An Attack-Finding Algorithm for Security Protocols

This paper proposes an automatic attack construction algorithm in order to find potential attacks on ecurity protocols.It is based on a dynamic strand space model,which enhances the original strand space model by introducing active nodes on strands so as to characterize the dynamic procedure of protocol execution.With exact causal dependency relations between messages considered in the model,this algorithm can avoid state space explo-sion caused by asynchronous composition.In order to get a finite state space,a new method called strand-added on demand is exploited,which extends a bundle in an incremental manner without requiring explicit configuration of protocol execution parameters.A finer granularity model of term structure is also introduced, in which subterms are divided into check subterms and data subterms .Moreover,data subterms can be further classified based on the compatible data subterm relation to obtain automatically the finite set of valid acceptable terms for an honest principal.In this algorithm,terms core is designed to represent the intruder‘s knowledge compactly,and forward search technology is used to simulate attack patterns easily.Using this algorithm,a new attack on the Dolve-Yao protocol can be found,which is even more harmful beeause the secret is revealed before the session terminates.     

A formal method to real-time protocol interoperability testing

Interoperability testing is an important technique to ensure the quality of implementations of network communication protocol. In the next generation Internet protocol, real-time applications should be supported effectively. However, time constraints were not considered in the related studies of protocol interoperability testing, so existing interoperability testing methods are difficult to be applied in real-time protocol interoperability testing. In this paper, a formal method to real-time protocol interoperability testing is proposed. Firstly, a formal model CMpTIOA （communicating multi-port timed input output automata） is defined to specify the system under test （SUT） in real-time protocol interoperability testing; based on this model, timed interoperability relation is then defined. In order to check this relation, a test generation method is presented to generate a parameterized test behavior tree from SUT model; a mechanism of executability pre-determination is also integrated in the test generation method to alleviate state space explosion problem to some extent. The proposed theory and method are then applied in interoperability testing of IPv6 neighbor discovery protocol to show the feasibility of this method.     

Synthesizing Distributed Protocol Specifications from a UML State Machine Modeled Service Specification

The object-oriented paradigm is widely applied in designing and implementing communication systems.Unified Modeling Language(UML) is a standard language used to model the design of object-oriented systems.A protocol state machine is a UML adopted diagram that is widely used in designing communication protocols.It has two key attractive advantages over traditional finite state machines:modeling concurrency and modeling nested hierarchical states.In a distributed communication system,each entity of the system has its own protocol that defines when and how the entity exchanges messages with other communicating entities in the system.The order of the exchanged messages must conform to the overall service specifications of the system.In object-oriented systems,both the service and the protocol specifications are modeled in UML protocol state machines.Protocol specification synthesis methods have to be applied to automatically derive the protocol specification from the service specification.Otherwise,a time-consuming process of design,analysis,and error detection and correction has to be applied iteratively until the design of the protocol becomes error-free and consistent with the service specification.Several synthesis methods are proposed in the literature for models other than UML protocol state machines,and therefore,because of the unique features of the protocol state machines,these methods are inapplicable to services modeled in UML protocol state machines.In this paper,we propose a synthesis method that automatically synthesizes the protocol specification of distributed protocol entities from the service specification,given that both types of specifications are modeled in UML protocol state machines.Our method is based on the latest UML version(UML2.3),and it is proven to synthesize protocol specifications that are syntactically and semantically correct.As an example application,the synthesis method is used to derive the protocol specification of the H.323 standard used in Internet calls.     

Verification of Authentication Protocols for Epistemic Goals via SAT Compilation

This paper introduces a new methodology for epistemic logic, to analyze communication protocols that uses knowledge structures, a specific form of Kripke semantics over hostile networks. The paper particularly focuses on automatic verification of authentication protocols. Our approach is based on the actual definitions of a protocol, not on some difficultto-establish justifications. The proposed methodology is different from many previous approaches to automatic verification of security protocols in that it is justification-oriented instead of falsification-oriented, i.e., finding bugs in a protocol. The main idea is based on observations： separating a principal executing a run of protocol from the role in the protocol, and inferring a principal＇s knowledge from the local observations of the principal. And we show analytically and empirically that this model can be easily reduced to Satisfiability （SAT） problem and efficiently implemented by a modern SAT solver.     

New semantic model for authentication protocols in ASMs

A new semantic model in Abstract State Model (ASM) for authentication protocols is presented. It highlights the Woo-Lam's ideas for authentication, which is the strongest one in Lowe's definition hierarchy for entity authentication. Apart from the flexible and natural features in forming and analyzing protocols inherited from ASM, the model defines both authentication and secrecy properties explicitly in first order sentences as invariants. The process of proving security properties with respect to an authentication protocol blends the correctness and secrecy properties together to avoid the potential flaws which may happen when treated separately. The security of revised Helsinki protocol is shown as a case study. The new model is different from the previous ones in ASMs.     

