Injecting heterogeneity through protocol randomization

Injecting heterogeneity through protocol randomization (2007)

Cached

Download Links

by Li Zhuang , J. Doug Tygar , Rachna Dhamija , Computer Science Division

Venue:	0. We obtain Ui = M − c . Because c− bc � � pL = bc b − pL
Citations:	2 - 0 self

BibTeX

@INPROCEEDINGS{Zhuang07injectingheterogeneity,
    author = {Li Zhuang and J. Doug Tygar and Rachna Dhamija and Computer Science Division},
    title = {Injecting heterogeneity through protocol randomization},
    booktitle = {0. We obtain Ui = M − c . Because c− bc � � pL = bc b − pL},
    year = {2007}
}

Bookmark

OpenURL

Abstract

In this paper, we argue that heterogeneity should be an important principle in design and use of cryptographic protocols. We use automated formal analysis tools to randomly generate security protocols as a method of introducing heterogeneity. We present the results of simulations for the case of two party authentication protocols and argue that choosing protocols randomly out of sets numbering in the hundreds of millions is practical and achievable with an acceptable overhead. To realize the simulation, we implemented a highly efficient protocol verifier, achieving approximately two orders of magnitude improvement in performance compared to previous work.

Citations

2507	A method for obtaining digital signatures and public-key cryptosystems - Rivest, Shamir, et al.
783	Using encryption for authentication in large networks of computers - Needham, Schroeder - 1978
581	Kerberos: An authentication service for open network systems - Steiner, Neuman, et al. - 1988
548	Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR - Lowe
453	Theory and applications of trapdoor functions - Yao - 1982
443	How to generate and exchange secrets - Yao - 1986
245	Automated Analysis of Cryptographic Protocols using Mur - Mitchell, Mitchell, et al. - 1997
217	C.: Protocol Verification as a Hardware Design Aid - Dill, Drexler, et al. - 1992
162	Address obfuscation: an efficient approach to combat a broad range of memory error exploits - Bhatkar, Varney, et al. - 2003
140	Building diverse computer systems - Forrest, Somayaji, et al. - 1997
129	The Murphi Verification System - Dill - 1996
114	PointGuard: protecting pointers from buffer overflow vulnerabilities - Cowan, Beattie, et al. - 2003
91	Formal verification of cryptographic protocols: A survey - Meadows - 1995
90	Transparent Runtime Randomization for Security - Xu, Kalbarczyk, et al. - 2003
88	Randomized Instruction Set Emulation to Disrupt Binary Code Inject Attacks - Barrantes, Ackley, et al. - 2003
80	spaces: Proving security protocols correct - Fábrega, Herzog, et al. - 1999
76	W.(2002) The art of deception: Controlling the human element of security - Mitnick, Simon
59	Athena: a novel approach to efficient automatic security protocol analysis - Song, Berezin, et al.
53	Mitigating buffer overflows by operating system randomization - CHEW, SONG - 2002
40	Finite-state analysis of two contract signing protocols - Shmatikov, Mitchell
31	Analysis of a fair exchange protocol - Shmatikov, Mitchell - 2000
30	Efficient finite-state analysis for large security protocols - Shmatikov, Stern - 1998
29	Looking for diamonds in the desert – extending automatic protocol generation to three-party authentication and key agreement protocols - Perrig, Song - 2000
28	Model checking electronic commerce protocols - Heintze, Tygar, et al. - 1996
20	Fast Generation of Prime Numbers and Secure Public-Key Cryptographic Parameters - Maurer - 1995
20	AGVI - automatic generation, verification and implementation of security protocols - Song, Perrig, et al. - 2001
17	A first step towards the automatic generation of security protocol - Perrig, Song - 2000
12	Cyberinsecurity: The cost of monopoly. How the dominance of Microsoft’s products poses a risk to society, 2003. Available from Computer & Communications Industry Association at http://www. ccianet.org/papers/cyberinsecurity.pdf - Geer, Pfleeger, et al.
11	Partial order reductions for security protocol verification - Clarke, Jha, et al. - 2000
10	Secure multi-party computation,” Final (incomplete) draft, version 1.4 - Goldreich - 2002
9	The Phoenix Recovery System: Rebuilding from the Ashes of an Internet Catastrophe - Junqueira, Bhagwan, et al.
4	Documentation for the PaX project - team - 2006
3	Attacking RSA-based sessions - Klima, Pokorny, et al. - 2003
2	What biology can (and can’t) teach us about security - Evans - 2004
2	An automatic approach for building secure systems - Song - 2003
1	GENESIS: A farmework for achieving component diversity - Knight
1	A model of computation for the NRL protocol analyzer,” CSFW - Meadows - 1994
1	Finitestate analysis of security protocols,” Computer Aided Verification - Mitchell, Shmatikov, et al. - 1998