Skip to main content
SpringerLink
Log in

Measuring protocol strength with security goals

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Flaws in published standards for security protocols are found regularly, often after systems implementing those standards have been deployed. Because of deployment constraints and disagreements among stakeholders, different fixes may be proposed and debated. In this process, security improvements must be balanced with issues of functionality and compatibility. This paper provides a family of rigorous metrics for protocol security improvements. These metrics are sets of first-order formulas in a goal language \(\mathcal {GL}(\varPi )\) associated with a protocol \(\varPi \). The semantics of \(\mathcal {GL}(\varPi )\) is compatible with many ways to analyze protocols, and some metrics in this family are supported by many protocol analysis tools. Other metrics are supported by our Cryptographic Protocol Shapes Analyzer cpsa. This family of metrics refines several “hierarchies” of security goals in the literature. Our metrics are applicable even when, to mitigate a flaw, participants must enforce policies that constrain protocol execution. We recommend that protocols submitted to standards groups characterize their goals using formulas in \(\mathcal {GL}(\varPi )\), and that discussions comparing alternative protocol refinements measure their security in these terms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. We use the terminology of Cremers and Mauw’s [12] instead of [24] because it makes finer distinctions that are useful for our purposes.

References

  1. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: 28th ACM Symposium on Principles of Programming Languages (POPL ’01), pp. 104–115 (January 2001)

  2. Almousa, O., Mödersheim, S.A., Modesti, P., Viganò, L.: Typing and compositionality for security protocols: a generalization to the geometric fragment. In: ESORICS, LNCS Springer, (September 2015)

  3. Basin, David A., Cremers, Cas, Meier, Simon: Provably repairing the ISO/IEC 9798 standard for entity authentication. J. Comput. Secur. 21(6), 817–846 (2013)

    Article  MATH  Google Scholar 

  4. Basin, D.A., Cremers, C.J.F.: Modeling and analyzing security in the presence of compromising adversaries. In: Computer Security–ESORICS, pp. 340–356. Springer, Berlin, Heidelberg (2010)

  5. Basin, David A., Cremers, Cas J.F., Miyazaki, Kunihiko, Radomirovic, Sasa, Watanabe, Dai: Improving the security of cryptographic protocol standards. IEEE Secur. Priv. 13(3), 24–31 (2015)

    Article  Google Scholar 

  6. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Advances in Cryptology–CRYPTO’93, pp. 232–249. Springer, Berlin, Heidelberg (1993)

  7. Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Pironti, A., Strub, P.-Y.: Triple handshakes and cookie cutters: breaking and fixing authentication over TLS. In: IEEE Symposium on Security and Privacy (2014)

  8. Blanchet, B.: An efficient protocol verifier based on Prolog rules. In: 14th Computer Security Foundations Workshop, pp. 82–96. IEEE CS Press (June 2001)

  9. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Eurocrypt, LNCS, pp. 453–474. Springer (2001)

  10. Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Eurocrypt, LNCS, pp. 337–351. Springer (2002)

  11. Cervesato, Iliano, Jaggard, Aaron D., Scedrov, Andre, Tsay, Joe-Kai, Walstad, Christopher: Breaking and fixing public-key Kerberos. Inf. Comput. 206(2–4), 402–424 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  12. Cremers, Cas, Mauw, Sjouke: Operational Semantics and Verification of Security Protocols. Springer, Berlin (2012)

    Book  MATH  Google Scholar 

  13. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), Updated by RFCs 5746, 5878, 6176 (August 2008)

  14. Dougherty, D.J., Guttman, J.D.: Decidability for lightweight Diffie–Hellman protocols. In: IEEE Symposium on Computer Security Foundations (2014)

  15. Durgin, Nancy, Lincoln, Patrick, Mitchell, John, Scedrov, Andre: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12(2), 247–311 (2004). (Initial version appeared in Workshop on Formal Methods and Security Protocols, 1999)

    Article  Google Scholar 

  16. Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. Found. Secur. Anal. Des. V, 1–50 (2009)

  17. Guttman, J.D.: Shapes: surveying crypto protocol runs. In Veronique Cortier and Steve Kremer, editors, Formal Models and Techniques for Analyzing Security Protocols, Cryptology and Information Security Series. IOS Press, Amsterdam (2011)

