Abstract
In this paper, we develop an inductive approach to strand spaces, by introducing an inductive definition for bundles. This definition provides us not only a constructive illustration for bundles, but also an effective and rigorous technique of rule induction to reason about properties of bundles. With this induction principle, we can prove that our bundle model is sound in the sense that a bundle is a causally well-founded graph. This approach also gives an alternative to rigorously prove a generalized version of authentication tests. To illustrate the applicability of our approach, we have performed case studies on verification of secrecy and authentication properties of the Needham–Schroeder–Lowe and Otway–Rees protocols. Our approach has been mechanized using Isabelle/HOL.
Similar content being viewed by others
References
Burrows M, Abadi M, Needham RM (1990) A logic of authentication. ACM Trans Comput Syst 8(1): 18–36
Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(12): 198–208
Furqan Z, Muhammad S, Guha RK (2006) Formal verification of 802.11i using strand space formalism. In: Proceedings conference on networking and conference on mobile communications and learning technologies. IEEE Computer Society, p 140
Guttman JD, Javier Thayer F (2001) Authentication tests. In: Proceedings of 12th IEEE symposium on security and privacy. IEEE Computer Society, pp 96–109
Guttman JD, Javier Thayer F (2002) Authentication tests and the structure of bundles. Theor Comput Sci 283(2): 333–380
Guttman JD (2002) Security protocol design via authentication tests. In: Proceedings of 15th IEEE computer security foundations workshop. IEEE Computer Society, pp 92–103
Jacobs B, Hasuo I (2009) Semantics and logic for security protocols. J Comput Secur 17(6): 909–940
Javier Thayer F, Herzog F, Guttman JD (1998) Strand spaces: why is a security protocol correct? In: Proceedings of 19th IEEE symposium on security and privacy. IEEE Computer Society, pp 96–109
Javier Thayer F, Herzog JC, Guttman JD (1999) Strand spaces: proving security protocols correct. J Comput Secur 7(1): 191–230
Kamil A, Lowe G (2010) Specifying and modelling secure channels in strand spaces. In: Proceedings of 6th workshop on formal aspects in security and trust. Lecture notes in computer science, vol 5983. Springer, Berlin, pp 233–247
Li Y (2005) The inductive approach to strand space. In: Proceedings of 25th IFIP conference on formal techniques for networked and distributed systems. Lecture notes in computer science, vol 3731. Springer, Berlin, pp 547–552
Li Y (2008) Strand spaces and security protocols. http://lcs.ios.ac.cn/~lyj238/strand.html.
Lowe G (1996) Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Proceedings of 2nd conference on tools and algorithms for the construction and analysis of systems. Lecture notes in computer science, vol 1055. Springer, Berlin, pp 147–166
Lowe G (1996) Some new attacks upon security protocols. In: Proceedings of 9th IEEE computer security foundations workshop. IEEE Computer Society, pp 162–169
Li Y, Pang J (2006) Generalized unsolicited tests for authentication protocol analysis. In: Proceedings of 7th conference on parallel and distributed computing, applications and technologies. IEEE Computer Society, pp 509–514
Li Y, Pang J (2007) Extending the strand space method to verify Kerberos v. In: Proceedings of 8th conference on parallel and distributed computing, applications and technologies. IEEE Computer Society, pp 437–444
Meadows C (1999) Analysis of the internet key exchange protocol using the NRL protocol analyzer. In: Proceedings of 12th IEEE computer security foundations workshop. IEEE Computer Society, pp 216–231
Millen JK (1995) The interrogator model. In: Proceedings of 16th IEEE symposium on security and privacy. IEEE Computer Society, pp 251–260
Mitchell JC, Mitchell JC, Stern U (1997) Automated analysis of cryptographic protocols using Murphi. In: Proceedings of 18th symposium on security and privacy. IEEE Computer Society, pp 141–153
Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL—a proof assistant for higher-order logic. LNCS, vol 2283. Springer, Berlin
Otway D, Rees O (1987) Efficient and timely mutual authentication. Oper Syst Rev 27(2): 10–14
Owre S, Rushby JM, Shankar N (1992) PVS: a prototype verification system. In: Proceedings of 11th conference on automated deduction. Lecture notes in artificial intelligence, vol 607. Springer, Berlin, pp 748–752
Paulson LC (1996) ML for the working programmer. University of Cambridge Press
Paulson LC (1997) Proving properties of security protocols by induction. In: Proceedings of 10th IEEE computer security foundations workshop. IEEE Computer Society, pp 70–83
Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Secur 6(1–2): 85–128
Perrig A, Song DX (2000) Looking for diamonds in the desert: extending automatic protocol generation to three-party authentication and key agreement protocols. In: Proceedings of 13th IEEE computer security foundations workshop. IEEE Computer Society, pp 64–76
Schneider S (1997) Verifying authentication protocols with CSP. In: Proceedings of 10th IEEE computer security foundations workshop. IEEE Computer Society, pp 3–17
Sharp R, Hansen MR (2007) Timed traces and strand spaces. In: Proceedings of 2nd symposium on computer science in Russia. Lecture notes in computer science, vol 4649. Springer, Berlin, pp 373–386
Song DX (1999) Athena: a new efficient automated checker for security protocol analysis. In: Proceedings of 12th IEEE computer security foundations workshop. IEEE Computer Society, pp 192–202
Wenzel M (1999) Isar—a generic interpretative approach to readable formal proof documents. In: Proceedings of 12th conference on theorem proving in higher order logics. Lecture notes in computer science, vol 1690. Springer, Berlin, pp 167–184
Wang H, Zhang Y, Li Y (2005) Modeling for security verification of a cryptographic protocol with MAC payload. In: Proceedings of international conference on intelligent computing. Lecture notes in computer science, vol 3645. Springer, Berlin, pp 538–547
Author information
Authors and Affiliations
Corresponding author
Additional information
Dong Jin Song and Jim Woodcock
Rights and permissions
About this article
Cite this article
Li, Y., Pang, J. An inductive approach to strand spaces. Form Asp Comp 25, 465–501 (2013). https://doi.org/10.1007/s00165-011-0187-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-011-0187-2