Enhancing the Security of Protocols against Actor Key Compromise Problems
This addresses security vulnerabilities in protocols like PKMv2RSA and Kerberos for software engineers and system designers, but it is incremental as it builds on existing AKC research.
The paper tackled the problem of actor key compromise (AKC) in security protocols by analyzing attack types, defining formal properties, and providing solutions to enhance security, with case studies on PKMv2RSA and Kerberos showing vulnerabilities and proposed fixes.
Security of complex systems is an important issue in software engineering. For complex computer systems involving many actors, security protocols are often used for the communication of sensitive data. Actor key compromise (AKC) denotes a situation where the long-term secret key of an actor may be known to an adversary for some reasons. Many protocols are not secure enough for ensuring security in such a situation. In this paper, we further study this problem by looking at potential types of attacks, defining their formal properties and providing solutions to enhance the level of security. As case studies, we analyze the vulnerabilities (with respect to potential AKC attacks) of practical protocols, including PKMv2RSA and Kerberos, and provide solutions to enhance the level of security of such protocols.