Abstract
We present an algorithm for the analysis of security protocols with respect to various security properties. We address design choices and efficiency considerations. Finally, we address the verification of injective synchronisation and prove that under certain conditions on their structure, synchronising protocols satisfy injectivity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that it is possible to bind a term to an event of a run, where the run identifier already occurs in the pattern, but the event does not, because the pattern contains a partial run. We handle this case implicitly under the DeEx case by considering all possible extensions of the partial runs in the pattern.
- 2.
This seems to suggest a correlation between the number of roles in the protocol and the runs involved in the attacks. In general, the undecidability of the problem [77] implies that there is no such bound for all protocols, but maybe it is possible to establish a tight lower bound for decidable subclasses [156].
- 3.
Note that, because the algorithm uses an iterative depth-first search, it uses a negligible amount of RAM.
References
A. Armando, L. Compagna, SAT-based model checking for security protocols analysis. Int. J. Inf. Secur. 7(1), 3–32 (2008)
D.A. Basin, C.J.F. Cremers, Degrees of security: protocol guarantees in the face of compromising adversaries, in Computer Science Logic, 24th International Workshop (CSL’10), Brno, Czech Republic. Lecture Notes in Computer Science, vol. 6247 (Springer, Berlin, 2010), pp. 1–18
D.A. Basin, C.J.F. Cremers, Modeling and analyzing security in the presence of compromising adversaries, in 15th European Symposium on Research in Computer Security (ESORICS’10), Athens, Greece. Lecture Notes in Computer Science, vol. 6345 (Springer, Berlin, 2010), pp. 340–356
D.A. Basin, C.J.F. Cremers, S. Meier, Provably repairing the ISO/IEC 9798 standard for entity authentication, in 1st International Conference on Principles of Security and Trust (POST’12), ed. by P. Degano, J.D. Guttman, Tallinn, Estonia. Lecture Notes in Computer Science, vol. 7215 (Springer, Berlin, 2012), pp. 129–148
D.A. Basin, S. Mödersheim, L. Viganò, OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3), 181–208 (2005)
C.J.F. Cremers, The Scyther tool: automatic verification of security protocols. http://people.inf.ethz.ch/cremersc/scyther/index.html (accessed 18 Sept 2012)
C.J.F. Cremers, The Scyther tool: verification, falsification, and analysis of security protocols, in 20th International Conference on Computer Aided Verification (CAV’08), ed. by A. Gupta, S. Malik, Princeton, USA. Lecture Notes in Computer Science, vol. 5123 (Springer, Berlin, 2008), pp. 414–418
C.J.F. Cremers, Session-state reveal is stronger than eCK’s ephemeral key reveal: using automatic analysis to attack the NAXOS protocol. Int. J. Appl. Cryptogr. 2(2), 83–99 (2010)
C.J.F. Cremers, Key exchange in IPsec revisited: formal analysis of IKEv1 and IKEv2, in 16th European Symposium on Research in Computer Security (ESORICS’11), ed. by V. Atluri, C. Díaz, Leuven, Belgium. Lecture Notes in Computer Science, vol. 6879 (Springer, Berlin, 2011), pp. 315–334
S.F. Doghmi, J.D. Guttman, F.J. Thayer, Skeletons, homomorphisms, and shapes: characterizing protocol executions, in 23rd Conference on the Mathematical Foundations of Programming Semantics (MFPS XXIII), New Orleans, USA. Electronic Notes in Theoretical Computer Science, vol. 173 (Elsevier, Amsterdam, 2007), pp. 85–102
N.A. Durgin, P.D. Lincoln, J.C. Mitchell, A. Scedrov, Undecidability of bounded security protocols, in Formal Methods and Security Protocols (FMSP’99), Trento, Italy (1999)
T. Genet, F. Klay, Rewriting for cryptographic protocol verification, in 17th International Conference on Automated Deduction (CADE’00), ed. by D.A. McAllester, Pittsburgh, USA. Lecture Notes in Artificial Intelligence, vol. 1831 (Springer, Berlin, 2000), pp. 271–290
FET Open Project IST-2001-39252. AVISPA: automated validation of internet security protocols and applications. http://www.avispa-project.org/ (accessed 18 Sept 2012)
G.L. Lowe, Casper: a compiler for the analysis of security protocols, in 10th IEEE Computer Security Foundations Workshop (CSFW’97), Rockport, USA (IEEE Computer Society, Los Alamitos, 1997), pp. 18–30
G. Lowe, A hierarchy of authentication specifications, in 10th IEEE Computer Security Foundations Workshop (CSFW’97), Rockport, USA (IEEE Computer Society, Los Alamitos, 1997), pp. 31–44
J.K. Millen, A necessarily parallel attack, in FLOC Workshop on Formal Methods and Security Protocols (FMSP’99), ed. by N. Heintze, E. Clarke, Trento, Italy (1999)
L.C. Paulson, Inductive analysis of the Internet protocol TLS. ACM Trans. Inf. Syst. Secur. 2(3), 332–351 (1999)
M. Rusinowitch, M. Turuani, Protocol insecurity with a finite number of sessions and composed keys is NP-complete. Theor. Comput. Sci. 299(1–3), 451–475 (2003)
P.Y.A. Ryan, S. Schneider, Modelling and Analysis of Security Protocols: The CSP Approach (Addison-Wesley, Reading, 2001)
Security Protocols Open Repository (SPORE). http://www.lsv.ens-cachan.fr/spore (accessed 18 Sept 2012)
F.J. Thayer, J.C. Herzog, J.D. Guttman, Strand Spaces: proving security protocols correct. J. Comput. Secur. 7(2–3), 191–230 (1999)
F.L. Tiplea, C. Enea, C.V. Birjoveneanu, Decidability and complexity results for security protocols, in Verification of Infinite-State Systems with Applications to Security (VISSAS’05), ed. by E.M. Clarke, M. Minea, F.L. Tiplea, Timisoara, Romania. NATO Security Through Science Series D: Information and Communication Security, vol. 1 (IOS Press, Lansdale, 2006), pp. 185–211
M. Turuani, The CL-Atse protocol analyser, in 17th International Conference on Rewriting Techniques and Applications (RTA’06), ed. by F. Pfenning, Seattle, USA. Lecture Notes in Computer Science, vol. 4098 (Springer, Berlin, 2006), pp. 227–286
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Cremers, C., Mauw, S. (2012). Verification. In: Operational Semantics and Verification of Security Protocols. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78636-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-78636-8_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78635-1
Online ISBN: 978-3-540-78636-8
eBook Packages: Computer ScienceComputer Science (R0)