Università di Pisa
Sistema bibliotecario di ateneo

A Formal Analysis of Complex Type Flaw Attacks on Security Protocols.

Bodei, Chiara and Gao, Han and Degano, Pierpaolo (2008) A Formal Analysis of Complex Type Flaw Attacks on Security Protocols. Technical Report del Dipartimento di Informatica . Università di Pisa, Pisa, IT.

[img] Other (GZip)
Available under License Creative Commons Attribution No Derivatives.

Download (285Kb)


    A simple type confusion attack occurs in a security protocol, when a principal interprets data of one type as data of another. These attacks can be successfully prevented by tagging types of each field of a message. Complex type confusions occur instead when tags can be confused with data and when fields or sub-segments of fields may be confused with concatenations of fields of other types. Capturing these kinds of confusions is not easy in a process calculus setting, where it is generally assumed that messages are correctly interpreted. In this paper, we model in the process calculus LySa only the misinterpretation due to the confusion of a concatenation of fields with a single field, by extending the notation of one-to-one variable binding to multi-to-one binding. We further present a formal way of detecting these possible misinterpretations, based on a Control Flow Analysis for this version of the calculus. The analysis over-approximates all the possible behaviour of a protocol, including those effected by these type confusions. As an example, we considered the amended Needham-Schroeder symmetric protocol, where we succeed in detecting the type confusion that lead to a complex type flaw attacks it is subject to. Therefore, the analysis can capture potential type confusions of this kind on security protocols, besides other security properties such as confidentiality, freshness and message authentication.

    Item Type: Book
    Uncontrolled Keywords: Security Protocols, Type Flaw Attacks, Control Flow Analsyis
    Subjects: Area01 - Scienze matematiche e informatiche > INF/01 - Informatica
    Divisions: Dipartimenti (until 2012) > DIPARTIMENTO DI INFORMATICA
    Depositing User: dott.ssa Sandra Faita
    Date Deposited: 04 Dec 2014 14:08
    Last Modified: 04 Dec 2014 14:08
    URI: http://eprints.adm.unipi.it/id/eprint/2196

    Repository staff only actions

    View Item