Abstract
The theme of this year’s workshop emphasises the widespread use of security protocols in the current epoch. The Web 2.0 for example demands secure transactions for “brief encounters”, that is between principals that share a shortlived goal such as an e-bay purchase.
In this setting, the untouchable Dolev-Yao threat model is inappropriate. It seems more suitable to assume that principals do not share private knowledge and that each of them pursue personal interests without colluding with anyone else. They may attack each other.
This position paper attempts at exceeding Dolev-Yao. It analyses the best-known protocol scenario (which pertains to the Needham-Schroeder-Lowe protocol) under the new threat model, and discusses some novel findings. It shows that current validation methods based on machine-assisted finite-state enumeration scale up to our extended analysis.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Rogaway, P.: Provably secure session key distribution– the three party case. In: Proceedings 27th Annual Symposium on the Theory of Computing, pp. 57–66. ACM (1995)
Abadi, M., Rogaway, P.: Reconciling Two Views of Cryptography. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, pp. 3–22. Springer, Heidelberg (2000)
Gollmann, D.: On the verification of cryptographic protocols — a tale of two committees. In: Proc. of the Workshop on Secure Architectures and Information Flow. ENTCS 32, Elsevier Science (2000)
Backes, M., Pfitzmann, B.: Relating symbolic and cryptographic secrecy. In: IEEE Symposium on Security and Privacy (2005)
Bella, G., Bistarelli, S., Massacci, F.: Retaliation: Can we live with flaws? In: Essaidi, M., Thomas, J. (eds.) Proc. of the Nato Advanced Research Workshop on Information Security Assurance and Security. Nato through Science, vol. 6, pp. 3–14. IOS Press (2006), http://www.iospress.nl/loadtop/load.php?isbn=9781586036782
Lowe, G.: Breaking and Fixing the Needham-Shroeder Public-Key Protocol Using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)
Ryan, P.Y.A., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, A.W.: Modelling and Analysis of Security Protocols. AW (2001)
Bella, G.: Formal Correctness of Security Protocols. Information Security and Cryptography. Springer (2007)
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Armando, A., Carbone, R., Compagna, L.: LTL Model Checking for Security Protocols. In: Proceedings of the 20th IEEE Computer Security Foundations Symposium, CSF20, Venice, Italy, July 6-8. IEEE Computer Society (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Arsac, W., Bella, G., Chantry, X., Compagna, L. (2013). Attacking Each Other. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds) Security Protocols XVII. Security Protocols 2009. Lecture Notes in Computer Science, vol 7028. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36213-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-36213-2_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36212-5
Online ISBN: 978-3-642-36213-2
eBook Packages: Computer ScienceComputer Science (R0)