Steve Kremer: Analysing the Vulnerability of Protocols to Produce Known-pair and Chosen-text Attacks

Analysing the Vulnerability of Protocols to Produce Known-pair and Chosen-text Attacks

Steve Kremer and Mark D. Ryan. Analysing the Vulnerability of Protocols to Produce Known-pair and Chosen-text Attacks. In Proceedings of the 2nd International Workshop on Security Issues in Coordination Models, Languages and Systems (SecCo'04), pp. 84–107, Electronic Notes in Theoretical Computer Science 128, Elsevier Science Publishers, London, UK, May 2005.
doi:10.1016/j.entcs.2004.11.043

Download

[PDF] [HTML]

Abstract

In this paper we report on an analysis for finding known-pair and chosen-text attacks in protocols. As these attacks are at the level of blocks, we extend the attacker by special capabilities related to block chaining techniques. The analysis is automated using Blanchet's protocol verifier and illustrated on two well-known protocols, the Needham-Schroeder-Lowe public-key protocol as well as the Needham-Schroeder symmetric-key protocol. On the first protocol, we show how the special intruder capabilities related to chaining may compromise the secrecy of nonces and that chosen-ciphertext attacks are possible. We propose two modified versions of the protocol which strengthen its security. We then illustrate known-pair and chosen-plaintext attacks on the second protocol.

BibTeX

@inproceedings{KremerRyan2004,
  abstract =      {In this paper we report on an analysis for finding
                   known-pair and chosen-text attacks in protocols. As
                   these attacks are at the level of blocks, we extend
                   the attacker by special capabilities related to block
                   chaining techniques. The analysis is automated using
                   Blanchet's protocol verifier and illustrated on two
                   well-known protocols, the Needham-Schroeder-Lowe
                   public-key protocol as well as the Needham-Schroeder
                   symmetric-key protocol. On the first protocol, we
                   show how the special intruder capabilities related to
                   chaining may compromise the secrecy of nonces and
                   that chosen-ciphertext attacks are possible. We
                   propose two modified versions of the protocol which
                   strengthen its security. We then illustrate
                   known-pair and chosen-plaintext attacks on the second
                   protocol.},
  address =       {London, UK},
  author =        {Kremer, Steve and Ryan, Mark D.},
  booktitle =     {{P}roceedings of the 2nd {I}nternational {W}orkshop
                   on {S}ecurity {I}ssues in {C}oordination {M}odels,
                   {L}anguages and {S}ystems ({SecCo}'04)},
  DOI =           {10.1016/j.entcs.2004.11.043},
  editor =        {Focardi, Riccardo and Zavattaro, Gianluigi},
  month =         may,
  number =        {5},
  pages =         {84-107},
  publisher =     {Elsevier Science Publishers},
  series =        {Electronic Notes in Theoretical Computer Science},
  title =         {Analysing the Vulnerability of Protocols to Produce
                   Known-pair and Chosen-text Attacks},
  volume =        {128},
  year =          {2005},
  acronym =       {{SecCo}'04},
  nmonth =        {5},
  conf-year =     {2004},
  conf-month =    aug,
  url =           {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/Kremer-secco04.pdf},
}