Timed analysis of security protocols

被引:14
作者
Corin, R. [1 ]
Etalle, S. [1 ]
Hartel, P. [1 ]
Mader, A. [1 ]
机构
[1] Univ Twente, Enschede, Netherlands
来源
JOURNAL OF COMPUTER SECURITY | 2007年 / 15卷 / 06期
关键词
Timed automata; security protocols; model checking;
D O I
10.3233/JCS-2007-15603
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol, where timing information allows the study of different attack scenarios. We model check the protocols using UPPAAL. Further, a taxonomy is obtained by studying and categorising protocols from the well known Clark Jacob library and the Security Protocol Open Repository (SPORE) library. Finally, we present some new challenges and threats that arise when considering time in the analysis, by providing a novel protocol that uses time challenges and exposing a timing attack over an implementation of an existing security protocol.
引用
收藏
页码:619 / 645
页数:27
相关论文
共 30 条
[1]  
Abadi M, 2003, LECT NOTES COMPUT SC, V2482, P27
[2]   A THEORY OF TIMED AUTOMATA [J].
ALUR, R ;
DILL, DL .
THEORETICAL COMPUTER SCIENCE, 1994, 126 (02) :183-235
[3]  
Amnell Tobias, 2000, MODELING VERIFICATIO, V2067, P99
[4]  
Aura T, 2005, LECT NOTES COMPUT SC, V3574, P481
[5]  
Bella G, 1998, LECT NOTES COMPUT SC, V1485, P361, DOI 10.1007/BFb0055875
[6]  
Bellovin S. M., 1990, Computer Communication Review, V20, P119, DOI 10.1145/381906.381946
[7]   Logic of authentication [J].
Burrows, Michael ;
Abadi, Martin ;
Needham, Roger .
Operating Systems Review (ACM), 1989, 23 (05) :1-13
[8]  
Clark J., 1997, SURVEY AUTHENTICATIO
[9]  
Corin R, 2002, LECT NOTES COMPUT SC, V2477, P326
[10]  
Corin R., 2004, FMSE 2004, P23
123