Abstract
With security standards, as with software, we cannot expect to eliminate all security flaws prior to publication. Protocol standards are often updated because flaws are discovered after deployment. The constraints of the deployments, and variety of independent stakeholders, mean that different ways to mitigate a flaw may be proposed and debated.
In this paper, we propose a criterion for one mitigation to be at least as good as another from the point of view of security. This criterion is supported by rigorous protocol analysis tools. We also show that the same idea is applicable even when some approaches to mitigating the flaw require cooperation between the protocol and its application-level caller.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Basin, D.A., Cremers, C., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. Journal of Computer Security 21(6), 817–846 (2013)
Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Pironti, A., Strub, P.-Y.: Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS. In: IEEE Symposium on Security and Privacy (2014)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems 8, 18–36 (1990)
Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K., Walstad, C.: Breaking and fixing public-key Kerberos. Inf. Comput. 206(2-4), 402–424 (2008)
Cremers, C., Mauw, S.: Operational Semantics and Verification of Security Protocols. Springer (2012)
Datta, A., Derek, A., Mitchell, J.C., Roy, A.: Protocol composition logic (PCL). Electr. Notes Theor. Comput. Sci. 172, 311–358 (2007)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), Updated by RFCs 5746, 5878, 6176 (August 2008)
Dougherty, D.J., Guttman, J.D.: Decidability for lightweight Diffie-Hellman protocols. In: IEEE Symposium on Computer Security Foundations (2014)
Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols. Journal of Computer Security 12(2), 247–311 (1999), Initial version appeared Workshop on Formal Methods and Security Protocols (1999)
Guttman, J.D.: Shapes: Surveying crypto protocol runs. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols. Cryptology and Information Security Series. IOS Press (2011)
Guttman, J.D.: Establishing and preserving protocol security goals. Journal of Computer Security 22(2), 201–267 (2014)
Lowe, G.: A hierarchy of authentication specification. In: CSFW, pp. 31–44 (1997)
Meadows, C.: The NRL protocol analyzer: An overview. The Journal of Logic Programming 26(2), 113–131 (1996)
Meadows, C.: Analysis of the Internet Key Exchange Protocol using the NRL Protocol Analyzer. In: IEEE Symposium on Security and Privacy, pp. 216–231 (1999)
Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Journal on Selected Areas in Communications 21(1), 44–54 (2003)
Mitchell, J.C., Roy, A., Rowe, P., Scedrov, A.: Analysis of EAP-GPSK authentication protocol. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 309–327. Springer, Heidelberg (2008)
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5). RFC 4120 (Proposed Standard), Updated by RFCs 4537, 5021, 5896, 6111, 6112, 6113, 6649, 6806 (July 2005)
Ramsdell, J.D., Guttman, J.D.: CPSA: A cryptographic protocol shapes analyzer (2009), http://hackage.haskell.org/package/cpsa
Rescorla, E., Ray, M., Dispensa, S., Oskov, N.: Transport Layer Security (TLS) Renegotiation Indication Extension. RFC 5746 (Proposed Standard) (February 2010)
Song, D.X.: Athena: A new efficient automated checker for security protocol analysis. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop. IEEE CS Press (June 1999)
Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7(2/3), 191–230 (1999)
Zhu, L., Tung, B.: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT). RFC 4556 (Proposed Standard), Updated by RFC 6112 (June 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Guttman, J.D., Liskov, M.D., Rowe, P.D. (2014). Security Goals and Evolving Standards. In: Chen, L., Mitchell, C. (eds) Security Standardisation Research. SSR 2014. Lecture Notes in Computer Science, vol 8893. Springer, Cham. https://doi.org/10.1007/978-3-319-14054-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-14054-4_7
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14053-7
Online ISBN: 978-3-319-14054-4
eBook Packages: Computer ScienceComputer Science (R0)