Methodology for assessing the security of cryptographic protocols

A. Yu. Nesterenko; A. M. Semenov

Geodesic

Parcourir par

Methodology for assessing the security of cryptographic protocols

A. Yu. Nesterenko ; A. M. Semenov

Prikladnaâ diskretnaâ matematika, no. 2 (2022), pp. 33-82.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

This paper proposes a method for evaluating the security of cryptographic protocols used to protect information in telecommunication networks, as well as in networks of the “Internet of Things”. The procedure for evaluation of information system security is described, including the construction of the list of threats, the threat model, and detailing of the model and the abilities of the intruder. The concept of security property is considered, the extended list of the specified properties, their classification and formal mathematical model are given. As part of the model, for given properties of security, we propose a method for obtaining numerical values of performance parameters depending on the probability of success and algorithmic complexity of the solution of a number of known mathematical problems. In conclusion, the results of the application of the proposed method to the analysis of ESP and IKEv2 protocols of IPSec family standardized in the Russian Federation are presented.

Keywords: security property, cryptographic protocol, information security performance indicator.

@article{PDM_2022_2_a3,
     author = {A. Yu. Nesterenko and A. M. Semenov},
     title = {Methodology for assessing the security of cryptographic protocols},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {33--82},
     publisher = {mathdoc},
     number = {2},
     year = {2022},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2022_2_a3/}
}

TY  - JOUR
AU  - A. Yu. Nesterenko
AU  - A. M. Semenov
TI  - Methodology for assessing the security of cryptographic protocols
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2022
SP  - 33
EP  - 82
IS  - 2
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2022_2_a3/
LA  - ru
ID  - PDM_2022_2_a3
ER  -

%0 Journal Article
%A A. Yu. Nesterenko
%A A. M. Semenov
%T Methodology for assessing the security of cryptographic protocols
%J Prikladnaâ diskretnaâ matematika
%D 2022
%P 33-82
%N 2
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2022_2_a3/
%G ru
%F PDM_2022_2_a3

A. Yu. Nesterenko; A. M. Semenov. Methodology for assessing the security of cryptographic protocols. Prikladnaâ diskretnaâ matematika, no. 2 (2022), pp. 33-82. http://geodesic.mathdoc.fr/item/PDM_2022_2_a3/

Bibliographie
Cité par

[1] GOST R ISO/MEK 27033-1:2011. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Bezopasnost setei. Ch. 1. Obzor i kontseptsii, Standartinform, M., 2012, 73 pp.

[2] R 1323565.1.012-2017. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Printsipy razrabotki i modernizatsii shifrovalnykh (kriptograficheskikh) sredstv zaschity informatsii, Standartinform, M., 2017, 28 pp.

[3] D. Dolev, A. Yao, “On the security of public key protocols”, IEEE Trans. Inform. Theory, 29:2 (1983), 198–208 | DOI | MR | Zbl

[4] D. Basin, C. Cremers, “Modeling and analyzing security in the presence of compromising adversaries”, LNCS, 6345, 2010, 340–356 | MR

[5] G. Lowe, “Breaking and fixing the Needham Schroeder Public-Key Protocol using FDR”, LNCS, 1055, 1996, 1–20

[6] GOST R 50922-2006. Zaschita informatsii. Osnovnye terminy i opredeleniya, 2008 https://docs.cntd.ru/document/1200058320

[7] M. Bellare, P. Rogaway, “Entity authentication and key distribution”, LNCS, 773, 1993, 232–249 | MR

[8] M. Bellare, D. Pointcheval, P. Rogaway, “Authenticated key exchange secure against dictionary attacks”, LNCS, 1807, 2000, 139–155 | Zbl

[9] M. Bellare, P. Rogaway, “Provably secure session key distribution the three party case”, 27th ACM Symp. Theory Computing, ACM Press, 1995, 57–66 | Zbl

[10] S. Blake-Wilson, D. Johnson, A. Menezes, “Key agreement protocols and their security analysis”, LNCS, 1355, 1997, 30–45 | MR | Zbl

[11] S. Blake-Wilson, A. Menezes, “Entity authentication and authenticated key transport protocols employing asymmetric techniques”, LNCS, 1361, 1998, 137–158 | Zbl

[12] R. Canetti, H. Krawczyk, “Analysis of key-exchange protocols and their use for building secure channels”, LNCS, 2045, 2001, 453–474 | MR | Zbl

[13] B. LaMacchia, K. Lauter, A. Mityagin, “Stronger security of authenticated key exchange”, LNCS, 4784, 2007, 1–16 | Zbl

[14] H. Krawczyk, “HMQV: A high-performance secure Diffie Hellman protocol”, LNCS, 3621, 2005, 546–566 | MR | Zbl

