Abstract
Security protocols have been analysed focusing on a variety of properties to withstand the Dolev-Yao attacker. The Multi-Attacker treat model allows each protocol participant to behave maliciously intercepting and forging messages. Each principal may then behave as a Dolev-Yao attacker while neither colluding nor sharing knowledge with anyone else. This feature rules out the applicability of existing equivalence results in the Dolev-Yao model. The analysis of security protocols under the Multi-Attacker threat model brings forward yet more insights, such as retaliation attacks and anticipation attacks, which formalise currently realistic scenarios of principals competing each other for personal profit. They are variously demonstrated on a classical protocol, Needham-Schroeder’s, and on a modern deployed protocol, Google’s SAML-based single sign-on protocol. The general threat model for security protocols based on set-rewriting that was adopted in AVISPA (Armando et al. 2005) is extended to formalise the Multi-Attacker. The state-of-the-art model checker SATMC (Armando and Compagna, Int J Inf Secur 6(1):3–32, 2007) is then used to automatically validate the protocols under the new threats, so that retaliation and anticipation attacks can automatically be found. The tool support scales up to the Multi-Attacker threat model at a reasonable price both in terms of human interaction effort and of computational time.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Abadi, M., Gordon, A.: A calculus for cryptographic protocols: the spi calculus. Inf. Comput. 148(1), 1–70 (1999)
Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). In: Proc. of the International Conference IFIP on Theoretical Computer Science (TCS’00), pp. 3–22. Springer, Heidelberg (2000)
Aiyer, A.S., Alvisi, L., Clement, A., Dahlin, M., Martin, J.-P., Porth, C.: Bar fault tolerance for cooperative services. ACM SIGOPS Oper. Syst. Rev. 39(5), 45–58 (2005)
Anderson, R.: Why cryptosystems fail. In: CCS93, pp. 217–227. ACMP (1993)
Armando, A., Basin, D.A., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P.H., Héam, P.-C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV. Lecture Notes in Computer Science, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Armando, A., Carbone, R., Compagna, L.: LTL model checking for security protocols. In: Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF20), 6–8 July 2007, Venice, Italy. LNCS. Springer, Heidelberg (2007)
Armando, A., Carbone, R., Compagna, L., Cuellar, J., Abad, L.T.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering (FMSE 2008). ACM, New York (2008)
Armando, A., Compagna, L.: SATMC: a SAT-based model checker for security protocols. In: Proceedings of the 9th European Conference on Logics in Artificial Intelligence (JELIA’04). LNAI, vol. 3229, pp. 730–733, Lisbon, Portugal. Springer, Heidelberg (2004)
Armando, A., Compagna, L.: SAT-based model-checking for security protocols analysis. Int. J. Inf. Secur. 6(1), 3–32 (2007)
Arsac, W., Bella, G., Chantry, X., Compagna, L.: Attacking each other. In: Proc. of the 17th International Workshop on Security Protocols (CIWSP’09). Springer, Heidelberg (2009)
Arsac, W., Bella, G., Chantry, X., Compagna, L.: Validating security protocols under the general attacker. In: Proc. of the Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPA-WITS’09). Springer, Heidelberg (2009)
AVISPA: AVISPA Library of security protocols. http://www.avispa-project.org/library/index.html
Backes, M., Pfitzmann, B.: Relating symbolic and cryptographic secrecy. In: IEEE Symposium on Security and Privacy (2005)
Bella, G.: Formal Correctness of Security Protocols. Information Security and Cryptography. Springer (2007)
Bella, G.: The rational attacker. http://www.dmi.unict.it/~giamp/Seminars/rationalattackerSAP08.pdf. Invited talk at SAP Research France, Sophia Antipolis (2008)
Bella, G.: What is correctness of security protocols? Springer J. Univers. Comput. Sci. 14(12), 2083–2107 (2008)
Bella, G., Bistarelli, S.: Confidentiality levels and deliberate/indeliberate protocol attacks. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Proc. of the 10th Security Protocols Workshop (SPW’02). LNCS 2845, pp. 104–119. SV (2004)
