Symmetry in security protocol cryptographic messages - A serious weakness exploitable by parallel session attacks

Anca Jurcut, Tom Coffey, Reiner Dojen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

This paper is concerned with detection and prevention of weaknesses in the design of security protocols. These weaknesses can be exploited by an attacker mounting attacks that compromise the security of the protocol. A novel theory defining weaknesses caused by the symmetry of cryptographic messages in protocols is introduced. This theory incorporates new rules describing the cases when the symmetry of messages has a structural weakness that is exploitable by parallel session attacks. Further, the rationale behind the Symmetry rules is presented and the structures of detected generic attacks for each rule are provided. Additionally, the Symmetry rules are applied to a protocol that is vulnerable to a parallel session attack. It is demonstrated that the proposed theory successfully detects the weaknesses caused by the symmetry of protocol messages, which lead to parallel session attacks.

Original languageEnglish
Title of host publicationProceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012
Pages410-416
Number of pages7
DOIs
Publication statusPublished - 2012
Event2012 7th International Conference on Availability, Reliability and Security, ARES 2012 - Prague, Czech Republic
Duration: 20 Aug 201224 Aug 2012

Publication series

NameProceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012

Conference

Conference2012 7th International Conference on Availability, Reliability and Security, ARES 2012
Country/TerritoryCzech Republic
CityPrague
Period20/08/1224/08/12

Keywords

  • attack detection
  • cryptographic messages
  • parallel session attacks
  • Security protocols
  • symmetry
  • Symmetry rules
  • weaknesses

Fingerprint

Dive into the research topics of 'Symmetry in security protocol cryptographic messages - A serious weakness exploitable by parallel session attacks'. Together they form a unique fingerprint.

Cite this