Enhancing the Security of Protocols against Actor Key Compromise Problems
Jing Ma, Wenhui Zhang
TL;DR
This paper investigates actor key compromise (AKC) in security protocols, analyzing vulnerabilities in practical systems like PKMv2RSA and Kerberos, and proposes solutions to improve security against such attacks.
Contribution
It formally characterizes AKC attacks, analyzes vulnerabilities in real-world protocols, and offers enhancements to bolster security under AKC scenarios.
Findings
Identified vulnerabilities in PKMv2RSA and Kerberos protocols.
Proposed security enhancements to mitigate AKC attacks.
Formalized properties of AKC attack types.
Abstract
Security of complex systems is an important issue in software engineering. For complex computer systems involving many actors, security protocols are often used for the communication of sensitive data. Actor key compromise (AKC) denotes a situation where the long-term secret key of an actor may be known to an adversary for some reasons. Many protocols are not secure enough for ensuring security in such a situation. In this paper, we further study this problem by looking at potential types of attacks, defining their formal properties and providing solutions to enhance the level of security. As case studies, we analyze the vulnerabilities (with respect to potential AKC attacks) of practical protocols, including PKMv2RSA and Kerberos, and provide solutions to enhance the level of security of such protocols.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Authentication Protocols Security · User Authentication and Security Systems · Physical Unclonable Functions (PUFs) and Hardware Security