{"title":"Establishing and fixing a freshness flaw in a key-distribution and Authentication Protocol","authors":"R. Dojen, I. Lasc, T. Coffey","doi":"10.1109/ICCP.2008.4648371","DOIUrl":null,"url":null,"abstract":"The security of electronic networks and information systems is nowadays seen as a critical issue for the growth of information and communication technologies. Cryptographic protocols are used to provide security services such as confidentiality, message integrity, authentication, certified E-mail and non-repudiation. Traditionally, security protocols have been designed and verified using informal techniques. However, the absence of formal verification can lead to security errors remaining undetected. Formal verification techniques provide a systematic way of discovering protocol flaws. This paper establishes a freshness flaw in a key-distribution and authentication protocol using an automated logic-based verification engine. The performed verification reveals a freshness flaw in the protocol that allows an intruder to impersonate legitimate principals. The cause of the freshness flaw is discussed and an amended protocol is proposed. Formal verification of the amended protocol provides confidence in the correctness and effectiveness of the proposed modifications.","PeriodicalId":169031,"journal":{"name":"2008 4th International Conference on Intelligent Computer Communication and Processing","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 4th International Conference on Intelligent Computer Communication and Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCP.2008.4648371","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13
Abstract
The security of electronic networks and information systems is nowadays seen as a critical issue for the growth of information and communication technologies. Cryptographic protocols are used to provide security services such as confidentiality, message integrity, authentication, certified E-mail and non-repudiation. Traditionally, security protocols have been designed and verified using informal techniques. However, the absence of formal verification can lead to security errors remaining undetected. Formal verification techniques provide a systematic way of discovering protocol flaws. This paper establishes a freshness flaw in a key-distribution and authentication protocol using an automated logic-based verification engine. The performed verification reveals a freshness flaw in the protocol that allows an intruder to impersonate legitimate principals. The cause of the freshness flaw is discussed and an amended protocol is proposed. Formal verification of the amended protocol provides confidence in the correctness and effectiveness of the proposed modifications.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
