Establishing and fixing security protocols weaknesses using a logic-based verification tool

Anca D. Jurcut, Tom Coffey, Reiner Dojen

Research output: Contribution to journalArticlepeer-review

Abstract

Formal verification aims at providing a rigid and thorough means of evaluating the correctness of security protocols and also establishing that the protocols are free of weaknesses that can be exploited by attacks. This paper discusses the process of formal verification using a logic-based verification tool. The verification tool with attack detection capabilities is introduced, and the verification process is demonstrated by way of a case study on two published security protocols that provide mutual authentication using smart cards. The performed verification reveals new weaknesses in the protocols that can be exploited by a replay attack and a parallel session attack. The impact of these attacks is that an attacker is able to masquerade as a legitimate remote user to cheat the system. The reasoning why these attacks are possible is detailed and an amended protocol, resistant to these attacks is proposed. Formal verification of the amended protocol provides confidence in the correctness and effectiveness of the proposed modifications.

Original languageEnglish
Pages (from-to)795-805
Number of pages11
JournalJournal of Communications
Volume8
Issue number11
DOIs
Publication statusPublished - Nov 2013

Keywords

  • Attack detection
  • Formal verification
  • Freshness
  • Logic-based verification tool
  • Mutual authentication
  • Parallel session attacks
  • Replay attacks
  • Smart card
  • Weaknesses

Fingerprint

Dive into the research topics of 'Establishing and fixing security protocols weaknesses using a logic-based verification tool'. Together they form a unique fingerprint.

Cite this