Design guidelines for security protocols to prevent replay & parallel session attacks

摘要

This work is concerned with the design of security protocols. These protocols are susceptible to intruder attacks and their security compromised if weaknesses in the protocols' design are evident. In this paper a new analysis is presented on the reasons why security protocols are vulnerable to replay and parallel session attack and based on this analysis a new set of design guidelines to ensure resistance to these attacks is proposed. The guidelines are general purpose so as to encompass a wide spectrum of security protocols. Further, an empirical study on the effectiveness of the proposed guidelines is carried out on a set of protocols, incorporating those that are known to be vulnerable to replay or parallel session attacks as well as some amended versions that are known to be free of these weaknesses. The goal of this study is to establish conformance of the set of protocols with the proposed design guidelines. The results of the study show that any protocol following the design guidelines can be considered free of weaknesses exploitable by replay or parallel session attacks. On the other hand, if non-conformance of a protocol with the design guidelines is determined, then the protocol is vulnerable to replay or parallel session attacks.