Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Is Cryptyc Able to Detect Insider Attacks?

  • Conference paper
Formal Aspects of Security and Trust (FAST 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7140))

Included in the following conference series:

Abstract

The use of type checking for analyzing security protocols has been recognized for several years. A state-of-the-art type checker based on such an idea is Cryptyc. It has been proven that if an authentication protocol is well-typed in Cryptyc, it provides authenticity in any environment containing external adversaries. The type system implemented by Cryptyc, however, is such that one may hope to be able to detect insider attacks as well. The lack of any report of a well-typed protocol being vulnerable to insider attacks has strengthened such a conjecture. This has been an open question from the last version of Cryptyc. In this paper, we show that the answer to this question is “No”. More precisely, we first introduce a public-key authentication protocol which is vulnerable to a man-in-the-middle attack mounted by a legitimate principal. Then, it is shown that this protocol is typable in Cryptyc. We also make slight changes in Cryptyc so that it can trap the protocols being vulnerable to this kind of insider attacks. The new type system is sound.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M.: Secrecy by typing in security protocols. Journal of the ACM (JACM) 46(5), 749–786 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  2. Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: the spi calculus. Information and Computation 148(1), 1–70 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  3. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  4. Focardi, R., Maffei, M.: Types for security protocols. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols. Cryptology and Information Security Series, vol. 5, ch. 7, pp. 143–181. IOS Press (2011)

    Google Scholar 

  5. Gordon, A.D., Haack, C., Jeffrey, A.: Cryptyc: Cryptographic protocol type checker, http://www.cryptyc.org/

  6. Gordon, A.D., Jeffrey, A.: Authenticity by typing for security protocols. Journal of Computer Security 11(4), 451–519 (2003)

    Google Scholar 

  7. Gordon, A.D., Jeffrey, A.: Typing One-to-One and One-to-Many Correspondences in Security Protocols. In: Okada, M., Babu, C. S., Scedrov, A., Tokuda, H. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 263–282. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Gordon, A.D., Jeffrey, A.: Types and effects for asymmetric cryptographic protocols. Journal of Computer Security 12(3), 435–483 (2004)

    Google Scholar 

  9. Haack, C., Jeffrey, A.: Pattern-matching spi-calculus. Information and Computation 204(8), 1195–1263 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  10. Heather, J., Lowe, G., Schneider, S.: How to prevent type flaw attacks on security protocols. Journal of Computer Security 11(2), 217–244 (2003)

    Google Scholar 

  11. Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1995)

    Article  MATH  Google Scholar 

  12. Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  13. Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW 1997), pp. 31–43. IEEE Computer Society (1997)

    Google Scholar 

  14. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(12), 993–999 (1978)

    Article  MATH  Google Scholar 

  15. Sattarzadeh, B., Fallah, M.S.: Cryptyc + , http://ceit.aut.ac.ir/formalsecurity/tasp/

  16. Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols. In: Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 178–194. IEEE Computer Society (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering and Information Technology, Amirkabir University of Technology (Tehran Polytechnic), Tehran, Iran

    Behnam Sattarzadeh & Mehran S. Fallah

  2. School of Mathematics, Institute for Research in Fundamental Sciences (IPM), P.O. Box: 19395-5746, Tehran, Iran

    Mehran S. Fallah

Authors
  1. Behnam Sattarzadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mehran S. Fallah
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IMDEA Software Institute, Universidad Politecnica de Madrid, Campus Montegancedo, 28660, Boadilla del Monte, Madrid, Spain

    Gilles Barthe

  2. Carnegie Mellon University, NASA Research Park, Bldg. 23 (MS 23-11), P.O. Box 1, 94035-0001, Moffet Field, CA, USA

    Anupam Datta

  3. Faculty of Mathematics and Computer Science, Embedded Systems Security Group, Technical University of Eindhoven, P.O. Box 513, 5600 MB, Eindhoven, The Netherlands

    Sandro Etalle

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sattarzadeh, B., Fallah, M.S. (2012). Is Cryptyc Able to Detect Insider Attacks?. In: Barthe, G., Datta, A., Etalle, S. (eds) Formal Aspects of Security and Trust. FAST 2011. Lecture Notes in Computer Science, vol 7140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29420-4_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29420-4_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29419-8

  • Online ISBN: 978-3-642-29420-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation