Composition of Password-based Protocols

Stéphanie Delaune, Steve Kremer, and Mark D. Ryan. Composition of Password-based Protocols. In Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF'08), pp. 239–251, IEEE Computer Society Press, Pittsburgh, PA, USA, June 2008.
doi:10.1109/CSF.2008.6

Download

[PDF] [HTML] 

Abstract

We investigate the composition of protocols that share a common secret. This situation arises when users employ the same password on different services. More precisely we study whether resistance against guessing attacks composes when the same password is used. We model guessing attacks using a common definition based on static equivalence in a cryptographic process calculus close to the applied pi calculus. We show that resistance against guessing attacks composes in the presence of a passive attacker. However, composition does not preserve resistance against guessing attacks for an active attacker. We therefore propose a simple syntactic criterion under which we show this composition to hold. Finally, we present a protocol transformation that ensures this syntactic criterion and preserves resistance against guessing attacks.

BibTeX

@inproceedings{DKR-csf08,
  abstract =      {We investigate the composition of protocols that
                   share a common secret. This situation arises when
                   users employ the same password on different services.
                   More precisely we study whether resistance against
                   guessing attacks composes when the same password is
                   used. We model guessing attacks using a common
                   definition based on static equivalence in a
                   cryptographic process calculus close to the applied
                   pi calculus. We show that resistance against guessing
                   attacks composes in the presence of a passive
                   attacker. However, composition does not preserve
                   resistance against guessing attacks for an active
                   attacker. We therefore propose a simple syntactic
                   criterion under which we show this composition to
                   hold. Finally, we present a protocol transformation
                   that ensures this syntactic criterion and preserves
                   resistance against guessing attacks.},
  address =       {Pittsburgh, PA, USA},
  author =        {Delaune, St{\'e}phanie and Kremer, Steve and
                   Ryan, Mark D.},
  booktitle =     {{P}roceedings of the 21st {IEEE} {C}omputer
                   {S}ecurity {F}oundations {S}ymposium ({CSF}'08)},
  DOI =           {10.1109/CSF.2008.6},
  month =         jun,
  pages =         {239-251},
  publisher =     {{IEEE} Computer Society Press},
  title =         {Composition of Password-based Protocols},
  year =          {2008},
  acceptrate =    {21/115},
  acronym =       {{CSF}'08},
  nmonth =        {6},
  url =           {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/DKR-csf08.pdf},
}