A New Protocol for the Detection of Node Replication Attacks in Mobile Wireless Sensor Networks

Wireless sensor networks (WSNs) are often deployed in harsh environments.Thus adversaries can capture some nodes,replicate them and deploy those replicas back into the strategic positions in the network to launch a variety of attacks.These are referred to as node replication attacks.Some methods of defending against node replication attacks have been proposed,yet they are not very suitable for the mobile wireless sensor networks.In this paper,we propose a new protocol to detect the replicas in mobile WSNs.In this protocol,polynomial-based pair-wise key pre-distribution scheme and Counting Bloom Filters are used to guarantee that the replicas can never lie about their real identifiers and collect the number of pair-wise keys established by each sensor node.Replicas are detected by looking at whether the number of pair-wise keys established by them exceeds the threshold.We also derive accurate closed form expression for the expected number of pair-wise keys established by each node,under commonly used random waypoint model.Analyses and simulations verify that the protocol accurately detects the replicas in the mobile WSNs and supports their removal.     

Analysis and design of a smart card based authentication protocol

Numerous smart card based authentication protocols have been proposed to provide strong system security and robust individual privacy for communication between parties these days. Nevertheless, most of them do not provide formal analysis proof, and the security robustness is doubtful. Chang and Cheng （2011） proposed an efficient remote authentication protocol with smart cards and claimed that their proposed protocol could support secure communication in a multi-server environment. Unfortunately, there are opportunities for security enhancement in current schemes. In this paper, we identify the major weakness, i.e., session key disclosure, of a recently published protocol. We consequently propose a novel authentication scheme for a multi-server envi- ronment and give formal analysis proofs for security guarantees.     

New designing of cryptosystems based on quadratic fields

This paper proposes a method to construct new kind of non-maximal imaginary quadratic order （NIQO＊） by combining the technique of Diophantine equation and the characters of non-maximal imaginary quadratic order. It is proved that in the class group of this new kind of NIQO＊, it is very easy to design provable secure cryptosystems based on quadratic field （QF）. With the purpose to prove that this new kind of QF-based cryptosystems are easy to implement, two concrete schemes are presented, i.e., a Schnorr-like signature and an EIGamel-like encryption, by using the proposed NIQO＊. In the random oracle model, it is proved that： （1） under the assumption that the discrete logarithm problem over class groups （CL-DLP） of this new kind of NIQO＊ is intractable, the proposed signature scheme is secure against adaptive chosen-message attacks, i.e., achieving UF-CMA security; （2） under the assumption that the decisional Diffie-Hellman problem over class groups （CL-DDH） of this new kind of NIQO＊ is intractable, the enhanced encryption in this paper is secure against adaptive chosen-ciphertext attacks, i.e., reaching IND-CCA2 security.     

A lightweight authentication scheme with user untraceability

With the rapid growth of electronic commerce and associated demands on variants of Internet based applications,application systems providing network resources and business services are in high demand around the world.To guarantee robust security and computational efficiency for service retrieval,a variety of authentication schemes have been proposed.However,most of these schemes have been found to be lacking when subject to a formal security analysis.Recently,Chang et al.(2014) introduced a formally provable secure authentication protocol with the property of user-untraceability.Unfortunately,based on our analysis,the proposed scheme fails to provide the property of user-untraceability as claimed,and is insecure against user impersonation attack,server counterfeit attack,and man-in-the-middle attack.In this paper,we demonstrate the details of these malicious attacks.A security enhanced authentication scheme is proposed to eliminate all identified weaknesses.     

串空间模型中认证性测试方法的缺陷

指出了串空间模型中认证性测试方法存在的不足：1．分析认证性的过程中未考虑同一协议主体同时以不同身份参与协议运行的情况；2．分析认证性的过程中未考虑发生多轮协议同时运行的情况；3．认证性测试方法不能分析类型错误攻击。通过实例-——Needham-Schroeder协议分析了认证性测试方法存在不足的原因，并提出了改进方案。     

电子商务协议的串空间分析

电子商务协议常常具有复杂结构,协议可能由多个子协议组合而成.因此,电子商务协议的安全分析较认证协议更为复杂.传统的信念逻辑不适宜分析电子商务协议.Kailar逻辑适宜分析电子商务协议的可追究性,但不适宜分析协议的公平性.本文介绍并扩展了串空间逻辑,分析了ISI支付协议的串,并证明其不满足公平性.还提出一种新的串节点路径法,用以分析了ASW协议,该协议系由多个子协议组成的分支结构协议,通过串空间分析证明了该协议的公平性.通过对两个协议的分析,分别提供了对电子商务在线交易协议和离线交易协议的形式化分析方法.     

