Skip to main content
SpringerLink
Log in

An inductive approach to strand spaces

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

In this paper, we develop an inductive approach to strand spaces, by introducing an inductive definition for bundles. This definition provides us not only a constructive illustration for bundles, but also an effective and rigorous technique of rule induction to reason about properties of bundles. With this induction principle, we can prove that our bundle model is sound in the sense that a bundle is a causally well-founded graph. This approach also gives an alternative to rigorously prove a generalized version of authentication tests. To illustrate the applicability of our approach, we have performed case studies on verification of secrecy and authentication properties of the Needham–Schroeder–Lowe and Otway–Rees protocols. Our approach has been mechanized using Isabelle/HOL.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Burrows M, Abadi M, Needham RM (1990) A logic of authentication. ACM Trans Comput Syst 8(1): 18–36

    Article  Google Scholar 

  2. Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(12): 198–208

    Article  MathSciNet  MATH  Google Scholar 

  3. Furqan Z, Muhammad S, Guha RK (2006) Formal verification of 802.11i using strand space formalism. In: Proceedings conference on networking and conference on mobile communications and learning technologies. IEEE Computer Society, p 140

  4. Guttman JD, Javier Thayer F (2001) Authentication tests. In: Proceedings of 12th IEEE symposium on security and privacy. IEEE Computer Society, pp 96–109

  5. Guttman JD, Javier Thayer F (2002) Authentication tests and the structure of bundles. Theor Comput Sci 283(2): 333–380

    Article  MATH  Google Scholar 

  6. Guttman JD (2002) Security protocol design via authentication tests. In: Proceedings of 15th IEEE computer security foundations workshop. IEEE Computer Society, pp 92–103

  7. Jacobs B, Hasuo I (2009) Semantics and logic for security protocols. J Comput Secur 17(6): 909–940

    Google Scholar 

  8. Javier Thayer F, Herzog F, Guttman JD (1998) Strand spaces: why is a security protocol correct? In: Proceedings of 19th IEEE symposium on security and privacy. IEEE Computer Society, pp 96–109

  9. Javier Thayer F, Herzog JC, Guttman JD (1999) Strand spaces: proving security protocols correct. J Comput Secur 7(1): 191–230

    Google Scholar 

  10. Kamil A, Lowe G (2010) Specifying and modelling secure channels in strand spaces. In: Proceedings of 6th workshop on formal aspects in security and trust. Lecture notes in computer science, vol 5983. Springer, Berlin, pp 233–247

  11. Li Y (2005) The inductive approach to strand space. In: Proceedings of 25th IFIP conference on formal techniques for networked and distributed systems. Lecture notes in computer science, vol 3731. Springer, Berlin, pp 547–552

  12. Li Y (2008) Strand spaces and security protocols. http://lcs.ios.ac.cn/~lyj238/strand.html.

  13. Lowe G (1996) Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Proceedings of 2nd conference on tools and algorithms for the construction and analysis of systems. Lecture notes in computer science, vol 1055. Springer, Berlin, pp 147–166

  14. Lowe G (1996) Some new attacks upon security protocols. In: Proceedings of 9th IEEE computer security foundations workshop. IEEE Computer Society, pp 162–169

  15. Li Y, Pang J (2006) Generalized unsolicited tests for authentication protocol analysis. In: Proceedings of 7th conference on parallel and distributed computing, applications and technologies. IEEE Computer Society, pp 509–514

  16. Li Y, Pang J (2007) Extending the strand space method to verify Kerberos v. In: Proceedings of 8th conference on parallel and distributed computing, applications and technologies. IEEE Computer Society, pp 437–444

  17. Meadows C (1999) Analysis of the internet key exchange protocol using the NRL protocol analyzer. In: Proceedings of 12th IEEE computer security foundations workshop. IEEE Computer Society, pp 216–231

  18. Millen JK (1995) The interrogator model. In: Proceedings of 16th IEEE symposium on security and privacy. IEEE Computer Society, pp 251–260

  19. Mitchell JC, Mitchell JC, Stern U (1997) Automated analysis of cryptographic protocols using Murphi. In: Proceedings of 18th symposium on security and privacy. IEEE Computer Society, pp 141–153

  20. Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL—a proof assistant for higher-order logic. LNCS, vol 2283. Springer, Berlin

  21. Otway D, Rees O (1987) Efficient and timely mutual authentication. Oper Syst Rev 27(2): 10–14

    Google Scholar 

  22. Owre S, Rushby JM, Shankar N (1992) PVS: a prototype verification system. In: Proceedings of 11th conference on automated deduction. Lecture notes in artificial intelligence, vol 607. Springer, Berlin, pp 748–752

  23. Paulson LC (1996) ML for the working programmer. University of Cambridge Press

  24. Paulson LC (1997) Proving properties of security protocols by induction. In: Proceedings of 10th IEEE computer security foundations workshop. IEEE Computer Society, pp 70–83

  25. Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Secur 6(1–2): 85–128

    Google Scholar 

  26. Perrig A, Song DX (2000) Looking for diamonds in the desert: extending automatic protocol generation to three-party authentication and key agreement protocols. In: Proceedings of 13th IEEE computer security foundations workshop. IEEE Computer Society, pp 64–76

  27. Schneider S (1997) Verifying authentication protocols with CSP. In: Proceedings of 10th IEEE computer security foundations workshop. IEEE Computer Society, pp 3–17

  28. Sharp R, Hansen MR (2007) Timed traces and strand spaces. In: Proceedings of 2nd symposium on computer science in Russia. Lecture notes in computer science, vol 4649. Springer, Berlin, pp 373–386

  29. Song DX (1999) Athena: a new efficient automated checker for security protocol analysis. In: Proceedings of 12th IEEE computer security foundations workshop. IEEE Computer Society, pp 192–202

  30. Wenzel M (1999) Isar—a generic interpretative approach to readable formal proof documents. In: Proceedings of 12th conference on theorem proving in higher order logics. Lecture notes in computer science, vol 1690. Springer, Berlin, pp 167–184

  31. Wang H, Zhang Y, Li Y (2005) Modeling for security verification of a cryptographic protocol with MAC payload. In: Proceedings of international conference on intelligent computing. Lecture notes in computer science, vol 3645. Springer, Berlin, pp 538–547

Download references

Author information

Authors and Affiliations

  1. The State Key Laboratory of Computer Science & The State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, P.O. Box 8717, Beijing, China

    Yongjian Li

  2. Faculté des Sciences de la Technologie et de la Communication, Computer Science and Communications, Université du Luxembourg, Luxembourg, Belgium

    Jun Pang

Authors
  1. Yongjian Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Pang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yongjian Li.

Additional information

Dong Jin Song and Jim Woodcock

Rights and permissions

Reprints and permissions

About this article

Cite this article

Li, Y., Pang, J. An inductive approach to strand spaces. Form Asp Comp 25, 465–501 (2013). https://doi.org/10.1007/s00165-011-0187-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-011-0187-2

Keywords

Search

Navigation