Formal Verification of Protocols Based on Short Authenticated Strings

Modern security protocols may involve humans in order to compare or copy short strings between different devices. Multi-factor authentication protocols, such as Google 2-factor or 3D-secure are typical examples of such protocols. However, such short strings may be subject to brute force attacks. In...

Full description

Saved in:
Bibliographic Details
Published inProceedings (IEEE Computer Security Foundations Symposium) pp. 130 - 143
Main Authors Delaune, Stephanie, Kremer, Steve, Robin, Ludovic
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.08.2017
Subjects
Calculus
Force
Mathematical model
Protocols
Security
Online AccessGet full text

Cover

More Information
Summary:Modern security protocols may involve humans in order to compare or copy short strings between different devices. Multi-factor authentication protocols, such as Google 2-factor or 3D-secure are typical examples of such protocols. However, such short strings may be subject to brute force attacks. In this paper we propose a symbolic model which includes attacker capabilities for both guessing short strings, and producing collisions when short strings result from an application of weak hash functions. We propose a new decision procedure for analysing (a bounded number of sessions of) protocols that rely on short strings. The procedure has been integrated in the AKISS tool and tested on protocols from the ISO/IEC 9798-6:2010 standard.
ISSN:2374-8303
DOI:10.1109/CSF.2017.26