Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
TACAS
2007
Springer
2007
Springer
Automatic Analysis of the Security of XOR-Based Key Management Schemes
We describe a new algorithm for analysing security protocols that use XOR, such as key-management APIs. As a case study, we consider the IBM 4758 CCA API, which is widely used in the ATM (cash machine) network. Earlier versions of the CCA API were shown to have serious flaws, and the fixes introduced by IBM in version 2.41 had not previously been formally analysed. We first investigate IBM’s proposals using a model checker for security protocol analysis, uncovering some important issues about their implementation. Having identified configurations we believed to be safe, we describe the formal verification of their security. We first define a new class of protocols, containing in particular all the versions of the CCA API. We then show that secrecy after an unbounded number of sessions is decidable for this class. Implementing the decision procedure requires some improvements, since the procedure is exponential. We describe a change of representation that leads to an implement...
Real-time TrafficAlgorithms | CCA API | Ibm 4758 Cca | Security Protocol | TACAS 2007 |
| Added | 09 Jun 2010 |
| Updated | 09 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | TACAS |
| Authors | Véronique Cortier, Gavin Keighren, Graham Steel |
Comments (0)
Researcher Info
|
