Title :
Establishing and preventing a new replay attack on a non-repudiation protocol
Author :
Muntean, Carla ; Dojen, Reiner ; Coffey, Tom
Author_Institution :
Dept. of Electron. & Comput. Eng., Univ. of Limerick, Limerick, Ireland
Abstract :
Non-repudiation is a security service concerned with preventing a denial by one of the principals involved in a communication about having participated in this communication. In this paper, the Zhou Gollmann non-repudiation protocol is analyzed using an automated logic-based verification engine. As a result of this analysis a weakness in the protocol is discovered. Based on this weakness, a new replay attack on the Zhou Gollmann protocol is presented. In this attack, an intruder can incorrectly convince a principal to have successfully performed a new message exchange. As a consequence, the intruder can impersonate legitimate principals. The weakness leading to the attack is analyzed in detail and amendments to the protocol are proposed that prevent the presented attack. Further, formal verification of the amended protocol provides strong confidence in its correctness and effectiveness.
Keywords :
cryptographic protocols; formal logic; formal verification; Zhou Gollmann nonrepudiation protocol; automated logic-based verification engine; formal verification; message exchange; replay attack prevention; security service; Authentication; Communications technology; Data security; Engines; Explosions; Formal verification; Identity-based encryption; Logic design; Protocols; Public key; Non-repudiation; Zhou-Gollmann; fairness; freshness; replay attack;
Conference_Titel :
Intelligent Computer Communication and Processing, 2009. ICCP 2009. IEEE 5th International Conference on
Conference_Location :
Cluj-Napoca
Print_ISBN :
978-1-4244-5007-7
DOI :
10.1109/ICCP.2009.5284749
