Abstract
There are many cases in the literature in which reuse of the same key material for different functions can open up security holes. In this paper, we discuss such interactions between protocols, and present a new attack, called the chosen protocol attack, in which an attacker may write a new protocol using the same key material as a target protocol, which is individually very strong, but which interacts with the target protocol in a security-relevant way. We finish with a brief discussion of design principles to resist this class of attack.
Preview
Unable to display preview. Download preview PDF.
References
R. Anderson, “Robustness Principles for Public Key Protocols,” Advances in Cryptology-CRYPTO '95, Springer-Verlag, 1995, pp. 236–247.
R. Anderson personal communication, 1997.
R. Anderson, “Perfect Forward Secrecy”, presented at the rump session of Eurocrypt '97, 1997.
R. Anderson, M. Kuhn, “Low Cost Attacks on Tamper Resistant Devices,” these proceedings.
D. Balenson, “Privacy Enhancement for Internet Electronic Mail: Part III — Algorithms, Modes, and Identifiers,” RFC 1423, Feb 1993.
M. Burrows, M. Abadi, and R. Needham, “A Logic of Authentication,” ACM Transactions on Computer Systems, v. 8, n. 1, Feb 1990, pp. 18–36.
I. Curry, “Entrust Overview, Version 1.0,” Entrust Technologies, Oct. 96. http://www.entrust.com/downloads/overview.pdf
S. Dusse, “S/MIME Message Specification: PKCS Security Services for MIME,” IETF Networking Group Internet Draft, Sep 1996. ftp://ietf.org/internet-drafts/draft-dusse-mime-msg-spec-OO.txt
A. Freier, P. Karlton, and P. Kocher, “The SSL Protocol Version 3.0”, ftp://ftp.netscape. com/pub/review/ssl-spec.tar. Z,March 4 1996, Internet Draft, work in progress.
L. Gong and P. Syverson, “Fail-Stop Protocols: An Approach to Designing Secure Protocols,” Fifth International Working Conference on Dependable Computing for Critical Applications, Sept. 1995.
E. Gabber and A. Silberschatz, “Agora: A Minimal Distributed Protocol for Electronic Commerce,” The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Association, 1996, pp. 223–232.
B.S. Kaliski, “Privacy Enhancement for Internet Electronic Mail: Part. IV — Key Certificates and Related Services,” RFC 1424, Feb 1993.
S.T Kent, “Privacy Enhancement for Internet Electronic Mail: Part II — Certificate Based Key Management,” RFC; 1422, Feb 1993.
J. Linn, “Privacy Enhancement for Internet Electronic Mail: Part I — Message Encipherment and Authentication Procedures,” RFC 1421, Feb 1993.
R. Morris, invited talk at Crypto '96.
A. J. Menezes, P. C. Van Oorschot, S. A. Vanstone, Handbook of Applied Cryptography, p. 418, CRC Press, 1997.
van Ooorschot, “Standards Supported by Entrust, Version 2.0,” Entrust Technologies, Dec 1996.http://www.entrust.com/downloads/standards.pdf
RSA Data Security, Inc., “S/MIME Implementation Guide Interoperability Profiles, Version 2,” S/MIME Editor, Draft, Oct 1996. ftp://ftp.rsa.com/pub/S-MIME/IMPGV2.txt
B. Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, 1996.
B. Schneier, E-Mail Security, John Wiley & Sons, 1995.
B. Schneier and C. Hall, “An Improved E-Mail Security Protocol,” in preparation.
J. Tardo and K. Alagappan, “SPX: Global Authentication Using Public Key Certificates,” Proceedings of the 1991 IEEE Computer Society Symposium on Security and Privacy, 1991, pp. 232–244.
J. Tardo, K. Alagappan, and R. Pitkin, “Public Key Based Authentication Using Internet Certificates,rd USENIX Security II Workshop Proceedings, 1990, pp. 121–123.
Visa and MasterCard, “Secure Electronic Transaction (SET) Specification, Books 1–3” June 1996, http://www.visa. com.cgi-bin/vee/sf/set / /intro.html or http://www.mastercard.com/set/set.htm.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kelsey, J., Schneier, B., Wagner, D. (1998). Protocol interactions and the chosen protocol attack. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds) Security Protocols. Security Protocols 1997. Lecture Notes in Computer Science, vol 1361. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0028162
Download citation
DOI: https://doi.org/10.1007/BFb0028162
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64040-0
Online ISBN: 978-3-540-69688-9
eBook Packages: Springer Book Archive