Feasibility of multi-protocol attacks

1 January 2006

conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE)

p. 8 pp.-294
https://doi.org/10.1109/ares.2006.63

Abstract

Formal modeling and verification of security protocols typically assumes that a protocol is executed in isolation, without other protocols sharing the network. We investigate the existence of multi-protocol attacks on protocols described in literature. Given two or more protocols, that share key structures and are executed in the same environment, are new attacks possible? Out of 30 protocols from literature, we find that 23 are vulnerable to multi-protocol attacks. We identify two likely attack patterns and sketch a tagging scheme to prevent multi-protocol attacks.

Keywords

This publication has 12 references indexed in Scilit:

An efficient cryptographic protocol verifier based on prolog rules
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2005
Secure protocol composition
Published by Association for Computing Machinery (ACM) ,2003
Mixed strand spaces
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2003
How to prevent type flaw attacks on security protocols
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2003
Casper: a compiler for the analysis of security protocols
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2002
Environmental Requirements for Authentication Protocols
Published by Defense Technical Information Center (DTIC) ,2002
Athena: a novel approach to efficient automatic security protocol analysis1
Journal of Computer Security, 2001
Universally composable security: a new paradigm for cryptographic protocols
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2001
Inter-protocol interleaving attacks on some authentication and key distribution protocols
Information Processing Letters, 1999
A lesson on authentication protocol design
ACM SIGOPS Operating Systems Review, 1994