We develop the first methodology to systematically discover attacks on security protocols that exploit weaknesses in widely deployed hash functions. We achieve this by revisiting the gap between theoretical properties of hash functions and the weaknesses of real-world hash functions, from which we develop a lattice of threat models. For all of these threat models, we develop fine-grained symbolic models.
Our methodology's fine-grained models cannot be directly encoded in existing state-of-the-art analysis tools by just using their equational reasoning. We therefore develop extensions for the two leading tools, Tamarin and ProVerif. In extensive case studies using our methodology, the extended tools rediscover all attacks that were previously reported for these protocols and discover several new variants.
@INPROCEEDINGS{ChevaletalUsenix23, ADDRESS = {Anaheim, CA, USA}, AUTHOR = {Cheval, Vincent and Cremers, Cas and Dax, Alexander and Hirschi, Lucca and Jacomme, Charlie and Kremer, Steve}, BOOKTITLE = {32nd USENIX Security Symposium ({USENIX} Security'23)}, MONTH = AUG, PUBLISHER = {{USENIX} Association}, TITLE = {Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses}, YEAR = 2023, ACRONYM = {{USENIX} Security'23}, NMONTH = 8 }