[15] A. Menezes, B. Ustaoglu, “On the importance of public-key validation in the MQV and HMQV key agreement protocols”, LNCS, 4329, 2006, 133–147 | MR | Zbl

[16] M. Rabin, Digitized Signatures and Public Key Functions as Intractable as Factorization, Technical Report: MIT/LCS/TR-212, MIT Laboratory for Computer Science, Cambridge, 1979

[17] S. Goldwasser, S. Micali, “Probabilistic encryption”, J. Computer System Sci., 28 (1984), 270–299 | DOI | MR | Zbl

[18] W. Mao, Modern Cryptography: Theory and Practice, Prentice Hall, New Jersey, 2003, 707 pp.

[19] C. Boyd, A. Mathuria, D. Stebila, Protocols for Authentication and Key Establishment, Second Ed., Springer Verlag, Berlin–Heidelberg, 2020, 521 pp. | Zbl

[20] A. P. Alferov, A. Yu. Zubov, A. S. Kuzmin, A. V. Cheremushkin, Osnovy kriptografii, Gelios ARV, M., 2002, 480 pp.

[21] A. V. Babash, G. P. Shankin, Kriptografiya, Solon-Press, M., 2007, 512 pp.

[22] E. K. Alekseev, L. R. Akhmetzyanova, I. B. Oshkin, S. V. Smyshlyaev, “Obzor uyazvimostei nekotorykh protokolov vyrabotki obschego klyucha s autentifikatsiei na osnove parolya i printsipy postroeniya protokola SESPAKE”, Matematicheskie voprosy kriptografii, 7:4 (2016), 7–28 | MR | Zbl

[23] L. R. Ahmetzyanova, E. K. Alekseev, G. K. Sedov et al, “Practical significance of security bounds for standardized internally re-keyed block cipher modes”, Matematicheskie voprosy kriptografii, 10:2 (2019), 31–46 | MR | Zbl

[24] R 1323565.1.030-2020. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Ispolzovanie kriptograficheskikh algoritmov v protokole bezopasnosti transportnogo urovnya (TLS 1.3), Standartinform, M., 2020, 73 pp.

[25] R 1323565.1.028-2018. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Kriptograficheskie mekhanizmy zaschischennogo vzaimodeistviya kontrolnykh i izmeritelnykh ustroistv, Standartinform, M., 2019, 66 pp.

[26] A. Yu. Nesterenko, “Ob odnom podkhode k postroeniyu zaschischennykh soedinenii”, Matematicheskie voprosy kriptografii, 4:2 (2013), 101–111 | Zbl

[27] A. Yu. Nesterenko, P. A. Lebedev, A. M. Semenov, Kratkii analiz kriptograficheskikh mekhanizmov zaschischennogo vzaimodeistviya kontrolnykh i izmeritelnykh ustroistv, Kriptograficheskie issledovaniya, Tekhnicheskii komitet po standartizatsii «Kriptograficheskaya zaschita informatsii», 2019 https://tc26.ru/standarts/kriptograficheskie-issledovaniya/

[28] A. M. Semenov, “Analysis of Russian key-agreement protocols using automated verification tools”, Matematicheskie voprosy kriptografii, 8:2 (2017), 131–142 | MR

[29] R 1323565.1.035-2021. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Ispolzovanie rossiiskikh kriptograficheskikh algoritmov v protokole zaschity informatsii ESP, Standartinform, M., 2021, 52 pp.

[30] A. V. Cheremushkin, “Kriptograficheskie protokoly: osnovnye svoistva i uyazvimosti”, Prikladnaya diskretnaya matematika. Prilozhenie, 2009, no. 2, 115–150 | Zbl

[31] IETF. RFC 3552. Guidelines for Writing RFC Text on Security Considerations, 2003 https://tools.ietf.org/html/rfc3552

[32] The AVISPA Project. Properties (Goals), 2021 http://www.avispa-project.org/delivs/6.1/d6-1/node3.html

[33] GOST R 53113.1-2008 Informatsionnaya tekhnologiya. Zaschita informatsionnykh tekhnologii i avtomatizirovannykh sistem ot ugroz informatsionnoi bezopasnosti, realizuemykh s ispolzovaniem skrytykh kanalov. Ch. 1. Obschie polozheniya, Standartinform, M., 2008, 12 pp.

[34] GOST R 53113.2-2009 Informatsionnaya tekhnologiya. Zaschita informatsionnykh tekhnologii i avtomatizirovannykh sistem ot ugroz informatsionnoi bezopasnosti, realizuemykh s ispolzovaniem skrytykh kanalov. Ch. 2. Rekomendatsii po organizatsii zaschity informatsii, informatsionnykh tekhnologii i avtomatizirovannykh sistem ot atak s ispolzovaniem skrytykh kanalov, Standartinform, M., 2009, 12 pp.

[35] V. V. Vidyakin, “O svyazi skrytykh informatsionnykh kanalov i subprotokolov”, Obozrenie prikl. i promyshl. matem., 13:1 (2006), 87–88

[36] A. V. Knyazev, A. F. Ronzhin, “Instrumentalnyi analiz mutnykh protokolov”, Obozrenie prikl. i promyshl. matem., 14:4 (2007), 577–646 | MR

[37] S. V. Matveev, “Nekotorye podkhody k otsenke propusknoi sposobnosti skrytykh kanalov v IP-setyakh”, Sistemy vysokoi dostupnosti, 8:2 (2012), 68–71

[38] S. Blake-Wilson, A. Menezes, “Unknown key-share attacks on the Station-to-Station (STS) protocol”, LNCS, 1560, 1999, 154–170 | Zbl

[39] W. Diffie, P. van Oorschot, M. Wiener, “Authentication and authenticated key exchanges”, Des. Codes Crypt., 2 (1992), 107–125 | DOI | MR

[40] IETF. RFC 8654. Extended Message Support for BGP, 2019 https://tools.ietf.org/html/rfc8654

[41] IETF. RFC 3748. Extensible Authentication Protocol (EAP), 2004 https://tools.ietf.org/html/rfc3748

[42] IETF. RFC 7029. Extensible Authentication Protocol (EAP) Mutual Cryptographic Binding, 2013 https://tools.ietf.org/html/rfc7029

[43] C. Cremers, Scyther Semantics and Verification of Security Protocols, Ph.D. Thesis, Eindhoven Univ. Technology, 2006, 205 pp.

[44] Proverif: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial, 2020, 150 pp. http://prosecco.gforge.inria.fr/personal/bblanche/proverif/manual.pdf

[45] GOST R 58833-2020. Zaschita informatsii. Identifikatsiya i autentifikatsiya. Obschie polozheniya, Standartinform, M., 2020, 28 pp.

[46] B. A. Pogorelov, V. N. Sachkov (red.), Slovar kriptograficheskikh terminov, MTsMNO, M., 2006, 94 pp.

[47] GOST R ISO/MEK 9594-8-98. Informatsionnaya tekhnologiya. Vzaimosvyaz otkrytykh sistem. Spravochnik. Ch. 8. Osnovy autentifikatsii, Standartinform, M., 2001, 29 pp.

[48] J. G. Fletcher, “An arithmetic checksum for serial transmissions”, IEEE Trans. Communications, 30:1 (1982), 247–252 | DOI

[49] W. W. Peterson, D. T. Brown, “Cyclic codes for error detection”, Proc. IRE, 49:1 (1961), 228–235 | DOI | MR

[50] GOST R 34.11-2012. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Funktsiya kheshirovaniya, Standartinform, M., 2012, 25 pp.

[51] E. Alashwali, K. Rasmussen, What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS, Cryptology ePrint Archive, Report 2019/1083, 2019 https://eprint.iacr.org/2019/1083

[52] I. F. Kachalin, A. S. Kuzmin, E. A. Suslov i dr., “Ob osnovnykh kontseptsiyakh kriptograficheskoi stoikosti”, Tezisy XII Vseros. shkoly-kollokviuma po stokhasticheskim metodam i VI Vseros. simpoziuma po prikladnoi i promyshlennoi matematike (Sochi–Dagomys, 1–7 oktyabrya 2005 g.), 982–983

[53] A. B. Los, A. Yu. Nesterenko, M. I. Rozhkov, Kriptograficheskie metody zaschity informatsii, Izd-vo Yurait, M., 2016, 473 pp.

[54] IETF. RFC 4303. IP Encapsulating Security Payload (ESP), 2005 https://datatracker.ietf.org/doc/html/rfc4303

[55] IETF. RFC 7296. Internet Key Exchange Protocol Version 2 (IKEv2), 2014 https://datatracker.ietf.org/doc/html/rfc7296

[56] H. Krawczyk, “SIGMA: The ‘SIGn-and-MAc’ approach to authenticated Diffie–Hellman and its use in the IKE protocols”, LNCS, 2729, 2003, 400–425 | MR | Zbl

[57] R 50.1.113-2016. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Kriptograficheskie algoritmy, soputstvuyuschie primeneniyu algoritmov elektronnoi tsifrovoi podpisi i funktsii kheshirovaniya, Standartinform, M., 2016, 28 pp.