Abstract
We present a formal analysis of the dynamic domain establishment protocol in the Cloud logging service. The protocol is used to establish a trust channel between the log as a service client agent (LCA) and the log as a service server agent (LSA). Formal specification and verification have been carried out using the specification language HLPSL and AVISPA, a state-of-the-art verification tool for security protocols. AVISPA has revealed two main security flaws, one of which (previously unheard of, up to our knowledge) allows an intruder to impersonate the LCA to join the dynamic domain, and may launch a denial-of-service attack. To address this problem, we propose to use explicit identity information in one’s signature. The other one is the information leakage problem, to solve this problem we propose a modification of the protocol by adding a key update protocol. After these modifications, this protocol has been verified with AVISPA to be safe from these two attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Armbrust, M., Fox, A., Joseph, A.D., Katz, R., et al.: A view of Cloud computing. Communications of the ACM 53(4), 50–58 (2010)
Huh, J.H., Martin, A.: Trusted logging for grid computing. In: Third Asia-Pacific Trusted Infrastructure Technologies Conference, pp. 30–42. IEEE Computer Society (2008)
Abbadi, I.M., Alawneh, M.: A framework for establishing trust in the Cloud. Computers and Electrical Engineering 38, 1073–1087 (2012)
Abbadi, I.M., Martin, A.: Trust in Cloud. Information Security Technical Report 16, 108–114 (2011)
Abbadi, I.M.: A framework for establishing trust in Cloud provenance. International Journal of Information Security 12(2), 111–128 (2013)
Abbadi, I.M.: Clouds’ infrastructure taxonomy, properties, and management services. In: Abraham, A., Mauri, J.L., Buford, J.F., Suzuki, J., Thampi, S.M. (eds.) ACC 2011, Part IV. CCIS, vol. 193, pp. 406–420. Springer, Heidelberg (2011)
Hussein, M., Seret, D.: A comparative Study of Security Protocols Validation Tools: HERMES vs AVISPA. In: Proceedings of IEEE International Conference on Advanced Communication Technology, ICACT 2006, pp. 497–502. IEEE Computer Society (2006)
Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., et al.: A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols. In: Proc. SAPS 2004, pp. 281–285. Austrian Computer Society (2004)
Sun, S.T., Hawkey, K., Beznosov, K.: Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures. Computers & Security 31(4), 465–483 (2012)
Parno, B.J.: Trust extension as a mechanism for secure code execution on commodity computers. Thesis for the Ph. D. Degree, School of Electrical and Computer Engineering Carnegie Mellon University, pp. 62–70 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hu, W., Ji, D. (2013). Formal Analysis of Dynamic Domain Establishment Protocol in Cloud Logging Service. In: Vieira, M., Cunha, J.C. (eds) Dependable Computing. EWDC 2013. Lecture Notes in Computer Science, vol 7869. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38789-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-38789-0_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38788-3
Online ISBN: 978-3-642-38789-0
eBook Packages: Computer ScienceComputer Science (R0)