9,129 Hits in 2.8 sec

How to prevent type-flaw and multi-protocol attacks on cryptographic protocols under Exclusive-OR [article]

Sreekanth Malladi
2010 arXiv   pre-print
Type-flaw attacks and multi-protocol attacks on security protocols have been frequently reported in the literature.  ...  This is the problem we consider in this paper: We prove that, under certain assumptions, tagging encrypted components still prevents type-flaw and multi-protocol attacks even in the presence of the XOR  ...  Type-flaw attacks. Type-flaw attacks on password protocols were studied by Malladi et al. in [31] .  ... 
arXiv:1004.2522v3 fatcat:55m6moaycvb7fcwmtrvmrkrtha

Cryptographic Protocols over Open Distributed Systems: A Taxonomy of Flaws and related Protocol Analysis Tools [chapter]

S. Gritzalis, D. Spinellis
1997 Safe Comp 97  
When designing and implementing cryptographic protocols one must avoid a number of possible flaws.  ...  flaws, internal protocol flaws, and cryptosystem flaws.  ...  In cryptographic protocols part of at least one message is encrypted. When developing a cryptographic protocol it is desirable to uncover any flaws as soon as possible.  ... 
doi:10.1007/978-1-4471-0997-6_10 dblp:conf/safecomp/GritzalisS97 fatcat:go4hkyeygrczjg63vlgyaopnde

Dagstuhl Seminar 01391: Specification and Analysis of Secure Cryptographic Protocols Title: A flaw in a denial-of-service resistant protocol

David Basin, Grit Denker, Jon Millen, Gavin Lowe, Rafael Accorsi, Roberto Amadio, Alessandro Armando, Mike Bond, Ernie Cohen, Jorge Cuellar, Siemens -München, Nancy Durgin (+25 others)
Designing cryptographic protocols is difficult. Cryptographic protocols are vulnerable to message modification attacks and it is surprisingly difficult to get even small protocols right.  ...  Moreover, they provide a basis for using tools such as model checkers and theorem-provers to prove protocols correct or uncover security flaws.  ...  Designing cryptographic protocols is difficult. Cryptographic protocols are vulnerable to message modification attacks and it is surprisingly difficult to get even small protocols right.  ... 

Automated Proof and Flaw-Finding Tools in Cryptography

Graham Steel
2015 IEEE Security and Privacy  
Graham Steel is CEO and cofounder of Cryptosense, a spin-off of INRIA that produces software for security analysis of cryptographic systems. Contact him at graham.  ...  expert peer review, flaws are regularly found in security proofs, APIs, protocols, and protocol implementations.  ...  Comparing several implementations of the same protocol has also proved fruitful in finding flaws.  ... 
doi:10.1109/msp.2015.22 fatcat:thtaumctcjbyzjpb3kkq75y3ku

Cryptography: the importance of not being different

B. Schneier
1999 Computer  
No single company (outside the military) has the financial resources necessary to evaluate a new cryptographic algorithm or shake the design flaws out of a complex protocol.  ...  And a great algorithm, protocol, and implementation can be ruined by a flawed random-number generator. If there is a security flaw in the code, the rest of it doesn't matter.  ... 
doi:10.1109/2.751335 fatcat:bewrxmcpvbd4rdszjgpwsitsxe

miTLS: Verifying Protocol Implementations against Real-World Attacks

Karthikeyan Bhargavan, Cedric Fournet, Markulf Kohlweiss
2016 IEEE Security and Privacy  
, and protocol flaws.  ...  Besides cryptographic weaknesses, the SSL handshake protocol itself was shown to be vulnerable to logical flaws.  ... 
doi:10.1109/msp.2016.123 fatcat:fisjry37bzexpdcl26l67e67p4

From absence of certain vulnerabilities towards security proofs

Michael Backes, Matthias Schunter
2003 Proceedings of the 2003 workshop on New security paradigms - NSPW '03  
The Dolev-Yao model has been originally intended and successfully used for detecting flaws in many protocols.  ...  The application of formal methods for rigorously validating cryptographic protocols has been getting increasing attention.  ...  The wish list is mainly motivated by the cryptographic point of view. One should be able to design flawed protocols that exploit exactly one of the vulnerabilities.  ... 
doi:10.1145/986655.986666 dblp:conf/nspw/BackesS03 fatcat:mhnlvqa6ozcyfk6wnrwtj447ny

A Simple and Efficient Approach to Verifying Cryptographic Protocols [chapter]

YongXing Sun, Xinmei Wang
2000 IFIP Advances in Information and Communication Technology  
It is necessary to development the formal tools for verifying cryptographic protocols because of the subtlety of cryptographic protocols flaws; In terms of the notions of restrictive channel and equivalent  ...  message, this paper presents a approach that utilizes the substitution rules of messages and deduction rules to prove whether the insecure states of cryptographic protocols are reachable or not, and the  ...  In order to avoid cryptographic protocols flaws, it is necessary to design strong cryptographic algorithms and sound protocol structures.  ... 
doi:10.1007/978-0-387-35515-3_20 fatcat:sjj6jk43v5d2rcs64a6lxjx55e

Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification

S Gritzalis, D Spinellis, P Georgiadis
1999 Computer Communications  
Modern high-level specification languages and tools can be used for automatically analysing cryptographic protocols.  ...  Formal methods, theory, and supporting tools can aid the design, analysis, and verification of the security-related and cryptographic protocols used over open networks and distributed systems.  ...  After the discovery of flaws in a protocol, the flaws are often corrected or approaches adopted to avoid using the reasoning of the flawed protocols [4] .  ... 
doi:10.1016/s0140-3664(99)00030-4 fatcat:cv3vmaztf5drxc2edllnfgefva

Verification of Security Protocols (Invited Talk)

Véronique Cortier, Michael Wagner
2020 Annual Conference for Computer Science Logic  
Cryptographic protocols aim at securing communications over insecure networks like the Internet.  ...  The field has now reached a good level of maturity with efficient techniques for the automatic security analysis of protocols After an overview of some famous protocols and flaws, we will describe the  ...  Description of the talk Cryptographic protocols aim at securing communications over insecure networks like the Internet.  ... 
doi:10.4230/lipics.csl.2020.1 dblp:conf/csl/Cortier20 fatcat:ygkyxmpapnf45mdqpnlo2jp3x4

Cryptography Is Harder than It Looks

Bruce Schneier
2016 IEEE Security and Privacy  
He helped build various PGP products, including some cryptographic protocols and software in PGPfone.  ...  J OHN KELSEY is an experienced cryptographer, cryptanalyst, and programmer who has designed several algorithms and protocols, and has broken many more.  ... 
doi:10.1109/msp.2016.7 fatcat:quom7nxbz5dyzpt4mdhhfduxlm

Automated Analysis of Security Protocols

Michael Rusinowitch
2003 Electronical Notes in Theoretical Computer Science  
Cryptographic protocols such as IKE, SET, TLS, Kerberos have been developed to secure electronic transactions.  ...  Protocol specifications as they can be found in white papers are compiled by the CASRUL system [8,2] and then are passed on decision procedures for checking whether they are exposed to flaws 1 .  ...  Among the 51 protocols 35 are flawed, and CASRUL can find a flaw in 32 of them, including a previously unknown type flaw in Denning Sacco Protocol.  ... 
doi:10.1016/s1571-0661(04)80690-x fatcat:7ef4ilufrzbcforkbch4gfgwl4

Verifying Software Vulnerabilities in IoT Cryptographic Protocols [article]

Fatimah Aljaafari and Lucas C. Cordeiro and Mustafa A. Mustafa
2020 arXiv   pre-print
We evaluate the application of EBF verification framework on a case study, i.e., the S-MQTT protocol, to check security vulnerabilities in cryptographic protocols for IoT.  ...  However, the design and implementation of such protocols is an error-prone task; flaws in the implementation can lead to devastating security vulnerabilities.  ...  However, implementing encryption for protocols is an error-prone task [40] ; flaws in the implementation can lead to devastating security vulnerabilities [40] .  ... 
arXiv:2001.09837v1 fatcat:qjjpkp7775bivnjfgtlkc2e7z4

Cryptographic Protocol Analysis of AN.ON [chapter]

Benedikt Westermann, Rolf Wendolsky, Lexi Pimenidis, Dogan Kesdogan
2010 Lecture Notes in Computer Science  
This work presents a cryptographic analysis of AN.ON's anonymization protocols. We have discovered three flaws of differing severity.  ...  The flaws we discovered represent errors that, unfortunately, still occur quite often and show the importance of either using standardized crytpographic protocols or performing detailed security analyses  ...  Conclusion In this paper we have analysed the cryptographic protocols of AN.ON and discovered three flaws of differing severity.  ... 
doi:10.1007/978-3-642-14577-3_11 fatcat:cuprfws7ozdldjkqdcxvofkojq

Formal Methods in Information Security

Based on this, we discuss issues surrounding the industrial adoption of formal methods in security protocol engineering.  ...  railways, nuclear energy, and secure information systems.This paper describes the state of the art in the industrial use of formal methods ininformation security with a focus on verification of security protocols  ...  Attacks based on Cryptosystem-Related Flaws exploit protocol flaws that arise from the bad interaction between the protocol logic and specific properties of the chosen cryptographic algorithm.  ... 
doi:10.24297/ijct.v14i4.1963 fatcat:s7ratzapovh6jgax26zbpsct2e
« Previous Showing results 1 — 15 out of 9,129 results