Article

Modelling the relative strength of security protocols

Authors:

Clifford NeumanAuthors Info & Claims

QoP '06: Proceedings of the 2nd ACM workshop on Quality of protection

Pages 45 - 48

https://doi.org/10.1145/1179494.1179504

Published: 30 October 2006 Publication History

Abstract

In this paper, we present a way to think about the relative strength of security protocols using SoS, a lattice-theoretic representation of security strength. In particular, we discuss how the model can be used, present the TLS protocol as a compelling real world example, show how it is modeled, and then explain how lattice-theoretic properties can be used to evaluate security protocols.

References

[1]

G. Bella. Inductive Verification of Cryptographic Protocols. PhD thesis, Clare College University of Cambridge, 2000.]]

[2]

M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption schemes. Advances in Cryptology-CRYPTO '98, 1462:162--177, 1998.]]

Digital Library

[3]

S. Bistarelli, G. Bella, and S. Foley. Soft constraints for security. In First International Workshop on Views On Designing Complex Architectures (VODCA), September 2004.]]

[4]

M. Burrows, M. Abadi, and R. Needham. A logic of authentication. In Proceeding of the Royal Society of London, 1989.]]

Digital Library

[5]

R. Canetti, C. Meadows, and P. Syverson. Environmental requirements for authentication protocols. In Proceeding of the International Symposium on Software Security, pages 339--355. Springer-Verlag, 2002.]]

[6]

H. Chung and C. Neuman. Modelling the relative strength of security protocols. Technical Report 06-882, University of Southern California, Computer Science Department, August 2006.]]

Digital Library

[7]

T. Dierks. The TLS protocol, version 1.0. RFC 2246, January 1999.]]

Digital Library

[8]

W. Diffie, P. C. van Oorschot, and M. J. Wiener. Authentication and authenticated key exchanges. Designs, Codes and Cryptography, 2(2):107--125, June 1992.]]

Digital Library

[9]

D. Dolev and A. C. Yao. On the security of public key protocols. In Proceeding of the IEEE 22nd Annual Symposium on Foundations of Computer Science, pages 350--357, 1981.]]

Digital Library

[10]

F. T. Fábrega, J. Herzog, and J. D. Guttman. Strand spaces: Why is a security protocol correct? In Proceeding of the 16th IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1998.]]

[11]

D. Gollmann. What do we mean by entity authentication? In Proceeding of the 1995 IEEE Symposium on Security and Privacy, page p46, 1996.]]

Digital Library

[12]

C. He and J. Mitchell. Security analysis and improvements for IEEE 802.11i. In Proceeding of the 12th Annual Network and Distributed System Security Symposium (NDSS'05), 2005.]]

[13]

K. E. Hickman. The SSL 2.0 protocol. http://wp.netscape.com/eng/security/SSL2.html, January 1995.]]

[14]

C. Kaufman, R. Perlman, and M. Speciner. Network security: Private communication in a public world. In Prentice Hall PTR, 2nd Edition, pages 257--264, 2002.]]

Digital Library

[15]

G. Lowe. Breaking and fixing the needham-schroeder public-key protocol using FDR. In Proceeding of the 2nd International Workshop on Tools and Algorithms for Construction and Analysis of Systems, volume 1055, pages 147--166. Lecture Notes in Computer Science, 1996.]]

Digital Library

[16]

G. Lowe. A hierarchy of authentication specifications. In Proceeding of The 10th Computer Security Foundations Workshop, 1996.]]

Digital Library

[17]

C. Meadows. Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Journal on Selected Areas in Communication, 21(1):44--54, January 2003.]]

Digital Library

[18]

A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.]]

Digital Library

[19]

J. Mitchell, V. Shmatikov, and U. Stern. Finite-state analysis of SSL 3.0. In 7th USENIX Security Symposium, 1998.]]

Digital Library

[20]

S. Schneider. Verifying authentication protocols with CSP. In Proceeding of the 10th IEEE Computer Security Foundations Workshop, pages 3--17. IEEE Computer Society Press, 1997.]]

Digital Library

[21]

D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In The 2nd USENIX workshop on Electronic Commerce, pages 29--40. USENIX Press, 1996.]]

Digital Library

Cited By

Noor AKlingenstein KSeamons K(2008)Identity protection factor (IPF)Proceedings of the 7th symposium on Identity and trust on the Internet10.1145/1373290.1373293(8-18)Online publication date: 4-Mar-2008
https://dl.acm.org/doi/10.1145/1373290.1373293

Index Terms

Modelling the relative strength of security protocols

Recommendations

Resource Fairness and Composability of Cryptographic Protocols

We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to ...
Modeling the relative strength of security protocols
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01: Proceedings of the 42nd IEEE symposium on Foundations of Computer Science

We propose a new paradigm for defining security of cryptographic protocols, called universally composable security. The salient property of universally composable definitions of security is that they guarantee security even when a secure protocol is ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

QoP '06: Proceedings of the 2nd ACM workshop on Quality of protection

October 2006

70 pages

ISBN:1595935533

DOI:10.1145/1179494

Program Chairs:
Guenter Karjoth
IBM Research, CH
,
Fabio Massacci
University di Trento, IT

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

October 30, 2006

Virginia, Alexandria, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
372
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Noor AKlingenstein KSeamons K(2008)Identity protection factor (IPF)Proceedings of the 7th symposium on Identity and trust on the Internet10.1145/1373290.1373293(8-18)Online publication date: 4-Mar-2008
https://dl.acm.org/doi/10.1145/1373290.1373293

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten