Know Your Enemy: Compromising Adversaries in Protocol Analysis

Q Engineering

ACM Transactions on Information and System Security Pub Date : 2014-11-17 DOI:10.1145/2658996

D. Basin, C. Cremers

{"title":"Know Your Enemy: Compromising Adversaries in Protocol Analysis","authors":"D. Basin, C. Cremers","doi":"10.1145/2658996","DOIUrl":null,"url":null,"abstract":"We present a symbolic framework, based on a modular operational semantics, for formalizing different notions of compromise relevant for the design and analysis of cryptographic protocols. The framework’s rules can be combined to specify different adversary capabilities, capturing different practically-relevant notions of key and state compromise. The resulting adversary models generalize the models currently used in different domains, such as security models for authenticated key exchange. We extend an existing security-protocol analysis tool, Scyther, with our adversary models. This extension systematically supports notions such as weak perfect forward secrecy, key compromise impersonation, and adversaries capable of state-reveal queries. Furthermore, we introduce the concept of a protocol-security hierarchy, which classifies the relative strength of protocols against different adversaries.\n In case studies, we use Scyther to analyse protocols and automatically construct protocol-security hierarchies in the context of our adversary models. Our analysis confirms known results and uncovers new attacks. Additionally, our hierarchies refine and correct relationships between protocols previously reported in the cryptographic literature.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2014-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"40","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2658996","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}

引用次数: 40

Abstract

We present a symbolic framework, based on a modular operational semantics, for formalizing different notions of compromise relevant for the design and analysis of cryptographic protocols. The framework’s rules can be combined to specify different adversary capabilities, capturing different practically-relevant notions of key and state compromise. The resulting adversary models generalize the models currently used in different domains, such as security models for authenticated key exchange. We extend an existing security-protocol analysis tool, Scyther, with our adversary models. This extension systematically supports notions such as weak perfect forward secrecy, key compromise impersonation, and adversaries capable of state-reveal queries. Furthermore, we introduce the concept of a protocol-security hierarchy, which classifies the relative strength of protocols against different adversaries. In case studies, we use Scyther to analyse protocols and automatically construct protocol-security hierarchies in the context of our adversary models. Our analysis confirms known results and uncovers new attacks. Additionally, our hierarchies refine and correct relationships between protocols previously reported in the cryptographic literature.

查看原文本刊更多论文

了解你的敌人:协议分析中的妥协对手

我们提出了一个基于模块化操作语义的符号框架，用于形式化与加密协议的设计和分析相关的不同妥协概念。可以组合框架的规则来指定不同的对手能力，捕获不同的实际相关的密钥和状态妥协概念。生成的对手模型概括了目前在不同领域中使用的模型，例如用于经过身份验证的密钥交换的安全模型。我们用我们的对手模型扩展了现有的安全协议分析工具Scyther。这个扩展系统地支持弱完美前向保密、密钥泄露模拟和能够显示状态查询的对手等概念。此外，我们引入了协议安全层次结构的概念，它对不同对手的协议的相对强度进行了分类。在案例研究中，我们使用Scyther来分析协议，并在对手模型的上下文中自动构建协议安全层次结构。我们的分析证实了已知的结果，并发现了新的攻击。此外，我们的层次结构改进和纠正了密码学文献中先前报道的协议之间的关系。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Information and System Security 工程技术-计算机：信息系统

CiteScore

4.50

自引率

0.00%

发文量

审稿时长

3.3 months

期刊介绍： ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.