Confidentiality Levels and Deliberate/Indeliberate Protocol Attacks

  • Giampaolo Bella
  • Stefano Bistarelli
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2845)


A formal definition of confidentiality is developed using soft (rather than crisp) constraints. The goal is no longer considered as a mere yes/no property as in the existing literature, but gains an extra parameter, the security level. The higher the security level, the stronger the goal. For example, different messages may enjoy different levels of confidentiality, and the same message may enjoy different levels of confidentiality for different principals. On this basis, the notion of indeliberate confidentiality attack can be captured, whereby a principal learns some message not meant for him because of someone else’s tampering. The analysis of Lowe’s attack on the Needham-Schroeder protocol reveals a new weakness.


Security Level Constraint Satisfaction Problem Security Protocol Unary Constraint Soft Constraint 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bella, G., Bistarelli, S.: Protocol Analysis using Soft Constraints. Invited talk at S.R.I. Security group, Menlo Park, USA (February 2001)Google Scholar
  2. 2.
    Bella, G., Bistarelli, S.: Soft Constraints for Security Protocol Analysis: Confidentiality. In: Ramakrishnan, I.V. (ed.) PADL 2001. LNCS, vol. 1990, pp. 108–122. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Bistarelli, S., Fruewirth, T., Marte, M., Rossi, F.: Soft Constraint Propagation and Solving in CHR. In: Proc. ACM Symposium on Applied Computing (SAC), Madrid, Spain. ACM, New York (March 2002)Google Scholar
  4. 4.
    Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based Constraint Solving and Optimization. Journal of the ACM 44(2), 201–236 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based Constraint Logic Programming: Syntax and Semantics. ACM Transactions on Programming Languages and System (TOPLAS) 23, 1–29 (2001)CrossRefGoogle Scholar
  6. 6.
    Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A Meta-Notation for Protocol Analysis. In: Proc. CSFW, pp. 55–69 (1999)Google Scholar
  7. 7.
    Denning, D.E.: A Lattice Model of Secure Information Flow. Comm. of ACM 19(5), 236–242 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Dubois, D., Fargier, H., Prade, H.: The Calculus of Fuzzy Restrictions as a Basis for Flexible Constraint Satisfaction. In: Proc. of IEEE International Conference on Fuzzy Systems, pp. 1131–1136. IEEE Press, Los Alamitos (1993)Google Scholar
  9. 9.
    Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of Bounded Security Protocols. In: Heintze, N., Clarke, E. (eds.) Proc. FMSP 1999 (1999)Google Scholar
  10. 10.
    Freuder, E.C., Wallace, R.J.: Partial Constraint Satisfaction. AI Journal (1992)Google Scholar
  11. 11.
    Gray, E.: American national standard t1.523-2001, telecom glossary 2000 (2001), published on the Web at
  12. 12.
    Lowe, G.: An Attack on the Needham-Schroeder Public-Key Authentication Protocol. Information Processing Letters 56(3), 131–133 (1995)zbMATHCrossRefGoogle Scholar
  13. 13.
    Mackworth, A.K.: Consistency in Networks of Relations. Artificial Intelligence 8(1), 99–118 (1977)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Montanari, U.: Networks of Constraints: Fundamental Properties and Applications to Picture Processing. Information Science 7, 95–132 (1971); Also Technical Report, Carnegie Mellon University (1971)CrossRefMathSciNetGoogle Scholar
  15. 15.
    Neuman, B.C., Ts’o, T.: Kerberos: An Authentication Service for Computer Networks, from IEEE Communications Magazine, September, 1994. In: Stallings, W. (ed.) Practical Cryptography for Data Internetworks. IEEE Press, Los Alamitos (1996)Google Scholar
  16. 16.
    Ruttkay, Z.: Fuzzy Constraint Satisfaction. In: Proc. of 3rd IEEE International Conference on Fuzzy Systems, pp. 1263–1268 (1994)Google Scholar
  17. 17.
    Schiex, T.: Possibilistic Constraint Satisfaction Problems, or How to Handle Soft Constraints? In: Proc. of 8th Conference on Uncertainty in AI, pp. 269–275 (1992)Google Scholar
  18. 18.
    Schiex, T., Fargier, H., Verfaille, G.: Valued Constraint Satisfaction Problems: Hard and Easy Problems. In: Proc. of the 14th International Joint Conference on Artificial Intelligence (IJCAI 1995), pp. 631–637. Morgan Kaufmann, San Francisco (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Giampaolo Bella
    • 1
    • 2
  • Stefano Bistarelli
    • 3
  1. 1.Computer LaboratoryUniversity of CambridgeCambridgeUK
  2. 2.Dipartimento di Matematica e InformaticaUniversità di CataniaCataniaItaly
  3. 3.Istituto di Informatica e TelematicaC.N.R.PisaItaly

Personalised recommendations