Security Protocols I - Information Security

More documents

Recommendations

Info

Sebastian Mödersheim 51Example of a binding attackThe protocolM1. A → S : A, B, NAM2. S → A : S, {S, A, NA, K B } inv(pk(S))admits a binding attack:M1.1.M2.1.M2.2.M1.2.a → i(s) : a, b, nai(a) → s : a, i, nas → i(a) : s, {s, a, na, ki} inv(pk(s))i(s) → a : s, {s, a, na, ki} inv(pk(s))Fix: include the name of B in M2.FMSEC Module 2, v.2 28.09.2009
Sebastian Mödersheim 52Example of a reflection attackThis challenge-response authentication protocolM1. A → B : {|NA|} sk(A,B)M2. B → A : {|NA + 1|} sk(A,B)assuming sk(A, B) = sk(B, A), admits a reflection attack (aka parallel sessionsattack) (with ‘oracle’):M1.2.M1.1. a → i(b) : {|na|} sk(a,b)M2.1. i(b) → a : {|na|} sk(a,b)i(b) → a : {|na + 1|} sk(a,b)M2.2.a → i(b) : {|na + 1|} sk(a,b)a is forced to do work on behalf of the intruder: a acts as an ‘oracle’ againstherself, because she provides the correct answer to her own question.At very least, a believes then that b is operational, while b may no longer exist.Fix: add A’s name to message M1 or use different keys for each direction(sk(A, B) ≠ sk(B, A)).FMSEC Module 2, v.2 28.09.2009
Page 1 and 2: Security Protocols IIntroductionSeb
Page 3 and 4: Sebastian Mödersheim 2Good Crypto
Page 5 and 6: Sebastian Mödersheim 4Motivation
Page 7 and 8: Sebastian Mödersheim 6Road map•
Page 9 and 10: Sebastian Mödersheim 8Building a k
Page 11 and 12: Sebastian Mödersheim 1. A, B10Buil
Page 13 and 14: Sebastian Mödersheim 1. A, B12Buil
Page 15 and 16: Sebastian Mödersheim 14Building a
Page 19: Sebastian Mödersheim 18Building a
Page 24 and 25: iSebastian Mödersheim 23Building a
Page 32 and 33: Sebastian Mödersheim 31ExerciseCan
Page 34 and 35: Sebastian Mödersheim 33Summary: Co
Page 36 and 37: Sebastian Mödersheim 35Summary: Pr
Page 38 and 39: Sebastian Mödersheim 37An authenti
Page 40 and 41: Sebastian Mödersheim 39Informal Co
Page 42 and 43: Sebastian Mödersheim 41Man-in-the-
Page 44 and 45: Sebastian Mödersheim 43Assumptions
Page 46 and 47: Sebastian Mödersheim 45Examples of
Page 48 and 49: Sebastian Mödersheim 47Type flaw a
Page 50 and 51: Sebastian Mödersheim 49Type flaw a
Page 54 and 55: Sebastian Mödersheim 53Example of
Page 56 and 57: Sebastian Mödersheim 55. . . and s
Page 58 and 59: Sebastian Mödersheim 57Prudent eng
Page 60: Sebastian Mödersheim 59Bibliograph

Security Protocols I - Information Security

Create successful ePaper yourself

Delete template?

Save as template?