skip to main content
10.1145/1103022.1103035acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Tailoring the Dolev-Yao abstraction to web services realities

Published: 11 November 2005 Publication History

Abstract

Web Services are an important series of standards for adding semantics to web-based and XML-based communication. For analyzing the security of Web Services protocols composed of these standards, it is tempting to exploit their similarity to traditional security protocols by first transforming them into the Dolev-Yao abstraction, where cryptographic operators are treated symbolically as constructors of a free algebra, and as a second step by applying existing symbolic techniques for machine-assisted or even fully automated protocol verification within this abstraction.We show in this paper that this approach tends to ignore intrinsic aspects of Web Services standards and protocols and to hence be too coarse-grained for capturing Web Services security in all its facets. We identify a series of such aspects both on the conceptual level and on the level of concrete Web Services protocols: service requestors and providers have additional properties independent of the protocol under consideration and hence offer additional attack possibilities, protocol behaviors can be defined by explicit Web Services policies and complex message parsings which do not necessarily follow the common Dolev-Yao-style parsing conventions, etc. We sketch in a series of examples how to exploit these aspects for mounting successful attacks against Web Services protocols, and we discuss possibilities to circumvent these attacks. In particular, this exemplifies the need for tailoring Dolev-Yao abstractions specifically to Web Services idiosyncrasies, which go beyond the standard Dolev-Yao assumptions.

References

[1]
M. Abadi and A. D. Gordon. A calculus for cryptographic protocols: The spi calculus. Information and Computation, 148(1):1--70, 1999.]]
[2]
M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 22(1):6--15, 1996.]]
[3]
J. H. An, Y. Dodis, and T. Rabin. On the security of joint signature and encryption. In L. Knudsen, editor, Advances in Cryptology -- EURO-CRYPT '2002, volume 2332 of Lecture Notes in Computer Science, pages 83--107, Amsterdam, The Netherlands, Apr. 2002. Springer-Verlag, Berlin Germany.]]
[4]
M. Backes, S. Mödersheim, B. Pfitzmann, and L. Viganò. Symbolic and cryptographic analysis of the Secure WS-ReliableMessaging scenario. Technical Report IBM Research Report RZ 3619, IBM Research Division, Aug. 2005.]]
[5]
M. Backes and B. Pfitzmann. Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In Proc. 17th IEEE Computer Security Foundations Workshop (CSFW), 2004. Full version in IACR Cryptology ePrint Archive 2004/059, Feb. 2004, http://eprint.iacr.org/.]]
[6]
M. Backes, B. Pfitzmann, and M. Waidner. A composable cryptographic library with nested operations (extended abstract). In Proc. 10th ACM Conference on Computer and Communications Security, pages 220--230, 2003. Full version in IACR Cryptology ePrint Archive 2003/015, Jan. 2003, http://eprint.iacr.org/.]]
[7]
M. Backes, B. Pfitzmann, and M. Waidner. Symmetric authentication within a simulatable cryptographic library. In Proc. 8th European Symposium on Research in Computer Security (ESORICS), volume 2808 of Lecture Notes in Computer Science, pages 271--290. Springer, 2003. Extended version in IACR Cryptology ePrint Archive 2003/145, Jul. 2003, http://eprint.iacr.org/.]]
[8]
M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Advances in Cryptology: ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 531--545. Springer, 2000.]]
[9]
M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient constructions. In Advances in Cryptology: ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 317--330. Springer, 2000.]]
[10]
K. Bhargavan, R. Corin, C. Fournet, and A. Gordon. Secure sessions for web services. In ACM Workshop on Secure Web Services (SWS). ACM Press, to appear, 2004.]]
[11]
K. Bhargavan, C. Fournet, and A. Gordon. Verifying policy-based security for web services. In Proc. 11th ACM Conference on Computer and Communications Security, pages 268--277, 2004.]]
[12]
K. Bhargavan, C. Fournet, A. Gordon, and R. Pucella. TulaFale: A security tool for web servics. In Proc. 2nd International Symposium on Formal Methods for Components and Objects (FMCO), 2003. To appear in Springer LNCS, Revised Lectures, 2004.]]
[13]
K. Bhargavan, C. Fournet, and A. D. Gordon. A semantics for web services authentication. In 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 198--209. ACM Press, 2004.]]
[14]
B. Blanchet. Automatic proof of strong secrecy for security protocols. In Proc. 25th IEEE Symposium on Security \& Privacy, pages 86--100, 2004.]]
[15]
D. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. F. Nielsen, S. Thatte, and D. Winer. Simple object access protocol (SOAP) 1.1, May 2000.]]
[16]
M. Burrows, M. Abadi, and R. Needham. A logic for authentication. Technical Report~39, SRC DIGITAL, 1990.]]
[17]
D. Dolev and A. C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198--208, 1983.]]
[18]
P. H. Drielsma, S. Mödersheim, and L. Viganò. A formalization of off-line guessing for security protocol analysis. In A. V. Franz~Baader, editor, LPAR, volume 3452 of LNAI, pages 363--379. ETH Zürich, Computer Science, Springer-Verlag, Berlin Germany, Mar. 2005.]]
[19]
D. Eastlake III, J. Reagle, and D. Solo. XML-Signature syntax and processing, Mar. 2002. http://www.w3.org/TR/xmldsig-core/.]]
[20]
S. Even and O. Goldreich. On the security of multi-party ping-pong protocols. In Proc. 24th IEEE Symposium on Foundations of Computer Science (FOCS), pages 34--39, 1983.]]
[21]
R. T. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. RFC 2616: Hypertext transfer protocol -- HTTP/1.1, June 1999. Status: Standards Track.]]
[22]
T. Groβ. Security analysis of the SAML Single Sign-on Browser/Artifact profile. In Proc. 19th Annual Computer Security Applications Conference. IEEE, Dec. 2003.]]
[23]
T. Groβ and B. Pfitzmann. Proving a WS-Federation Passive Requestor profile. In 2004 ACM Workshop on Secure Web Services (SWS), Washington, DC, USA, Oct. 2004. ACM Press.]]
[24]
T. Groβ, B. Pfitzmann, and A.-R. Sadeghi. Browser model for security analysis of browser-based protocols. In ESORICS: 10th European Symposium on Research in Computer Security, volume 3679 of Lecture Notes in Computer Science, pages 489--508. Springer-Verlag, Berlin Germany, 2005. To appear; preliminary version IBM Research Report RZ 3600, April 2005.]]
[25]
T. Groβ, B. Pfitzmann, and A.-R. Sadeghi. Proving a WS-Federation Passive Requestor profile with a browser model. In 2005 ACM Workshop on Secure Web Services (SWS), Fairfax, Virginia, USA., Nov. 2005. ACM Press. To appear.]]
[26]
M. Gudgin and A. N. (ed.). Web Services Trust Language (WS-Trust), Feb. 2005. Available at http://www-106.ibm.com/developerworks/library/specification/ws-trust/.]]
[27]
J. Guttman and J. Thayer Fabrega. Protocol independence with disjoint encryption. In Proc. 13th IEEE Computer Security Foundations Workshop (CSFW), pages 24--34, 2000.]]
[28]
S. M. Hansen, J. Skriver, and H. R. Nielson. Using static analysis to validate the SAML single sign-on protocol. In Proceedings of the 2005 workshop on Issues in the theory of security (WITS '05), pages 27--40, New York, NY, USA, 2005. ACM Press.]]
[29]
M. Hur, R. D. Johnson, A. Medvinsky, Y. Rouskov, J. Spellman, S. Weeden, and A. Nadalin. Passive Requestor Federation Interop Scenario, Version 0.4, Feb. 2004. ftp://www6.software.ibm.com/software/developer/library/ws-fpscenario2.doc.]]
[30]
F. Jacquemard, M. Rusinowitch, and L. Vigneron. Compiling and verifying security protocols. In Proc. 7th International Conference on Logic for Programming and Automated Reasoning (LPAR), volume 1955 of Lecture Notes in Computer Science, pages 131--160. Springer, 2000.]]
[31]
C. Kaler and A. N. (ed.). WS-Federation: Passive Requestor Profile, Version 1.0, July 2003. BEA and IBM and Microsoft and RSA Security and VeriSign, http://www-106.ibm.com/developerworks/library/ws-fedpass/.]]
[32]
R. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448--457, 1989.]]
[33]
R. Kemmerer, C. Meadows, and J. Millen. Three systems for cryptographic protocol analysis. Journal of Cryptology, 7(2):79--130, 1994.]]
[34]
E. Kleiner and A. Roscoe. On the relationship of traditional and web services security protocols (extended abstract). Unpublished manusscript, available from http://web.comlab.ox.ac.uk/oucl/work/eldar.kleiner/, 2005.]]
[35]
D. P. Kormann and A. D. Rubin. Risks of the Passport single signon protocol. Computer Networks, 33(1--6):51--58, June 2000.]]
[36]
H. Krawczyk. The order of encryption and authentication for protecting communications (or: how secure is SSL?). In CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 310--331. International Association for Cryptologic Research, Springer-Verlag, Berlin Germany, 2001.]]
[37]
G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proc. 2nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 1055 of Lecture Notes in Computer Science, pages 147--166. Springer, 1996.]]
[38]
M. McIntosh and P. Austel. Xml signature element wrapping attacks and countermeasures. In 2005 ACM Workshop on Secure Web Services (SWS), Fairfax, Virginia, USA., Nov. 2005. ACM Press. To appear.]]
[39]
C. Meadows. Using narrowing in the analysis of key management protocols. In Proc. 10th IEEE Symposium on Security \& Privacy, pages 138--147, 1989.]]
[40]
C. Meadows. Formal verification of cryptographic protocols: A survey. In Proc. ASIACRYPT '94, volume 917 of Lecture Notes in Computer Science, pages 135--150. Springer, 1994.]]
[41]
M. Merritt. Cryptographic Protocols. PhD thesis, Georgia Institute of Technology, 1983.]]
[42]
J. K. Millen. The interrogator: A tool for cryptographic protocol security. In Proc. 5th IEEE Symposium on Security & Privacy, pages 134--141, 1984.]]
[43]
J. C. Mitchell, V. Shmatikov, and U. Stern. Finite-state analysis of SSL 3.0 and related protocols. In DIMACS Workshop on Design and Formal Verification of Security Protocols, Sept. 1997. http://dimacs.rutgers.edu/Workshops/Security/.]]
[44]
A. Nadalin, P. Griffin, C. Kaler, P. Hallam-Baker, and R. Monzillo. Web Services Security UsernameToken profile 1.0, Mar. 2004.]]
[45]
OASIS Standard. Security assertion markup language (SAML) V1.1, Nov. 2002.]]
[46]
OASIS Standard. Security assertion markup language (SAML) V2.0, Mar. 2005.]]
[47]
L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Cryptology, 6(1):85--128, 1998.]]
[48]
L. C. Paulson. Inductive analysis of the internet protocol TLS. ACM Transactions on Information and System Security, 2(3):332--351, 1999.]]
[49]
V. Shoup. On formal models for secure key exchange. Research Report RZ 3120 (#93166), IBM Research, Apr. 1999. Version 4, November 1999, available from http://www.shoup.net/papers/.]]
[50]
P. Syverson. Limitations on design principles for public key protocols. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 62--72, Oakland, CA, May 1996. IEEE Computer Society, Technical Committee on Security and Privacy, IEEE Computer Society Press.]]
[51]
F. J. Thayer Fabrega, J. C. Herzog, and J. D. Guttman. Strand spaces: Why is a security protocol correct? In Proc. 19th IEEE Symposium on Security & Privacy, pages 160--171, 1998.]]
[52]
D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proc. 2nd USENIX Workshop on Electronic Commerce, pages 29--40, 1996.]]

