A Formal Methods Analysis of the Session Binding Proxy Protocol

Thumbnail Image

Files

AbouElsaad_umbc_0434M_12540.pdf (1.05 MB)

Links to Files

Permanent Link

http://hdl.handle.net/11603/28461

Collections

UMBC Theses and Dissertations
UMBC Computer Science and Electrical Engineering Department
UMBC Graduate School
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2022-01-01

Type of Work

thesis
Text
application:pdf

Department

Computer Science and Electrical Engineering

Program

Computer Science

Citation of Original Publication

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.
Access limited to the UMBC community. Item may possibly be obtained via Interlibrary Loan thorugh a local library, pending author/copyright holder's permission.

Subjects

cross site scripting
Cryptographic Protocol Shapes Analyzer (CPSA)
formal methods
protocol analysis
Session Binding Proxy (SBP)
session hijacking

Abstract

Proposed by Burgers, Verdult, and Eekelen in 2013, the Session Binding Proxy (SBP) protocol intends to prevent session hijacking by binding the application session to the underlying network session (i.e., binding the session token to the SSL/TLS shared key). We present a formal methods analysis of SBP using the Cryptographic Protocol Shapes Analyzer (CPSA). Our analysis reveals that SBP relies critically on the successful establishment of a secure SSL/TLS channel, which can be undermined using well-known attacks. Also, we find that SBP allows for the partial hijacking of a session using a tailgating attack. In this attack, the adversary uses the server to inject and execute malicious code inside the client’s browser to extract the session token and forge a valid state-changing request to the server. SBP does not neutralize this attack because the request contains a valid session token and that is sent over the client’s existing SSL/TLS channel. The informal security analysis conducted by the originator of SBP failed to consider these attacks. To our knowledge, our work is the first formal methods analysis of SBP.