Abstract
A formal definition of confidentiality is developed using soft (rather than crisp) constraints. The goal is no longer considered as a mere yes/no property as in the existing literature, but gains an extra parameter, the security level. The higher the security level, the stronger the goal. For example, different messages may enjoy different levels of confidentiality, and the same message may enjoy different levels of confidentiality for different principals. On this basis, the notion of indeliberate confidentiality attack can be captured, whereby a principal learns some message not meant for him because of someone else’s tampering. The analysis of Lowe’s attack on the Needham-Schroeder protocol reveals a new weakness.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bella, G., Bistarelli, S.: Protocol Analysis using Soft Constraints. Invited talk at S.R.I. Security group, Menlo Park, USA (February 2001)
Bella, G., Bistarelli, S.: Soft Constraints for Security Protocol Analysis: Confidentiality. In: Ramakrishnan, I.V. (ed.) PADL 2001. LNCS, vol. 1990, pp. 108–122. Springer, Heidelberg (2001)
Bistarelli, S., Fruewirth, T., Marte, M., Rossi, F.: Soft Constraint Propagation and Solving in CHR. In: Proc. ACM Symposium on Applied Computing (SAC), Madrid, Spain. ACM, New York (March 2002)
Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based Constraint Solving and Optimization. Journal of the ACM 44(2), 201–236 (1997)
Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based Constraint Logic Programming: Syntax and Semantics. ACM Transactions on Programming Languages and System (TOPLAS) 23, 1–29 (2001)
Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A Meta-Notation for Protocol Analysis. In: Proc. CSFW, pp. 55–69 (1999)
Denning, D.E.: A Lattice Model of Secure Information Flow. Comm. of ACM 19(5), 236–242 (1976)
Dubois, D., Fargier, H., Prade, H.: The Calculus of Fuzzy Restrictions as a Basis for Flexible Constraint Satisfaction. In: Proc. of IEEE International Conference on Fuzzy Systems, pp. 1131–1136. IEEE Press, Los Alamitos (1993)
Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of Bounded Security Protocols. In: Heintze, N., Clarke, E. (eds.) Proc. FMSP 1999 (1999)
Freuder, E.C., Wallace, R.J.: Partial Constraint Satisfaction. AI Journal (1992)
Gray, E.: American national standard t1.523-2001, telecom glossary 2000 (2001), published on the Web at http://www.its.bldrdoc.gov/projects/telecomglossary2000
Lowe, G.: An Attack on the Needham-Schroeder Public-Key Authentication Protocol. Information Processing Letters 56(3), 131–133 (1995)
Mackworth, A.K.: Consistency in Networks of Relations. Artificial Intelligence 8(1), 99–118 (1977)
Montanari, U.: Networks of Constraints: Fundamental Properties and Applications to Picture Processing. Information Science 7, 95–132 (1971); Also Technical Report, Carnegie Mellon University (1971)
Neuman, B.C., Ts’o, T.: Kerberos: An Authentication Service for Computer Networks, from IEEE Communications Magazine, September, 1994. In: Stallings, W. (ed.) Practical Cryptography for Data Internetworks. IEEE Press, Los Alamitos (1996)
Ruttkay, Z.: Fuzzy Constraint Satisfaction. In: Proc. of 3rd IEEE International Conference on Fuzzy Systems, pp. 1263–1268 (1994)
Schiex, T.: Possibilistic Constraint Satisfaction Problems, or How to Handle Soft Constraints? In: Proc. of 8th Conference on Uncertainty in AI, pp. 269–275 (1992)
Schiex, T., Fargier, H., Verfaille, G.: Valued Constraint Satisfaction Problems: Hard and Easy Problems. In: Proc. of the 14th International Joint Conference on Artificial Intelligence (IJCAI 1995), pp. 631–637. Morgan Kaufmann, San Francisco (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bella, G., Bistarelli, S. (2004). Confidentiality Levels and Deliberate/Indeliberate Protocol Attacks. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2002. Lecture Notes in Computer Science, vol 2845. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39871-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-39871-4_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20830-3
Online ISBN: 978-3-540-39871-4
eBook Packages: Springer Book Archive