Antonio Durante

A compiler for analyzing cryptographic protocols using noninterference

The Security Process Algebra (SPA) is a CCS-like specification languag e where actions belong to two different levels of confidentiality. It has been used to define several noninterference-like security properties whose verification has been automated by the tool CoSeC. In recent years, a method for analyzing security protocols using SPA and CoSeC has been developed. Even if it has been useful in analyzing small security protocols, this method has shown to be error-prone, as it requires the protocol description and its environment to be written by hand. This problem has been solved by defining a protocol specification language more abstract than SPA, called VSP, and a compiler CVS that automatically generates the SPA specification for a given protocol described in VSP. The VSP/CVS technology is very powerful, and its usefulness is shown with some case studies: the Woo-Lam one-way authentication protocol, for which a new attack to authentication is found, and the Wide Mouthed Frog protocol, where different kinds of attack are detected and analyzed.

CVS: a compiler for the analysis of cryptographic protocols

The Security Process Algebra (SPA) is a CCS-like specification language where actions belong to two different levels of confidentiality. It has been used to define several non-interference-like security properties whose verification has been automatized by means of the tool CoSeC. In recent years, a method for analyzing security protocols using SPA and CoSeC has been developed. Even if it has been useful in analyzing small security protocols, this method has shown to be error-prone as it requires the description by hand of the protocol and of the environment in which it will execute. This problem has been solved by defining a protocol specification language more abstract than SPA, called VSP and a compiler CVS that generates in an automatic way the SPA specification for a given protocol described in VSP. The VSP/CVS technology is very powerful and its usefulness is shown with the case-study of the Woo-Lam one-way authentication protocol, for which an attack undocumented in the literature is found.

A reliable key authentication schema for secure multicast communications

The paper analyzes the Logical Key Hierarchy (LKH) secure multicast protocol focusing on the reliability of the re-keying authentication process. We show that the key management in the LKH model is subject to some attacks. In particular, these attacks can be performed by entities external to the multicast group, as well as from internal users of the multicast group. The spectrum of these attacks is spread from the denial of service (DoS) to the session hijack that is the attacker is able to have legitimate users to commit on a session key that is provided by the attacker. The contributions of this paper are: (1) the definition of the threats the LKH key management is subject to; and (2) a reliable key authentication scheme that solves the weaknesses previously identified. This objective is achieved without resorting to public key signatures.

CVS at Work: A Report on New Failures upon Some Cryptographic Protocols

CVS is an automatic tool for the verification of cryptographic protocols, we have presented in [9], [10], that uses a noninterference based analysis technique which has been successfully applied to many case-studies, essentially most of those belonging to the Clark & Jacobs library [4]. In this paper we report some new failures we have found. More precisely, we have been able to detect attacks upon two unflawed (to the best of our knowledge) protocols: Woo & Lam public key one-way authentication protocol and ISO public key two-pass parallel mutual authentication protocol; and new failures upon two flawed protocols: Encrypted Key Exchange and Station to Station protocols.

Addressing the shortcomings of one-way chains

One-way hash chains have been the preferred choice, over the symmetric and asymmetric key cryptography, in security setups where efficiency mattered; despite the ephemeral confidentiality and authentication they assure. Known constructions of one-way chains (for example, SHA-1 based), only ensure the forward secrecy and have limitations over their length i.e., a priori knowledge of chains length is necessary before constructing it. In this paper, we will see how our approach, based on chameleon functions, leads to the generation of practically unbounded one-way chains with constant storage and computational requirements. We provide the construction and advantages of our proposal with the help of a secure group communication setup. We also provide the implementation details of our construction and argue its suitability for security setups, where one cannot a priori determine the longevity of the setup.

Formal Specification for Fast Automatic IDS Training

This paper illustrates a methodology for the synthesis of the behavior of an application program in terms of the set of system calls invoked by the program. The methodology is completely automated, with the exception of the description of the high level specification of the application program, which is demanded to the system analyst. The technology employed (VSP/CVS) for such synthesis minimizes the efforts required to code the specification of the application. The methodology is completely independent from the intrusion detection tool adopted, and appears suitable to derive the expected behavior of a secure WEB server that can effectively support the increasing request of security that affects the e-commerce. As a case study, the methodology is applied to the Post Office Protocol, the ipop3d daemon.

A Trace Logic for Local Security Properties

We propose a new simple trace logic that can be used to specify local security properties, i.e. security properties that refer to a single participant of the protocol specification. Our technique allows a protocol designer to provide a formal specification of the desired security properties, and integrate it naturally into the design process of cryptographic protocols. Furthermore, the logic can be used for formal verification. We illustrate the utility of our technique by exposing new attacks on the well studied TMN protocol.

Short Paper: Practically Unbounded One-Way Chains for Authentication with Backward Secrecy

One-way hash chains have been the preferred choice (over symmetric and asymmetric key cryptography) in security setups where efficiency mattered; despite the ephemeral confidentiality and authentication they assure. They only support forward secrecy and have limitations over the chain size (bounded). In this paper, we show how the use of chameleon functions leads to the generation of practically unbounded one-way chains with constant memory storage requirement, providing forward, and backward secrecy as well. Such a cryptographic tool appears to be a great enabler for a variety of applications that could not be efficiently realized earlier. From our experiments we observed that this new kind of one-way chain formation adds a slight computational burden, which is justifiable by the unique advantages provided under our construction. The basic unit of our construction, chameleon function, can be elegantly used to design trees or even simpler star-like constructs