  18. Guttman, Joshua D.: State and progress in strand spaces: proving fair exchange. J. Autom. Reason. 48(2), 159–195 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  19. Guttman, Joshua D.: Establishing and preserving protocol security goals. J. Comput. Secur. 22(2), 201–267 (2014)

    Article  Google Scholar 

  20. Guttman, J.D., Liskov, M.D., Rowe, P.D.: Security goals and evolving standards. In: Security Standardisation Research, pp. 93–110. Springer (2014)

  21. ISO/IEC IS 9798–2: Entity authentication mechanisms—part 2: entity authentication using symmetric encipherment algorithms (1993)

  22. International Organization for Standardization: ISO/IEC 29128: Information technology—security techniques—verification of cryptographic protocols (2011)

  23. Liu, C., Singhal, A., Wijesekera, D.: A model towards using evidence from security events for network attack analysis. In: WOSIS 2014—Proceedings of the 11th International Workshop on Security in Information Systems, Lisbon, Portugal, 27 April, 2014 pp. 83–95 (2014)

  24. Lowe, G.: A hierarchy of authentication specification. In: 10th Computer Security Foundations Workshop Proceedings, pp. 31–43. IEEE CS Press (1997)

  25. Luce, R.D., Suppes, P.: Measurement, theory of Encyclopedia Britannica. 15th edn (11), pp. 739–745 (1974)

  26. Martin, R.A.: Making security measurable and manageable. In: MILCOM 2008 (November 2008)

  27. Meadows, C.: The NRL protocol analyzer: an overview. J. Log. Program. 26(2), 113–131 (1996)

    Article  MATH  Google Scholar 

  28. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5). RFC 4120 (Proposed Standard), (July 2005). Updated by RFCs 4537, 5021, 5896, 6111, 6112, 6113, 6649, 6806

  29. Ramsdell, J.D., Dougherty, D.J., Guttman, J.D., Rowe, P.D.: A hybrid analysis for security protocols with state In: Integrated Formal Methods, pp. 272–287. Springer International Publishing (2014). http://dx.doi.org/10.1007/978-3-319-10181-1_17

  30. Ramsdell, J.D., Guttman, J.D.: CPSA: a cryptographic protocol shapes analyzer (2009). http://hackage.haskell.org/package/cpsa

  31. Rescorla, E., Ray, M., Dispensa, S., Oskov, N.: Transport Layer Security (TLS) Renegotiation Indication Extension. RFC 5746 (Proposed Standard) (February 2010)

  32. Roscoe, A.W.: Intensional specifications of security protocols, pp. 28–38. In: IEEE Computer Security Foundations, Workshop (1996)

  33. Song, Dawn Xiaodong,: Athena: A new efficient automated checker for security protocol analysis. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop. IEEE CS Press (June 1999)

  34. Sun, K., Jajodia, S., Li, J., Cheng, Y., Tang, W., Singhal, A.: Automatic security analysis using security metrics. In: MILCOM (November 2011)

  35. Thayer, F.Javier, Herzog, Jonathan C., Guttman, Joshua D.: Strand spaces: proving security protocols correct. J. Comput. Secur. 7(2/3), 191–230 (1999)

    Article  Google Scholar 

  36. The MITRE Corporation. The common vulnerabilities and exposures (CVE) initiative. http://cve.mitre.org

  37. The MITRE Corporation. The common weakness enumeration (CWE). http://cwe.mitre.org

  38. Woo, T.Y.C., Lam, S.S.: Verifying authentication protocols: Methodology and example. In: Proceedings of International Conference on Network Protocols (October 1993)

  39. Zhu, L., Tung, B.: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT). RFC 4556 (Proposed Standard) (June 2006). Updated by RFC 6112

Download references

Author information

Authors and Affiliations

  1. The MITRE Corporation, Bedford, MA, USA

    Paul D. Rowe, Joshua D. Guttman & Moses D. Liskov

Authors
  1. Paul D. Rowe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joshua D. Guttman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Moses D. Liskov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joshua D. Guttman.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rowe, P.D., Guttman, J.D. & Liskov, M.D. Measuring protocol strength with security goals. Int. J. Inf. Secur. 15, 575–596 (2016). https://doi.org/10.1007/s10207-016-0319-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-016-0319-z

Keywords

Search

Navigation