关键问题。加密协议用于提供安全服务，如机密性、消息完整性、身份验证、认证电子邮件和不可否认性。传统上，安全协议是使用非正式技术设计和验证的。然而，缺乏正式验证可能导致安全错误未被检测到。形式化验证技术提供了一种发现协议缺陷的系统方法。本文利用基于逻辑的自动验证引擎在密钥分发和认证协议中建立了一个新鲜度缺陷。执行的验证揭示了协议中的新漏洞，该漏洞允许入侵者冒充合法主体。讨论了产生新鲜度缺陷的原因，并提出了改进方案。修订后的协议的正式验证提供了对所提议修改的正确性和有效性的信心。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 4th International Conference on Intelligent Computer Communication and Processing

自引率

0.00%

发文量