Skip to main content
SpringerLink
Log in

Protocol interactions and the chosen protocol attack

  • Conference paper
  • First Online:
Security Protocols (Security Protocols 1997)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1361))

Included in the following conference series:

Abstract

There are many cases in the literature in which reuse of the same key material for different functions can open up security holes. In this paper, we discuss such interactions between protocols, and present a new attack, called the chosen protocol attack, in which an attacker may write a new protocol using the same key material as a target protocol, which is individually very strong, but which interacts with the target protocol in a security-relevant way. We finish with a brief discussion of design principles to resist this class of attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R. Anderson, “Robustness Principles for Public Key Protocols,” Advances in Cryptology-CRYPTO '95, Springer-Verlag, 1995, pp. 236–247.

    Google Scholar 

  2. R. Anderson personal communication, 1997.

    Google Scholar 

  3. R. Anderson, “Perfect Forward Secrecy”, presented at the rump session of Eurocrypt '97, 1997.

    Google Scholar 

  4. R. Anderson, M. Kuhn, “Low Cost Attacks on Tamper Resistant Devices,” these proceedings.

    Google Scholar 

  5. D. Balenson, “Privacy Enhancement for Internet Electronic Mail: Part III — Algorithms, Modes, and Identifiers,” RFC 1423, Feb 1993.

    Google Scholar 

  6. M. Burrows, M. Abadi, and R. Needham, “A Logic of Authentication,” ACM Transactions on Computer Systems, v. 8, n. 1, Feb 1990, pp. 18–36.

    Article  Google Scholar 

  7. I. Curry, “Entrust Overview, Version 1.0,” Entrust Technologies, Oct. 96. http://www.entrust.com/downloads/overview.pdf

    Google Scholar 

  8. S. Dusse, “S/MIME Message Specification: PKCS Security Services for MIME,” IETF Networking Group Internet Draft, Sep 1996. ftp://ietf.org/internet-drafts/draft-dusse-mime-msg-spec-OO.txt

    Google Scholar 

  9. A. Freier, P. Karlton, and P. Kocher, “The SSL Protocol Version 3.0”, ftp://ftp.netscape. com/pub/review/ssl-spec.tar. Z,March 4 1996, Internet Draft, work in progress.

    Google Scholar 

  10. L. Gong and P. Syverson, “Fail-Stop Protocols: An Approach to Designing Secure Protocols,” Fifth International Working Conference on Dependable Computing for Critical Applications, Sept. 1995.

    Google Scholar 

  11. E. Gabber and A. Silberschatz, “Agora: A Minimal Distributed Protocol for Electronic Commerce,” The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Association, 1996, pp. 223–232.

    Google Scholar 

  12. B.S. Kaliski, “Privacy Enhancement for Internet Electronic Mail: Part. IV — Key Certificates and Related Services,” RFC 1424, Feb 1993.

    Google Scholar 

  13. S.T Kent, “Privacy Enhancement for Internet Electronic Mail: Part II — Certificate Based Key Management,” RFC; 1422, Feb 1993.

    Google Scholar 

  14. J. Linn, “Privacy Enhancement for Internet Electronic Mail: Part I — Message Encipherment and Authentication Procedures,” RFC 1421, Feb 1993.

    Google Scholar 

  15. R. Morris, invited talk at Crypto '96.

    Google Scholar 

  16. A. J. Menezes, P. C. Van Oorschot, S. A. Vanstone, Handbook of Applied Cryptography, p. 418, CRC Press, 1997.

    Google Scholar 

  17. van Ooorschot, “Standards Supported by Entrust, Version 2.0,” Entrust Technologies, Dec 1996.http://www.entrust.com/downloads/standards.pdf

    Google Scholar 

  18. RSA Data Security, Inc., “S/MIME Implementation Guide Interoperability Profiles, Version 2,” S/MIME Editor, Draft, Oct 1996. ftp://ftp.rsa.com/pub/S-MIME/IMPGV2.txt

    Google Scholar 

  19. B. Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, 1996.

    Google Scholar 

  20. B. Schneier, E-Mail Security, John Wiley & Sons, 1995.

    Google Scholar 

  21. B. Schneier and C. Hall, “An Improved E-Mail Security Protocol,” in preparation.

    Google Scholar 

  22. J. Tardo and K. Alagappan, “SPX: Global Authentication Using Public Key Certificates,” Proceedings of the 1991 IEEE Computer Society Symposium on Security and Privacy, 1991, pp. 232–244.

    Google Scholar 

  23. J. Tardo, K. Alagappan, and R. Pitkin, “Public Key Based Authentication Using Internet Certificates,rd USENIX Security II Workshop Proceedings, 1990, pp. 121–123.

    Google Scholar 

  24. Visa and MasterCard, “Secure Electronic Transaction (SET) Specification, Books 1–3” June 1996, http://www.visa. com.cgi-bin/vee/sf/set / /intro.html or http://www.mastercard.com/set/set.htm.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Counterpane Systems, 101 E. Minnehaha Parkway, 55419, Minneapolis, MN

    John Kelsey & Bruce Schneier

  2. U.C. Berkeley, C.S. Div., Soda Hall, 94720-1776, Berkeley, CA

    David Wagner

Authors
  1. John Kelsey
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bruce Schneier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Wagner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Bruce Christianson Bruno Crispo Mark Lomas Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kelsey, J., Schneier, B., Wagner, D. (1998). Protocol interactions and the chosen protocol attack. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds) Security Protocols. Security Protocols 1997. Lecture Notes in Computer Science, vol 1361. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0028162

Download citation

  • DOI: https://doi.org/10.1007/BFb0028162

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-64040-0

  • Online ISBN: 978-3-540-69688-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation