Book ChapterDOI
Deriving, Attacking and Defending the GDOI Protocol
Catherine Meadows,Dusko Pavlovic +1 more
- Vol. 3193, pp 53-72
TLDR
A derivational reconstruction of GDOI, the protocol proposed in IETF RFC 3547 for authenticated key agreement in group communication over IPsec, is attempted to demonstrate the point the derivational approach, which tracks and formalizes the way protocols are designed informally: by refining and composing basic protocol components.Abstract:
As a part of a continued effort towards a logical framework for incremental reasoning about security, we attempted a derivational reconstruction of GDOI, the protocol proposed in IETF RFC 3547 for authenticated key agreement in group communication over IPsec. The difficulties encountered in deriving one of its authentication properties led us to derive an attack that had not surfaced in the previous extensive analyses of this protocol. The derivational techniques turned out to be helpful not only for constructing, analyzing and modifying protocols, but also attacks on them. We believe that the presented results demonstrate the point the derivational approach, which tracks and formalizes the way protocols are designed informally: by refining and composing basic protocol components.read more
Citations
More filters
Journal ArticleDOI
Protocol Composition Logic (PCL)
TL;DR: PCL supports compositional reasoning about complex security protocols and has been applied to a number of industry standards including SSL/TLS, IEEE 802.11i and Kerberos V5.
Proceedings ArticleDOI
A modular correctness proof of IEEE 802.11i and TLS
TL;DR: The proof is modular, comprising a separate proof for each protocol section and providing insight into the networking environment in which each section can be reliably used, and holds for a variety of failure recovery strategies and other implementation and configuration options.
Book ChapterDOI
Distance Bounding Protocols: Authentication Logic Analysis and Collusion Attacks
TL;DR: The first full-scale formal analysis of a distance bounding protocol is given, and it is shown how this analysis helps to reduce message and cryptographic complexity without reducing security.
Proceedings ArticleDOI
ASPIER: An Automated Framework for Verifying Security Protocol Implementations
Sagar Chaki,Anupam Datta +1 more
TL;DR: The ASPIER tool is implemented and used to verify authentication and secrecy properties of a part of an industrial strength protocol implementation -- the handshake in OpenSSL -- for configurations consisting of up to 3 servers and 3 clients.
Journal ArticleDOI
Formal analysis of Kerberos 5
TL;DR: This work enabled proving that Kerberos supports the expected authentication and confidentiality properties, and that it is structurally sound; these results rely on a pair of intertwined inductions.
References
More filters
Proceedings ArticleDOI
Universally composable security: a new paradigm for cryptographic protocols
TL;DR: The notion of universally composable security was introduced in this paper for defining security of cryptographic protocols, which guarantees security even when a secure protocol is composed of an arbitrary set of protocols, or more generally when the protocol is used as a component of a system.
Journal ArticleDOI
A logic of authentication
TL;DR: This paper describes the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication, and gives the results of the analysis of four published protocols.
Journal ArticleDOI
Authentication and authenticated key exchanges
TL;DR: A simple, efficient protocol referred to as the station-to-station (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols.
PPP Extensible Authentication Protocol (EAP)
L. Blunk,J. Vollbrecht +1 more
TL;DR: This document defines the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication methods that typically runs directly over data link layers such as Point-to-Point Protocol (PPP) or IEEE 802, without requiring IP.
The Internet Key Exchange (IKE)
D. Harkins,D. Carrel +1 more
TL;DR: ISAKMP ([MSST98]) provides a framework for authentication and key exchange but does not define them.