Abstract
The paper analyzes SCEP, the Simple Certificate Enrollment Procedure, a two-way communication protocol to manage the secure emission of digital certificates to network devices. The protocol provides a consistent method of requesting and receiving certificates from different Certification Authorities by offering an open and scalable solution for deploying certificates which can be beneficial to all network devices and IPSEC software solutions. We formally analyze SCEP through a software tool for the automatic analysis of cryptographic protocols able to discover, at a conceptual level, attacks against security procedures. Our method of survey contributes towards a better understanding of the structure and aims of a protocol both for developers, analyzers and final users.
Work partially supported by Microsoft Research Europe (Cambridge); by MIUR project “MEFISTO: Metodi Formali per la Sicurezza ed il Tempo”; by MIUR project “Tecniche e Strumenti Software per l'Analisi della Sicurezza delle Comunicazioni in Applicazioni Telematiche di Interesse Economico e Sociale”; by CNR project “Strumenti,Ambienti edApplicazioni Innovative per la Società dell’Informazione”; by CSP project “SeTAPS: Strumenti e Tecniche per l'Analisi di Protocolli di Sicurezza”.
SCEP is the evolution of specifications developed by Verisign Inc. and Cisco Systems and it is commercially available in both client and CA implementations.
Released on May 15, 2002, it will expire on November 15, 2002. As declared by the same authors, it has to be considered as a “work in progress”.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
M. Abadi and A.D. Gordon. Reasoning about Cryptographic Protocols in the Spi Calculus. In Proc. of CONCUR’97, volume 1243 LNCS, pages 59–73. Springer, 1997.
T. Cichocki and J. Gorski. Formal Support for Fault Modeling and Analysis. In Proc. of SAFECOMP’01, volume 2187 LNCS, pages 190–199. Springer, 2001.
R. Focardi, R. Gorrieri, and F. Martinelli. Non Interference for the Analysis of Cryptographic Protocols. In Proc. of ICALP’00, volume 1853 LNCS, pages 354–372. Springer, 2000.
A. Giani, F. Martinelli, M. Petrocchi, and A. Vaccarelli. A Case Study with PaMoChSA: a Tool for the Automatic Analysis of Cryptographic Protocols. In Proc. of SCI-ISAS’01, volume 5, Orlando, July 2001.
R. Housley, W. Ford, W. Polk, and D. Solo. RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, IETF, 1999. http://www.ietf.org/rfc/rfc2459.txt.
X. Liu, C. Madson, D. McGrew, and A. Nourse. Internet Draft: draft-nourse-scep-06, Cisco Systems, 2002. http://www.vpnc.org/draft-nourse-scep.
G. Lowe and A. W. Roscoe. Using CSP to Detect Errors in the TMN protocol. Software Engineering, 23(10):659–669, 1997.
D. Marchignoli and F. Martinelli. Automatic Verification of Cryptographic Protocols through Compositional Analysis Techniques. In Proc. of TACAS’99, volume 1579 LNCS, 1999.
F. Martinelli. Analysis of Security Protocols as Open Systems. Theoretical Computer Science (to appear). A preliminary version in ICTCS,World Scientific, pages 304–315, 1998.
C. Meadows. Formal Verification of Cryptographic Protocols: a Survey. In ASIACRYPT’94: Advances in Cryptology, volume 917 LNCS, pages 135–150. Springer, 1995.
R. Milner. Communication and Concurrency. Prentice Hall, 1989.
R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Comm. of the ACM, 21(2):120–126, 1978.
F.B. Schneider. Applied Cryptography. J. Wiley & Sons, Inc, 1996.
V. Shmatikov and U. Stern. Efficient Finite State Analysis for Large Security Protocols. In Proc. of CSFW’98, pages 105–116. IEEE Computer Society Press, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Martinelli, F., Petrocchi, M., Vaccarelli, A. (2002). Automated Analysis of Some Security Mechanisms of SCEP* . In: Chan, A.H., Gligor, V. (eds) Information Security. ISC 2002. Lecture Notes in Computer Science, vol 2433. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45811-5_32
Download citation
DOI: https://doi.org/10.1007/3-540-45811-5_32
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44270-7
Online ISBN: 978-3-540-45811-1
eBook Packages: Springer Book Archive