Cited By

View all
  • (2011)Security Vulnerabilities Detection Using Model Inference for Applications and Security ProtocolsProceedings of the 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops10.1109/ICSTW.2011.83(534-536)Online publication date: 21-Mar-2011
  • (2010)Model-Checking Driven Security Testing of Web-Based ApplicationsProceedings of the 2010 Third International Conference on Software Testing, Verification, and Validation Workshops10.1109/ICSTW.2010.54(361-370)Online publication date: 6-Apr-2010

Index Terms

  1. Tailoring the Dolev-Yao abstraction to web services realities

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SWS '05: Proceedings of the 2005 workshop on Secure web services
    November 2005
    98 pages
    ISBN:1595932348
    DOI:10.1145/1103022
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 11 November 2005

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Dolev Yao
    2. federated identity management
    3. formal method
    4. protocol model
    5. security analysis
    6. security proof of protocols
    7. tool support
    8. web services security

    Qualifiers

    • Article

    Conference

    CCS05
    Sponsor:

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)5
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 20 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2011)Security Vulnerabilities Detection Using Model Inference for Applications and Security ProtocolsProceedings of the 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops10.1109/ICSTW.2011.83(534-536)Online publication date: 21-Mar-2011
    • (2010)Model-Checking Driven Security Testing of Web-Based ApplicationsProceedings of the 2010 Third International Conference on Software Testing, Verification, and Validation Workshops10.1109/ICSTW.2010.54(361-370)Online publication date: 6-Apr-2010

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media