基于短认证字符串的协议形式化验证

2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-08-21 DOI:10.1109/CSF.2017.26

S. Delaune, S. Kremer, Ludovic Robin

{"title":"基于短认证字符串的协议形式化验证","authors":"S. Delaune, S. Kremer, Ludovic Robin","doi":"10.1109/CSF.2017.26","DOIUrl":null,"url":null,"abstract":"Modern security protocols may involve humans in order to compare or copy short strings between different devices. Multi-factor authentication protocols, such as Google 2-factor or 3D-secure are typical examples of such protocols. However, such short strings may be subject to brute force attacks. In this paper we propose a symbolic model which includes attacker capabilities for both guessing short strings, and producing collisions when short strings result from an application of weak hash functions. We propose a new decision procedure for analysing (a bounded number of sessions of) protocols that rely on short strings. The procedure has been integrated in the AKISS tool and tested on protocols from the ISO/IEC 9798-6:2010 standard.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"111 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Formal Verification of Protocols Based on Short Authenticated Strings\",\"authors\":\"S. Delaune, S. Kremer, Ludovic Robin\",\"doi\":\"10.1109/CSF.2017.26\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern security protocols may involve humans in order to compare or copy short strings between different devices. Multi-factor authentication protocols, such as Google 2-factor or 3D-secure are typical examples of such protocols. However, such short strings may be subject to brute force attacks. In this paper we propose a symbolic model which includes attacker capabilities for both guessing short strings, and producing collisions when short strings result from an application of weak hash functions. We propose a new decision procedure for analysing (a bounded number of sessions of) protocols that rely on short strings. The procedure has been integrated in the AKISS tool and tested on protocols from the ISO/IEC 9798-6:2010 standard.\",\"PeriodicalId\":269696,\"journal\":{\"name\":\"2017 IEEE 30th Computer Security Foundations Symposium (CSF)\",\"volume\":\"111 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-08-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 30th Computer Security Foundations Symposium (CSF)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSF.2017.26\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2017.26","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

现代安全协议可能涉及人类，以便在不同设备之间比较或复制短字符串。多因素身份验证协议(如Google 2-factor或3D-secure)是此类协议的典型示例。然而，这样短的字符串可能会受到暴力攻击。在本文中，我们提出了一个符号模型，该模型包括攻击者猜测短字符串的能力，以及当使用弱哈希函数产生短字符串时产生冲突的能力。我们提出了一种新的决策过程来分析依赖于短字符串的协议(有限数量的会话)。该程序已集成在AKISS工具中，并根据ISO/IEC 9798-6:2010标准的协议进行了测试。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Formal Verification of Protocols Based on Short Authenticated Strings

Modern security protocols may involve humans in order to compare or copy short strings between different devices. Multi-factor authentication protocols, such as Google 2-factor or 3D-secure are typical examples of such protocols. However, such short strings may be subject to brute force attacks. In this paper we propose a symbolic model which includes attacker capabilities for both guessing short strings, and producing collisions when short strings result from an application of weak hash functions. We propose a new decision procedure for analysing (a bounded number of sessions of) protocols that rely on short strings. The procedure has been integrated in the AKISS tool and tested on protocols from the ISO/IEC 9798-6:2010 standard.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 IEEE 30th Computer Security Foundations Symposium (CSF)

自引率

0.00%

发文量

期刊最新文献

Secure Composition of PKIs with Public Key Protocols Formal Verification of Protocols Based on Short Authenticated Strings Symbolic Verification of Privacy-Type Properties for Security Protocols with XOR Verified Translation Validation of Static Analyses Tight Bounds on Information Leakage from Repeated Independent Runs