Bella, G., Bistarelli, S., Massacci, F.: Retaliation: can we live with flaws? In: Essaidi, M., Thomas, J. (eds.) Proc. of the Nato Advanced Research Workshop on Information Security Assurance and Security. Nato Through Science, vol. 6, pp. 3–14. IOS, Amsterdam (2006). http://www.iospress.nl/loadtop/load.php?isbn=9781586036782
Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: Proceedings 27th Annual Symposium on the Theory of Computing, pp. 57–66. ACM (1995)
Blanchet, B.: Automatic verification of cryptographic protocols: a logic programming approach. In: Proceedings of the 5th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming, 27–29 August 2003, pp. 1–3. Uppsala, Sweden (2003)
Buttyán, L., Hubaux, J.-P., Čapkun, S.: A formal model of rational exchange and its application to the analysis of syverson’s protocol. J. Comput. Secur. 12(3,4), 551–587 (2004)
Caleiro, C., Viganò, L., Basin, D.: Metareasoning about security protocols using distributed temporal logic. In: Electronic Notes in Theoretical Computer Science (Proceedings of the Workshop on Automated Reasoning for Security Protocol Analysis, ARSPA 2004), vol. 125(1), pp. 67–89. http://www.sciencedirect.com (2005)
Caleiro, C., Viganò, L., Basin, D.: Relating strand spaces and distributed temporal logic for security protocol analysis. Log. J. IGPL 13(6), 637–663 (2005)
Compagna, L.: SAT-based model-checking of security protocols. Phd, Università degli Studi di Genova, Italy, and University of Edinburgh, Scotland (2005). Available at www.ai-lab.it/compa/PhD-Thesis/main.ps
Dolev, D., and Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29) 350–357 (1981)
Fábrega, F.J.T., Herzog, J.C., Guttman, J.D.: Strand spaces: proving security protocols correct. J. Comput. Secur. 7, 191–230 (1999)
Gollmann, D.: On the verification of cryptographic protocols—a tale of two committees. In: Proc. of the Workshop on Secure Architectures and Information Flow, ENTCS 32. Elsevier Science (2000)
Jacquemard, F., Rusinowitch, M., Vigneron, L.: Compiling and verifying security protocols. In: Parigot, M., Voronkov, A. (eds.) Proceedings of LPAR 2000. LNCS 1955, pp. 131–160. Springer, Heidelberg (2000)
Kremer, S., Raskin, J.-F.: Game analysis of abuse-free contract signing. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop (CSFW’02), pp. 206–230. IEEE, New York (2002)
Lowe, G.: Breaking and fixing the needham-shroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) Proceedings of TACAS’96. LNCS 1055, pp. 147–166. Springer, Heidelberg (1996)
Lowe, G.: Towards a completeness result for model checking of security protocols. J. Comput. Secur. 7(2–3), 89–146 (1999)
Maurer, U.M., Schmid, P.E.: A calculus for security bootstrapping in distributed systems. J. Comput. Secur. 4(1), 55–80 (1996)
Needham, R.M.: Keynote address: the changing environment. In: Christianson, B., Crispo, B., Malcolm, J.A., Michael, R. (eds.) Proc. of the 7th Security Protocols Workshop (SPW’99). LNCS 1796, pp. 1–5. Springer, Heidelberg (2000)
Neuman, B.C., Ts’o, T.: Kerberos: an authentication service for computer networks, from IEEE communications magazine, september (1994). In: Stallings, W. (ed.) Practical Cryptography for Data Internetworks. IEEE, New York (1996)
OASIS. Security assertion markup language (SAML) v2.0. Available at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security (2005)
Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6, 85–128 (1998)
Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theor. Comput. Sci. 299, 451–475 (2003). http://www.loria.fr/~rusi/pub/tcsprotocol.ps.gz
Ryan, P.Y.A., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, A.W.: Modelling and Analysis of Security Protocols. AW (2001)
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was partially supported by the FP7-ICT-2007-1 Project no. 216471, “AVANTSSAR: Automated Validation of Trust and Security of Service-oriented Architectures” (www.avantssar.eu).
Rights and permissions
About this article
Cite this article
Arsac, W., Bella, G., Chantry, X. et al. Multi-Attacker Protocol Validation. J Autom Reasoning 46, 353–388 (2011). https://doi.org/10.1007/s10817-010-9185-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10817-010-9185-y