Formal Verification of Protocols Based on Short Authenticated Strings

Submitted by grigby1 on Thu, 02/15/2018 - 10:49am

Title	Formal Verification of Protocols Based on Short Authenticated Strings
Publication Type	Conference Paper
Year of Publication	2017
Authors	Delaune, S., Kremer, S., Robin, L.
Conference Name	2017 IEEE 30th Computer Security Foundations Symposium (CSF)
Publisher	IEEE
ISBN Number	978-1-5386-3217-8
Keywords	AKISS tool, brute force attacks, Calculus, cryptographic protocols, data privacy, decision procedure, Force, formal verification, Human Behavior, human factor, human factors, IEC standards, ISO standards, ISO-IEC 9798-6:2010 standard, Mathematical model, Metrics, multifactor authentication, multifactor authentication protocol, Protocols, pubcrawl, resilience, Resiliency, security, security protocols, short authenticated strings, Standards, Tools
Abstract	Modern security protocols may involve humans in order to compare or copy short strings between different devices. Multi-factor authentication protocols, such as Google 2-factor or 3D-secure are typical examples of such protocols. However, such short strings may be subject to brute force attacks. In this paper we propose a symbolic model which includes attacker capabilities for both guessing short strings, and producing collisions when short strings result from an application of weak hash functions. We propose a new decision procedure for analysing (a bounded number of sessions of) protocols that rely on short strings. The procedure has been integrated in the AKISS tool and tested on protocols from the ISO/IEC 9798-6:2010 standard.
URL	https://ieeexplore.ieee.org/document/8049716
DOI	10.1109/CSF.2017.26
Citation Key	delaune_formal_2017

Groups:

Science of Security VO