A small bound on the number of sessions for security protocols

2022 IEEE 35th Computer Security Foundations Symposium (CSF) Pub Date : 2022-08-01 DOI:10.1109/CSF54842.2022.9919670

V. Cortier, Antoine Dallon, S. Delaune

{"title":"A small bound on the number of sessions for security protocols","authors":"V. Cortier, Antoine Dallon, S. Delaune","doi":"10.1109/CSF54842.2022.9919670","DOIUrl":null,"url":null,"abstract":"Bounding the number of sessions is a long-standing problem in the context of security protocols. It is well known that even simple properties like secrecy are undecidable when an unbounded number of sessions is considered. Yet, attacks on existing protocols only require a few sessions. In this paper, we propose a sound algorithm that computes a sufficient set of scenarios that need to be considered to detect an attack. Our approach can be applied for both reachability and equivalence properties, for protocols with standard primitives that are type-compliant (unifiable messages have the same type). Moreover, when equivalence properties are considered, else branches are disallowed, and protocols are supposed to be simple (an attacker knows from which role and session a message comes from). Since this class remains undecidable, our algorithm may return an infinite set. However, our experiments show that on most basic protocols of the literature, our algorithm computes a small number of sessions (a dozen). As a consequence, tools for a bounded number of sessions like DeepSec can then be used to conclude that a protocol is secure for an unbounded number of sessions.","PeriodicalId":412553,"journal":{"name":"2022 IEEE 35th Computer Security Foundations Symposium (CSF)","volume":"263 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 35th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF54842.2022.9919670","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Bounding the number of sessions is a long-standing problem in the context of security protocols. It is well known that even simple properties like secrecy are undecidable when an unbounded number of sessions is considered. Yet, attacks on existing protocols only require a few sessions. In this paper, we propose a sound algorithm that computes a sufficient set of scenarios that need to be considered to detect an attack. Our approach can be applied for both reachability and equivalence properties, for protocols with standard primitives that are type-compliant (unifiable messages have the same type). Moreover, when equivalence properties are considered, else branches are disallowed, and protocols are supposed to be simple (an attacker knows from which role and session a message comes from). Since this class remains undecidable, our algorithm may return an infinite set. However, our experiments show that on most basic protocols of the literature, our algorithm computes a small number of sessions (a dozen). As a consequence, tools for a bounded number of sessions like DeepSec can then be used to conclude that a protocol is secure for an unbounded number of sessions.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

安全协议会话数的小界限

在安全协议上下文中，限制会话数是一个长期存在的问题。众所周知，当考虑无限数量的会话时，即使是像保密性这样简单的属性也是不可确定的。然而，对现有协议的攻击只需要几个会话。在本文中，我们提出了一种可靠的算法，该算法计算了一组需要考虑的场景来检测攻击。我们的方法既适用于可达性，也适用于等价属性，适用于具有类型兼容的标准原语的协议(统一消息具有相同的类型)。此外，当考虑等效属性时，不允许使用else分支，并且协议应该是简单的(攻击者知道消息来自哪个角色和会话)。由于该类仍然是不可判定的，因此我们的算法可能返回一个无限集合。然而，我们的实验表明，在文献中的大多数基本协议上，我们的算法计算少量会话(十几个)。因此，像DeepSec这样的有限会话数量的工具可以用来得出这样的结论:对于无限会话数量的协议是安全的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2022 IEEE 35th Computer Security Foundations Symposium (CSF)

自引率

0.00%

发文量