Abstract
We explore the applicability of the programming method of Feijen and van Gasteren to the domain of security protocols. This method addresses the derivation of concurrent programs from a formal specification, and it is based on common notions like invariants and pre- and post-conditions. We show that fundamental security concepts like secrecy and authentication can nicely be specified in this way. Using some small extensions, the style of formal reasoning from this method can be applied to the security domain. To demonstrate our approach, we discuss an authentication protocol and a public-key distribution protocol, and we deal with their composition. By focussing on a general setting where agents run the protocols multiple times, the nonce concept turns out to pop-up naturally. Although this work does not contain any new protocols, it does offer a new view on reasoning about security protocols.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Alves-Foss J, Soule T (1997) A weakest precondition calculus for analysis of cryptographic protocols. In: Proceedings of the DIMACS workshop on design and formal verification of security protocols
Abadi M, Gordon AD (1999) A calculus for cryptographic protocols: The spi calculus. Inform Comput 148(1): 1–70
Abadi M, Needham R (1996) Prudent engineering practice for cryptographic protocols. IEEE Trans Softw Eng 22(1): 6–15
Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8: 18–36
Bird R, Gopal I, Herzberg A, Janson P, Kutten S, Molva R, Yung M (1993) Systematic design of a family of attack-resistant authentication protocols. IEEE J Sel Areas Commun 11(5): 679–693
Boyd C, Mathuria A (2003) Protocols for authentication and key establishment. Springer, Berlin
Buttyán L (1999) Formal methods in the design of cryptographic protocols (state of the art). Technical report SCC/1999/38, Swiss Federal Institute of Technology (EPFL)
Butler MJ (2002) On the use of data refinement in the development of secure communication systems. Formal Aspects Comput 14(1): 2–34
Clark J, Jacob J (1997) A survey of authentication protocol literature. Technical report, Department of Computer Science, University of York
Clarke EM, Jha S, Marrero WR (1998) Using state space exploration and a natural deduction style message derivation engine to verify security protocols. In: Gries D, de Roever WP (eds) Proceedings of the IFIP working conference on programming concepts and methods. Chapman & Hall, London, pp 87–106
Cremers CJF, Mauw S (2006) Generalizing Needham–Schroeder–Lowe for multi-party authentication. Computer Science Report 06-04, Technische Universiteit Eindhoven
Datta A, Derek A, Mitchell JC, Pavlovic D (2005) A derivation system and compositional logic for security protocols. J Comput Secur 13: 423–482
Dongol B, Goldson D (2006) Extending the theory of Owicki and Gries with a logic of progress. Log Methods Comput Sci 2(1): 1–25
Dijkstra EW (1976) A discipline of programming. Prentice-Hall, Englewood Cliffs
Dongol B, Mooij AJ (2006) Progress in deriving concurrent programs: emphasizing the role of stable guards. In: Uustalu T (ed) Proceedings of the conference on mathematics of program construction. Lecture notes in computer science, vol 4014. Springer, Berlin, pp 140–161
Dongol B, Mooij AJ (2008) Streamlining progress-based derivations of concurrent programs. Formal Aspects Comput 20(2): 141–160
Denning DO, Maria Sacco G (1981) Timestamps in key distribution protocols. Commun ACM 24(8): 533–536
Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inform Theory 29(12): 198–208
Fidge CJ (2001) A survey of verification techniques for security protocols. Technical Report 01-22, Software Verification Research Centre, The University of Queensland
Feijen WHJ, van Gasteren AJM (1999) On a method of multiprogramming. Springer, Berlin
Feijen WHJ, van Gasteren AJM, Schieder B (1998) An elementary derivation of the alternating bit protocol. In: Jeuring J (ed) Proceedings of the conference on mathematics of program construction. Lecture notes in computer science, vol 1422. Springer, Berlin, pp 175–187
Hoogerwoord RR (2006) A formal derivation of a sliding window protocol. Computer Science Report 06-31, Technische Universiteit Eindhoven
Lowe G (1996) Breaking and fixing the Needham–Schroeder public-key protocol using FDR. In: Margaria T, Steffen B (eds) Proceedings of the conference on tools and algorithms for the construction and analysis of systems. Lecture notes in computer science, vol 1055. Springer, Berlin, pp 147–166
Lowe G (1997) A hierarchy of authentication specifications. In: Proceedings of the computer security foundations workshop. IEEE Computer Society, New York, pp 31–44
Meadows C (2000) Invariant generation techniques in cryptographic protocol analysis. In: Proceedings of the computer security foundations workshop. IEEE Computer Society, New York, pp 159–167
Mooij AJ (2006) Constructive formal methods and protocol standardization. Ph.D. thesis, Technische Universiteit Eindhoven
Mooij AJ (2008) Constructing and reasoning about security protocols using invariants. In: Boiten E, Derrick J, Smith G (eds) Proceedings of the international refinement workshop (REFINE 2007). ENTCS, vol 201. Elsevier, Amsterdam, pp 99–126
Mooij AJ, Wesselink JW (2005) Incremental verification of Owicki/Gries proof outlines using PVS. In: Lau K-K, Banach R (eds) Proceedings of the conference on formal engineering methods. Lecture notes in computer science, vol 3785. Springer, Berlin, pp 390–404
Needham R, Schroeder M (1978) Using encryption for authentication in large networks of computers. Commun ACM 21(12): 993–999
Owicki S, Gries D (1976) An axiomatic proof technique for parallel programs I. Acta Inform 6: 319–340
Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Secur 6(1–2): 85–128
Perrig A, Song D (2000) A first step towards the automatic generation of security protocols. In: Proceedings of the network and distributed system security symposium. The Internet Society
Romijn JMT, Wesselink JW, Mooij AJ (2007) Assertion-based proof checking of Chang–Roberts leader election in PVS. In: Namjoshi KS (ed) Proceedings of the international symposium on automated technology for verification and analysis. Lecture notes in computer science, vol 4762. Springer, Berlin, pp 347–361
Ryan P, Zakiuddin I (1997) Modelling and analysis of security protocols. In: Proceedings of the DIMACS workshop on design and formal verification of security protocols
Schneider S (1997) Verifying authentication protocols with CSP. In: Proceedings of the computer security foundations workshop. IEEE Computer Society, New York, pp 3–17
Thayer Fábrega FJ, Herzog JC, Guttman JD (1999) Strand spaces: proving security protocols correct. J Comput Secur 7(1): 191–230
Acknowledgements
The author thanks the anonymous reviewers for their insightful comments.
Open Access
This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
Author information
Authors and Affiliations
Corresponding author
Additional information
E.A. Boiten, M.J. Butler, J. Derrick and G. Smith
This research has mainly been performed at the School of Computer Science, The University of Nottingham, UK.
Rights and permissions
Open Access This is an open access article distributed under the terms of the Creative Commons Attribution Noncommercial License (https://creativecommons.org/licenses/by-nc/2.0), which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
About this article
Cite this article
Mooij, A.J. Invariant-based reasoning about parameterized security protocols. Form Asp Comp 22, 63–81 (2010). https://doi.org/10.1007/s00165-009-0104-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-009-0104-0