基于串空间模型的电子商务协议的形式化分析

采用形式化方法分析安全协议是协议分析的有效手段,近年来,出现了众多的研究方法。串空间模型是一种新兴的密码协议形式化分析工具。文章基于串空间模型,扩展了认证测试方法,使之能够描述和分析电子商务协议。并用该方法对一个具体的协议进行了形式化分析,得到了与以往文献相同的结论。     

基于串空间和状态转换的认证协议分析方法

串空间是一种新兴的安全协议形式化分析模型。串空间模型中的理论证明方法虽然严谨，但难度很大。本文基于串空间模型，首先定义系统状态，并以Needham-Schroeder-Lowe公钥认证协议为例说明系统状态转换的分析过程。通过对状态转换过程中现实的跟踪考察，得出了有意义的结论。结合串空间模型，验证了该认证协议的安全性。这种分析认证协议的新方法简洁和高效，并易于实现自动化。     

Provably secure three-party password authenticated key exchange protocol in the standard model

Three-party password authenticated key exchange protocol is a very practical mechanism to establish secure session key through authenticating each other with the help of a trusted server. Most three-party password authenticated key exchange protocols only guarantee security in the random oracle model. However, a random oracle based cryptographic construction may be insecure when the oracle is replaced by real function. Moreover, some previous unknown attacks appear with the advance of the adversary capability. Therefore, a suitable standard model which can imitate a wider variety of attack scenarios for 3PAKE protocol is needed. Aim at resisting dictionary attack, unknown key-share attack and password-compromise impersonation attack, an expanded standard model for 3PAKE protocol is given. Meanwhile, through applying ElGamal encryption scheme and pseudorandom function, a specific three-party password authenticated key exchange protocol is proposed. The security of the proposed protocol is proven in the new standard model. The result shows that the present protocol has stronger security by comparing with other existing protocols, which covers the following security properties: (1) semantic security, (2) key privacy, (3) client-to-server authentication, (4) mutual authentication, (5) resistance to various known attacks, and (6) forward security.     

认证测试中协议主体串参数一致性研究

针对认证测试基础理论在协议主体串参数一致性分析方面,因形式化判定规则不足所产生的分析复杂度较高和自动化程度较低问题,通过对消息组件结构的形式化,以及认证测试结构的共性分析,基于认证测试基础理论对认证测试结构进行形式化建模;在认证测试结构模型上,运用协议主体密钥的认证测试构造规则,分析协议主体串在不同类型参数上满足一致性的条件,在明确参数一致性判定规则的同时,给出协议主体串参数一致性分析的形式化方法。协议分析实践表明,该方法较传统方法不仅具有简洁高效、易于自动化实现的优点,而且能够准确定位协议缺陷并给出相应的修正方案。     

一个双向认证协议的分析与改进

运用安全协议形式化分析方法中的串空间模型理论,对Natalia Miloslavskaya等人提出的一个双向认证协议进行了分析,发现该协议在认证方面存在缺陷,并对该协议进行了改进,同时用串空间理论证明了改进后的协议的认证正确性.     

对改进的无线认证协议SSM的分析

针对刘霞提出的改进的Server-specific MAKEP协议,首次利用一种新兴的形式化分析工具—串空间模型对其进行分析。先对协议的机密性进行分析,并运用"理想"和"诚实"两个概念简化分析协议的步骤,证明了rs,rc是保密的,然后对协议的认证性进行分析,分析包括响应者认证和发起者认证。最终结果表明改进的SSM协议能够达到协议的安全目标。     

无证书隐式认证改进的Kerberos单点登录协议

针对Kerberos单点登录协议存在的口令攻击、重放攻击、密钥需要托管和效率不高等问题,引入一种无对数运算的无证书隐式认证与密钥协商协议对其进行了改进。在随机预言机模型下证明了新协议的强安全性,分析了改进后Kerberos单点登录协议的优势。引入的密钥协商协议仅需3次点乘运算和2次哈希运算,计算开销较低。采用隐式认证方式,避免了原Kerberos中第三方对信息的无举证窃听,有效克服了中间人攻击。     

基于串空间理论的安全协议自动验证

针对目前串空间理论依赖分析人员主观判断、无法使用自动化工具进行验证的问题,提出了基于串空间理论的协议认证属性标准化验证过程。首先为协议消息项定义类型标签,对串空间及认证测试理论进行扩展;然后通过判断测试元素出现位置、检验测试元素参数一致性、确认变换进行边唯一存在性和检验目标串参数一致性,将基于串空间理论的协议验证过程标准化为可程序实现的步骤。该算法的时间复杂度为O(n²),避免了模型检测方法的状态空间爆炸问题,并在此基础上实现了安全协议认证属性的自动化验证工具。以BAN-Yahalom协议和TLS 1.0握手协议为例进行了标准化的分析验证,找到了对BAN-Yahalom协议的一种新攻击形式。该攻击无需限制服务器对随机数的检查,比Syverson发现的攻击更具普遍性。