Formal Specification and Verification for S/KEY Against Dictionary Attack

사전공격 방지를 위한 S/KEY의 정형 명세 및 검증

  • Published : 2004.09.01

Abstract

S/KEY system was proposed to guard against intruder's password replay attack. But S/KEY system has vulnerability that if an attacker derive passphrase from his dictionary file, he can acquire one-time password required for user authentication. In this paper, we propose a correct S/KEY system mixed with EKE to solve the problem. Also, we specify a new S/KEY system with Casper and CSP, verify its secrecy and authentication requirements using FDR model checking tool.

S/KEY 시스템은 공격자의 패스워드 재공격을 방지하기 위해 제안되었다. 하지만 S/KEY 시스템은 공격자가 자신이 가지고 있는 사전에서 패스프레이즈(passphrase)를 유추해 낼 경우, 결국 인증을 하는데 필요한 일회용 패스워드를 알아낼 수 있는 취약점을 가지고 있다. 이 논문에서는 passphrase에 대한 사전공격을 방지하기 위해 EKE(Encrypted Key Exchange) 프로토콜을 적용한 새로운 S/KEY 시스템을 제시한다. 그리고 새로 제안된 S/KEY 시스템의 안전성을 검증하기 위해 Casper와 CSP로 프로토콜을 명세하고, FDR 모델 체커를 이용하여 그 안전성을 검증하였다.

Keywords

References

  1. W. Stallings, Cryptography and Network Security: Principles and Practice, Prentice-Hall, 1998
  2. S. Mann and E. L. Mitchell, Linux System Security: The Administrator's Guide to Open Source Security Tools, Prentice-Hall, 2000
  3. D. Song, D. Wagner and X. Tian, 'Timing Analysis of Keystrokes and SSH Timing Attacks,' 10th USENIX Security Symposium, pp. 337-352, Washington, 2001
  4. N. M. Haller, 'The S/KeyTM One-Time Password System,' Proceedings of the Symposium on Network and Distributed System Security, pp. 151-157, San Diego CA, 1994
  5. N. Haller, 'The S/Key One-Time Password System,' 1995
  6. L. Chen and C. J Mitchell, 'Comments on the S/KEY User Authentication Scheme,' ACM SIGOPS Operating Systems Review, Vol. 30, Issue 4. pp. 12-16, 1996 https://doi.org/10.1145/240799.240801
  7. G. Lowe, 'Casper: A Compiler for the Analysis of Security Protocols,' 10th IEEE Computer Security Foundations Workshop, pp. 18-30, Massachusetts, 1997 https://doi.org/10.1109/CSFW.1997.596779
  8. C. A. R. Hoare, Communicating Sequential Processes. Prentice-Hall, 1985
  9. G. Lowe and A. W. Roscoe, 'Using CSP to Detect Errors in the TMN Protocol,' IEEE Transactions in Software Engineering, Vol. 23, No. 10, pp. 659-669, 1997 https://doi.org/10.1109/32.637148
  10. G. Lowe, 'Analysing Protocols Subject to Guessing Attacks,' Proceedings of the Workshop on Issues in the Theory of Security (WITS '02), pp. 53-84, 2002
  11. P. Y. A. Ryan and S. A. Schneider, Modelling and Analysis of Security Protocols: the CSP Approach, Addison-Wesley, 2001
  12. S. Schneider, 'Security Properties and CSP,' IEEE Symp. Security and Privacy, pp. 147-187, Oakland, 1996 https://doi.org/10.1109/SECPRI.1996.502680
  13. S. Schnedier, 'Verifying Authentication Protocols with CSP,' 10th IEEE Computer Security Foundations Workshop, pp. 3-17, Massachusetts, 1997 https://doi.org/10.1109/CSFW.1997.596775
  14. Formal Systems (Europe) Ltd, Failure Divergence Refinement-FDR2 User Manual, 1999
  15. G. Lowe, 'Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR,' Proceedings of TACAS, pp. 147-166, Germany, 1996
  16. S. Bellovin, M. Merrit, 'Encrypted key exchange: password based protocols secure against dictionary attacks,' In Proc. of the Symposium on Security and Privacy, pp. 72-84, 1992 https://doi.org/10.1109/RISP.1992.213269
  17. J. Clark and J. Jacob, 'A Survey of Authentication Protocol Literature: Version 1.0,' Available via http://www.win.tue.nl/ecss/downloads/c1arkjacob.pdf, 1997
  18. D. Jablon, 'Strong Password-Only Authenticated Key Exchange,' ACM Computer Communications Review, pp. 5-26, 1996 https://doi.org/10.1145/242896.242897
  19. C. Mitchell, 'Automated Analysis of Cryptographic Protocols Using Murphi,' IEEE Symposium on Security and Privacy, pp. 141-153, Oakland, 1997 https://doi.org/10.1109/SECPRI.1997.601329
  20. C. Meadows, 'The NRL Protocol Analyzer : An Overview,' Journal of Logic Programming, Vol. 26, No.2, pp. 113-131, 1994 https://doi.org/10.1016/0743-1066(95)00095-X
  21. L. Gong, 'Java Security: Present and Near Future,' IEEE Micro, Vol. 17 No.3, pp. 14-19, 1997 https://doi.org/10.1109/40.591650
  22. B. Hatch, J. Lee and G. Kurtz, Hacking Linux Exposed, McGraw-Hill, 2001