An Approach for the Analysis of Security Standards for Authentication in Distributed Systems

H. A. Eneh, O. Gemikonakli

2005

Abstract

In this paper, we present our analysis of the leading standards for authentication in distributed systems and the inference rule used for our analysis. The inference rule here is similar to that used in the finite proof system of [3] and thus, is of the same family. However the rule of [3] can only reveal vulnerabilities of simpler protocols similar to Woo and Lam. Our inference rule proved that Kerberos version 5 remains vulnerable in scenarios of an attacker having reasonable communication and computational power especially in a single broadcast network. This vulnerability can aid a masquerade participating in the protocol. We also prove the possibility of a masquerade attack when an intruder participates in the SAML protocol. Though our inference rule, as part of our pre-emptive protocol tool is still in early stages of development, it has the potential to reveal subtle flaws that may not be detected by inference rules of the same family.

References

  1. Bellovin, M. and Merritt, M.: Limitations of the kerberos authentication mechanism, Winter In Proceedings USENIX Conference, Dallas, Texas, USA. (1991) Burrows, M., M. Abadi, and Needhan, R.: A Logic of Authentication, ACM Transactions on Computer Systems, 1990. 8(1), (1990), pp. 18-36.
  2. Debbabi, M. et al: From protocol specifications to flaws and attack scenarios: An automatic and formal algorithm, Proceedings of the 6th IEEE Workshop on Enabling Technologies Infrastructure for Collaborative Enterprise, 0-8186-7967-0/97, (1997)
  3. 4. Eneh, H. A., Singh, H., and Gemikonakli, O.: A three-way authentication framework for IEEE 802.11b networks, Proceedings of the 4th International Network Conference INC'04, Plymouth, UK, ISBN 1-84102-125-3, (2004), pp 345-352
  4. 5. Eneh, H. A. and Gemikonakli, O., Analysis of security protocols for authentication in distributed systems, Proceedings of IADIS International Conference on Applied Computing, IADIS'05, Volume 2, Algarve, Portugal, ISBN 972-99353-6-X, (2005), pp 301-305
  5. 6. Gligor, V. D. et al.: Logics for cryptographic protocols - Virtues and limitations, Proceedings of the 4th IEEE CSFW, (1991), pp 219-226
  6. 7. GroB, T.: Security analysis of the SAML Single Sign-on browser/artifact profile, http//www.acsac.org/, (2003)
  7. 8. Harbitter, A. and Menascé, D. A. A methodology for analysing the performance of authentication protocols, ACM Transaction on Information and System Security, Vol 5, No. 4, (2002), pp 458-491.
  8. 9. Heintze, N. and Tygar, J. D.: A model for secure protocols and their composition, IEEE Transactions on Software Engineering, 22(1), (1996), pp 16-30.
  9. 10. Hodges, J. and Wason, T.: Liberty architecture overview, http://www.projectliberty.org/specs/
  10. 11. Hughes, J and Maler, E.: Technical overview of the OASIS Security Assertion Markup Language (SAML) V1.1, Draft 03, http://www.oasis-open.org/committees, (2004)
  11. 12. Kohl, J. and Neuman, B. C.: The Kerberos network authentication service (Version 5), Internet Request for Comments RFC 1510., (1993)
  12. 13. Lampson, B. et al.: Authentication in distributed systems: Theory and Practice, ACM Transactions on Computer Systems, 10(4), (1992), 265-310.
  13. 14. Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol, Information Processing Letters, 56, (1995), 131-133.
  14. 15. Lowe, G.: A hierarchy of authentication specifications, Proceedings of the 10th Computer Security Foundations Workshop, (CSFW 7897), 1063-6900/97, (1997)
  15. 16. Mao, W. and Boyd, C.: Towards formal analysis of security protocols, Proceedings of Computer Security Foundation Workshop VI, (1993), pp 147-158.
  16. 17. Meadows, C.: Extending formal cryptographic protocol analysis techniques for group protocols and low level cryptographic primitives, Proceedings of the 1st Workshop on Issues in the Theory of Security, Geneva, (2000), pp 87-92.
  17. 18. Meadows, C.: Applying formal methods to the analysis of a key management protocol, Journal of Computer Security, 1(1), (1992), pp 5-35.
  18. 19. Mishra, P.: Bindings and protocols for the OASIS security assertions markup language (SAML), http://www.oasis-open.org/committees/security/, (2002)
  19. 20. Needham, R. and Schroeder, M.: Using encryption for authentication in large network of computers. Communications of the ACM, 21(12), (1978), pp 993-999.
  20. 21. Neuman, B. and Ts'o, T.: Kerberos: An authentication service for computer networks, 32(9), (1994) pp 33-38.
  21. 22. OASIS: Authentication Context for the OASIS Security Assertion Markup Language, (2004)
  22. 23. Rubin, A. D. and Honeyman, P.: Formal methods for the analysis of authentication protocols, Technical Report, CITI TR 93 - 7, (1993)
  23. 24. Stallings, W.: Cryptography and network security: Principles and practices, Third Edition, Prentice Hall, New Jersey, (2002)
Download


Paper Citation


in Harvard Style

A. Eneh H. and Gemikonakli O. (2005). An Approach for the Analysis of Security Standards for Authentication in Distributed Systems . In Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005) ISBN 972-8865-25-2, pages 21-30. DOI: 10.5220/0002574600210030


in Bibtex Style

@conference{wosis05,
author={H. A. Eneh and O. Gemikonakli},
title={An Approach for the Analysis of Security Standards for Authentication in Distributed Systems},
booktitle={Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)},
year={2005},
pages={21-30},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002574600210030},
isbn={972-8865-25-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)
TI - An Approach for the Analysis of Security Standards for Authentication in Distributed Systems
SN - 972-8865-25-2
AU - A. Eneh H.
AU - Gemikonakli O.
PY - 2005
SP - 21
EP - 30
DO - 10.5220/0002574600210030