Skip to main content
SpringerLink
Log in

Verification

  • Chapter
Operational Semantics and Verification of Security Protocols

Part of the book series: Information Security and Cryptography ((ISC))

Abstract

We present an algorithm for the analysis of security protocols with respect to various security properties. We address design choices and efficiency considerations. Finally, we address the verification of injective synchronisation and prove that under certain conditions on their structure, synchronising protocols satisfy injectivity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.95
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 69.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that it is possible to bind a term to an event of a run, where the run identifier already occurs in the pattern, but the event does not, because the pattern contains a partial run. We handle this case implicitly under the DeEx case by considering all possible extensions of the partial runs in the pattern.

  2. 2.

    This seems to suggest a correlation between the number of roles in the protocol and the runs involved in the attacks. In general, the undecidability of the problem [77] implies that there is no such bound for all protocols, but maybe it is possible to establish a tight lower bound for decidable subclasses [156].

  3. 3.

    Note that, because the algorithm uses an iterative depth-first search, it uses a negligible amount of RAM.

References

  1. A. Armando, L. Compagna, SAT-based model checking for security protocols analysis. Int. J. Inf. Secur. 7(1), 3–32 (2008)

    Article  Google Scholar 

  2. D.A. Basin, C.J.F. Cremers, Degrees of security: protocol guarantees in the face of compromising adversaries, in Computer Science Logic, 24th International Workshop (CSL’10), Brno, Czech Republic. Lecture Notes in Computer Science, vol. 6247 (Springer, Berlin, 2010), pp. 1–18

    Chapter  Google Scholar 

  3. D.A. Basin, C.J.F. Cremers, Modeling and analyzing security in the presence of compromising adversaries, in 15th European Symposium on Research in Computer Security (ESORICS’10), Athens, Greece. Lecture Notes in Computer Science, vol. 6345 (Springer, Berlin, 2010), pp. 340–356

    Google Scholar 

  4. D.A. Basin, C.J.F. Cremers, S. Meier, Provably repairing the ISO/IEC 9798 standard for entity authentication, in 1st International Conference on Principles of Security and Trust (POST’12), ed. by P. Degano, J.D. Guttman, Tallinn, Estonia. Lecture Notes in Computer Science, vol. 7215 (Springer, Berlin, 2012), pp. 129–148

    Google Scholar 

  5. D.A. Basin, S. Mödersheim, L. Viganò, OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3), 181–208 (2005)

    Article  Google Scholar 

  6. C.J.F. Cremers, The Scyther tool: automatic verification of security protocols. http://people.inf.ethz.ch/cremersc/scyther/index.html (accessed 18 Sept 2012)

  7. C.J.F. Cremers, The Scyther tool: verification, falsification, and analysis of security protocols, in 20th International Conference on Computer Aided Verification (CAV’08), ed. by A. Gupta, S. Malik, Princeton, USA. Lecture Notes in Computer Science, vol. 5123 (Springer, Berlin, 2008), pp. 414–418

    Chapter  Google Scholar 

  8. C.J.F. Cremers, Session-state reveal is stronger than eCK’s ephemeral key reveal: using automatic analysis to attack the NAXOS protocol. Int. J. Appl. Cryptogr. 2(2), 83–99 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  9. C.J.F. Cremers, Key exchange in IPsec revisited: formal analysis of IKEv1 and IKEv2, in 16th European Symposium on Research in Computer Security (ESORICS’11), ed. by V. Atluri, C. Díaz, Leuven, Belgium. Lecture Notes in Computer Science, vol. 6879 (Springer, Berlin, 2011), pp. 315–334

    Google Scholar 

  10. S.F. Doghmi, J.D. Guttman, F.J. Thayer, Skeletons, homomorphisms, and shapes: characterizing protocol executions, in 23rd Conference on the Mathematical Foundations of Programming Semantics (MFPS XXIII), New Orleans, USA. Electronic Notes in Theoretical Computer Science, vol. 173 (Elsevier, Amsterdam, 2007), pp. 85–102

    Google Scholar 

  11. N.A. