Analysis of a Forced-Latency Defense Against Man-in-the-Middle Attacks
Abstract:
Several cryptographic protocols have been proposed to address the Man-in-the-Middle (MitM) attack without the prior exchange of keys. In this paper, one such protocol proposed by Zooko Wilcox-O’Hearn, the forced-latency defense against the chess grandmaster attack, is analyzed. Using the Cryptographic Protocol Shapes Analyzer (CPSA), the security properties of the protocol are validated through a novel use of CPSA’s state features to represent time. A small message-space attack is also uncovered that highlights an assumption that many protocols make, and a solution is proposed that would prevent such an attack against Wilcox-O’Hearn’s protocol.
AUTHORS
School of Computing, Informatics, Decision Systems Engineering Arizona State University Tempe, AZ
U.S.A.
Erin Lanus is a doctoral student in Computer Science at Arizona State University, where she also completed her undergraduate degree in Psychology. She was selected for the National Physical Science Consortium Graduate Fellowship program in 2014.
Research Directorate National Security Agency Fort George G.Meade, MD
U.S.A.
Dr. Edward V. Zieglar, Jr. is a Researcher in the Research Directorate of the National Security Agency where he specializes in cryptographic protocol analysis and verification and network security. He earned a bachelor’s degree in Engineering from Bucknell University and both master’s and doctoral degrees in Computer Science from the University of Maryland, Baltimore County (UMBC). He also serves as an adjunct faculty member at UMBC where he teaches courses in security and computer networking.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
