Top

Published in:

2014 | OriginalPaper | Chapter

Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)

Authors : Michele Peroli, Luca Viganò, Matteo Zavatteri

Published in: Security Protocols XXII

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Security protocols are often found to be flawed after their deployment. We present an approach that aims at the neutralization or mitigation of the attacks to flawed protocols: it avoids the complete dismissal of the interested protocol and allows honest agents to continue to use it until a corrected version is released. Our approach is based on the knowledge of the network topology, which we model as a graph, and on the consequent possibility of creating an interference to an ongoing attack of a Dolev-Yao attacker, by means of non-collaboration actuated by ad-hoc benign attackers that play the role of network guardians. Such guardians, positioned in strategical points of the network, have the task of monitoring the messages in transit and discovering at runtime, through particular types of inference, whether an attack is ongoing, interrupting the run of the protocol in the positive case. We study not only how but also where we can attempt to defend flawed security protocols: we investigate the different network topologies that make security protocol defense feasible and illustrate our approach by means of concrete examples.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Red Queen’s Race: APT Win-Win Game (Transcript of Discussion)

next chapter Non-collaborative Attackers and How and Where to Defend Vulnerable Security Protocols (Transcript of Discussion)

It is interesting to note how this idea of “living with flaws” is becoming more and more widespread; see, e.g., [9] where runtime monitors are employed to warn users of android applications about “man in the middle” attacks on flawed implementations of SSL. Our approach is also related to signature-based intrusion detection systems, but we leave the detailed study of the relations of our approach with runtime monitors and signature-based intrusion detection systems for future work.

In the following, we focus on one competitor (i.e., one attacker), but it is quite straightforwardly possible to extend our work to multiple competitors.

If an attacker were omniscient and omnipotent (i.e., if he were to control the whole network) then there’d actually be no “space” for another attacker, and thus there’d be no interference. The more “adventurous” reader may want to compare this with the proof of the uniqueness of God by Leibniz, which was based on the arguments started by Anselm of Canterbury and was later further refined by Gödel.

In this paper we only use the inflow-spy and the outflow-spy filters and not the restricted-spy filter used in the previous exploratory works. This is due to the fact that we can certainly know who we want to defend, but we cannot know who the attackers are and we want to have the possibility of intercepting all outgoing/incoming messages which leave/come from/to an agent \(X\).

In [14, 15], we analyzed two protocols: (i) a key transport protocol described as an example in [6], which we thus called the Boyd-Mathuria Example (BME), and (ii) the Shamir-Rivest-Adleman Three-Pass protocol(SRA3P [8]), which has been proposed to transmit data securely on insecure channels, bypassing the difficulties connected to the absence of prior agreements between the agents \(A\) and \(B\) to establish a shared key.

This channel could be a digital or a physical channel, say a text message sent to a mobile (as in some two-factor authentication or e-banking systems), a phone call (as in burglar alarm systems), or even a flag raised (as is done on some beaches to signal the presence of sharks). We do not investigate the features of this channel further but simply assume, as done in all the above three examples of runtime guarding (monitoring) systems, that such a channel actually exists.

We do not make assumptions on the real topology of the network between \(A\) and \(S\) (i.e., there could be more than one channel) but only consider the fact that the communications from \(E\) are received by \(G\).

We deliberately wrote “protocol” instead of “protocols” since, for now, we are not going to consider multi-protocol attacks or protocol composition, e.g., [7, 10, 17]. As future work, we envision a distinguisher able to distinguish between messages belonging to different protocols and thus consider also the attacks that occur when messages from one protocol may be confused with messages from another protocol.

Formally, for the ISO-SC 27 we have: \(f^{-1}(f(N_A,2),2) = f^{-1}(N_A,2) = N_A\) (where \(s = 2\) refers to message \((2)\) in Table 4 or, equivalently, message \((1.2)\) in Table 2).

Armando, A., Arsac, W., Avanesov, T., Barletta, M., Calvi, A., Cappai, A., Carbone, R., Chevalier, Y., Compagna, L., Cuéllar, J., Erzse, G., Frau, S., Minea, M., Mödersheim, S., von Oheimb, D., Pellegrino, G., Ponta, S.E., Rocchetto, M., Rusinowitch, M., Torabi Dashti, M., Turuani, M., Viganò, L.: The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 267–282. Springer, Heidelberg (2012)CrossRef

Basin, D., Caleiro, C., Ramos, J., Viganò, L.: Distributed temporal logic for the analysis of security protocol models. Theor. Comput. Sci. 412(31), 4007–4043 (2011)CrossRefMATH

Bella, G.: A protocol’s life after attacks. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 11–18. Springer, Heidelberg (2005)CrossRef

Bella, G., Bistarelli, S., Massacci, F.: Retaliation against protocol attacks. J. Inf. Assur. Secur. 3, 313–325 (2008)

Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Proceedings of CSF’01, pp. 82–96. IEEE CS Press (2001)

Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Information Security and Cryptography. Springer, Heidelberg (2003)CrossRef

Ciobâcǎ, S., Cortier, V.: Protocol composition for arbitrary primitives. In: Proceedings of CSF’10. IEEE CS Press (2010)

Clark, J., Jacob, J.: A survey of authentication protocol literature: Version 1.0 (1997)

Conti, M., Dragoni, N., Gottardo, S.: MITHYS: mind the hand you shake - protecting mobile devices from SSL usage vulnerabilities. In: Accorsi, R., Ranise, S. (eds.) STM 2013. LNCS, vol. 8203, pp. 65–81. Springer, Heidelberg (2013)CrossRef

10.

Cortier, V., Delaune, S.: Safely composing security protocols. Form. Methods Syst. Des. 34(1), 1–36 (2009)CrossRefMATH

11.

Cremers, C.J.F.: The Scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)CrossRef

12.

Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)MathSciNetCrossRefMATH

13.

Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007/2008/2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2007)CrossRef

14.

Fiazza, M.-C., Peroli, M., Viganò, L.: Attack interference: a path to defending security protocols. In: Obaidat, M.S., Sevillano, J.L., Filipe, J. (eds.) ICETE 2011. CCIS, vol. 314, pp. 296–314. Springer, Heidelberg (2012)CrossRef

15.

Fiazza, M.-C., Peroli, M., Vigano, L.: An environmental paradigm for defending security protocols. In: 2012 International Conference on Collaboration Technologies and Systems (CTS), May 2012, pp. 427–438 (2012)

16.

ISO: ISO-IEC JTC1.27.02.2(20.03.1.2) entity authentication using symmetric techniques. International Organization for Standardization (ISO) (1990)

17.

Mödersheim, S., Viganò, L.: Secure pseudonymous channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 337–354. Springer, Heidelberg (2009)CrossRef

18.

Peroli, M., Viganò, L., Zavatteri, M.: Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version) (2014). http://arxiv.org/abs/1405.6912

19.

Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modelling and Analysis of Security Protocols. Addison Wesley, Reading (2000)

20.

Viganò, L.: Automated security protocol analysis with the AVISPA tool. Electron. Notes Theor. Comput. Sci. 155, 61–86 (2006)CrossRef

Title: Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)
Authors: Michele Peroli
Luca Viganò
Matteo Zavatteri
Publisher: Springer International Publishing
Book: Security Protocols XXII
Print ISBN: 978-3-319-12399-8

Electronic ISBN: 978-3-319-12400-1

Copyright Year: 2014
DOI: https://doi.org/10.1007/978-3-319-12400-1_9

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner