Top

Published in:

2018 | OriginalPaper | Chapter

Automated Identification of Desynchronisation Attacks on Shared Secrets

Authors : Sjouke Mauw, Zach Smith, Jorge Toro-Pozo, Rolando Trujillo-Rasua

Published in: Computer Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Key-updating protocols are a class of communication protocol that aim to increase security by having the participants change encryption keys between protocol executions. However, such protocols can be vulnerable to desynchronisation attacks, a denial of service attack in which the agents are tricked into updating their keys improperly, impeding future communication. In this work we introduce a method that can be used to automatically verify (or falsify) resistance to desynchronisation attacks for a range of protocols. This approach is then used to identify previously unreported vulnerabilities in two published RFID grouping protocols.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter POR for Security Protocol Equivalences

next chapter Stateful Protocol Composition

Available only for authorised users

https://github.com/DesynchTamarin/desynch.

Abughazalah, S., Markantonakis, K., Mayes, K.: Two rounds RFID grouping-proof protocol. In: 2016 IEEE International Conference on RFID, RFID 2016, Orlando, FL, USA, 3–5 May 2016, pp. 161–174 (2016)

Avoine, G.: Adversarial model for radio frequency identification. IACR Cryptology ePrint Archive 2005, 49 (2005)

Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSF 2001, pp. 82–96 (2001)

Blanchet, B.: Using Horn clauses for analyzing security protocols. In: Formal Models and Techniques for Analyzing Security Protocols, vol. 5, pp. 86–111 (2011)

Cohn-Gordon, K., Cremers, C., Garratt, L.: On post-compromise security. In: CSF 2016, pp. 164–178. IEEE (2016)

van Deursen, T., Mauw, S., Radomirović, S., Vullers, P.: Secure ownership and ownership transfer in RFID systems. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 637–654. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_39CrossRef

van Deursen, T., Radomirovic, S.: Attacks on RFID protocols. IACR Cryptology ePrint Archive 2008, 310 (2008)

Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–207 (1983)MathSciNetCrossRef

Dreier, J., Duménil, C., Kremer, S., Sasse, R.: Beyond subterm-convergent equational theories in automated verification of stateful protocols. In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 117–140. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_6CrossRef

10.

Durgin, N.A., Lincoln, P., Mitchell, J.C.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12(2), 247–311 (2004)CrossRef

11.

Goguen, J.A., Meseguer, J.: Order-sorted algebra I: equational deduction for multiple inheritance, overloading, exceptions and partial operations. Theor. Comput. Sci. 105(2), 217–273 (1992)MathSciNetCrossRef

12.

Juels, A.: “Yoking-proofs” for RFID tags. In: 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), Orlando, FL, USA, 14–17 March 2004, pp. 138–143 (2004)

13.

Jung, S.W., Jung, S.: HRP: A HMAC-based RFID mutual authentication protocol using PUF. In: International Conference on Information Networking (ICOIN), pp. 578–582. IEEE (2013)

14.

Kapoor, G., Piramuthu, S.: Vulnerabilities in some recently proposed RFID ownership transfer protocols. In: First International Conference on Networks and Communications, pp. 354–357. IEEE (2009)

15.

Li, Q.S., Xu, X.L., Chen, Z.: PUF-based RFID ownership transfer protocol in an open environment. In: 15th International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 131–137. IEEE (2014)

16.

Li, T., Wang, G.: Security analysis of two ultra-lightweight RFID authentication protocols. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) SEC 2007. IIFIP, vol. 232, pp. 109–120. Springer, Boston, MA (2007). https://doi.org/10.1007/978-0-387-72367-9_10CrossRef

17.

Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48CrossRef

18.

Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M.E., Ribagorda, A.: Advances in ultralightweight cryptography for low-cost RFID tags: gossamer protocol. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 56–68. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00306-6_5CrossRef

19.

Perrin, T., Marlinspike, M.: The double ratchet algorithm. GitHub Wiki (2016)

20.

Radomirovic, S., Dashti, M.T.: Derailing attacks. In: Security Protocols XXIII - 23rd International Workshop, Cambridge, UK, 31 March- 2 April 2015, Revised Selected Papers, pp. 41–46 (2015)

21.

Saito, J., Sakurai, K.: Grouping proof for RFID tags. In: 19th International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan, 28–30 March 2005, pp. 621–624 (2005)

22.

Srivastava, K., Awasthi, A.K., Kaul, S.D., Mittal, R.C.: A hash based mutual RFID tag authentication protocol in telecare medicine information system. J. Med. Syst. 39(1), 153 (2015)CrossRef

23.

Sun, D., Zhong, J.: Cryptanalysis of a hash based mutual RFID tag authentication protocol. Wirel. Pers. Commun. 91(3), 1085–1093 (2016)CrossRef

24.

Sundaresan, S., Doss, R., Piramuthu, S., Zhou, W.: A robust grouping proof protocol for RFID EPC C1G2 tags. IEEE Trans. Inf. Forensics Secur. 9(6), 961–975 (2014)CrossRef

25.

Sundaresan, S., Doss, R., Zhou, W.: Secure ownership transfer in multi-tag/multi-owner passive RFID systems. In: Symposium on Selected Areas in Communications, Globecom 2013, pp. 2891–2896. IEEE (2013)

26.

Sundaresan, S., Doss, R., Zhou, W.: Zero knowledge grouping proof protocol for RFID EPC C1G2 tags. IEEE Trans. Comput. 64(10), 2994–3008 (2015)MathSciNetCrossRef

27.

The Tamarin Team: MS Windows NT Kernel Description (2018). https://tamarin-prover.github.io/manual/tex/tamarin-manual.pdf

Title: Automated Identification of Desynchronisation Attacks on Shared Secrets
Authors: Sjouke Mauw
Zach Smith
Jorge Toro-Pozo
Rolando Trujillo-Rasua
Publisher: Springer International Publishing
Book: Computer Security
Print ISBN: 978-3-319-99072-9

Electronic ISBN: 978-3-319-99073-6

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-99073-6_20

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner