[1] Jiang Rui, Hu Aiqun,. Formal analysis of robust email protocol based on authentication tests [J]. Journal of Southeast University (English Edition), 2009, 25 (2): 147-151. [doi:10.3969/j.issn.1003-7985.2009.02.001]
Copy
Formal analysis of robust email protocol based on authentication tests(
)
基于认证测试的鲁棒电子邮件协议形式化分析
)Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]
- Volumn:
- 25
- Issue:
- 2009 2
- Page:
- 147-151
- Research Field:
- Computer Science and Engineering
- Publishing date:
- 2009-06-30
Info
- Title:
- Formal analysis of robust email protocol based on authentication tests
- 基于认证测试的鲁棒电子邮件协议形式化分析
- Author(s):
- Jiang Rui; Hu Aiqun
- School of Information Science and Engineering, Southeast University, Nanjing 210096, China
- Keywords:
- email protocol; authentication tests; formal method; perfect forward secrecy; strand space model
- PACS:
- TP393
- DOI:
- 10.3969/j.issn.1003-7985.2009.02.001
- Abstract:
- Based on the authentication tests and the strand space model, the robust email protocol with perfect forward secrecy is formally analyzed, and the security shortcomings of the protocol is pointed out.Meanwhile, the man-in-the-middle attack to the protocol is given, where the attacker forges the messages in the receiving phase to cheat the two communication parties and makes them share the wrong session keys with him.Therefore, the protocol is not ensured to provide perfect forward secrecy.In order to overcome the above security shortcomings, an advanced email protocol is proposed, where the corresponding signatures in the receiving phase of the protocol are added to overcome the man-in-the-middle attack and ensure to provide perfect forward secrecy.Finally, the proposed advanced email protocol is formally analyzed with the authentication tests and the strand space model, and it is proved to be secure in authentication of the email sender, the recipient and the server.Therefore, the proposed advanced email protocol can really provide perfect forward secrecy.
- 基于认证测试方法及strand space模型, 形式化分析了具有完美前向机密性的鲁棒电子邮件协议, 指出该协议存在安全缺陷.同时给出了针对该协议的中间人攻击方法, 即攻击者在协议的接收阶段通过伪造消息即可欺骗通信双方, 使通信双方与其共享错误的会话密钥, 由此使得协议的完美前向机密性得不到保证.针对协议的上述缺陷, 提出一种改进方案, 即通过在协议的接收阶段加入相应的签名信息, 以保证改进协议能够克服中间人攻击并且提供完美前向机密性.最后, 基于认证测试方法及strand space模型, 形式化证明了改进协议在发起者、接收者及服务器之间的安全认证, 确保了改进协议具备真正的完美前向机密性.
References:
[1] Kim B, Koo J, Lee D.Robust e-mail protocols with perfect forward secrecy [J].IEEE Communications Letters, 2006, 10(6):510-512.
[2] Sun H, Hsieh B, Hwang H.Secure e-mail protocols providing perfect forward secrecy[J].IEEE Communications Letters, 2005, 9(1):58-60.
[3] Dent A W.Flaws in an e-mail protocol of Sun, Hsieh, and Hwang [J].IEEE Communications Letters, 2005, 9(8):718-719.
[4] Diffie W, Hellman M E.New directions in cryptography [J].IEEE Transactions on Information Theory, 1976, 22(5):644-654.
[5] Yoon E J, Yoo K Y.Cryptanalysis of robust e-mail protocols with perfect forward secrecy[J].IEEE Communications Letters, 2007, 11(5):372-374.
[6] Guttman J D, Thayer Fabrega F J.Authentication tests and the structure of bundles [J].Theoretical Computer Science, 2002, 283(2):333-380.
[7] Guttman J D.Security protocol design via authentication tests [C]//Proceedings of the 15th IEEE Workshop on Computer Security Foundations.Washington, DC, USA:IEEE Computer Society, 2002:65-80.
[8] Thayer Fabrega F J, Herzog J C, Guttman J D.Strand spaces:proving security protocols correct [J].Journal of Computer Security, 1999, 7(2/3):191-230.
[9] Zheng Y.Digital signcryption or how to achieve cost(signature and encryption)[C]//CRYPTO’ 97.Lecture Notes in Computer Science, 1997, 1294:165-179.
Memo
- Memo:
-
Biography: Jiang Rui(1968—), male, doctor, associate professor, R.Jiang@seu.edu.cn.
Foundation item: The Natural Science Foundation of Jiangsu Province(No.BK2006108).
Citation: Jiang Rui, Hu Aiqun.Formal analysis of robust email protocol based on authentication tests[J].Journal of Southeast University(English Edition), 2009, 25(2):147-151.