Protocol Interactions and the Chosen Protocol Attack

J. Kelsey, B. Schneier, and D. Wagner

Security Protocols, 5th International Workshop April 1997 Proceedings, Springer-Verlag, 1998, pp. 91-104.

ABSTRACT: There are many cases in the literature in which reuse of the same key material for different functions can open up security holes. In this paper, we discuss such interactions between protocols, and present a new attack, called the chosen protocol attack, in which an attacker may write a new protocol using the same key material as a target protocol, which is individually very strong, but which interacts with the target protocol in a security-relevant way. We finish with a brief discussion of design principles to resist this class of attack.

[full text - postscript] [full text - PDF (Acrobat)]

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..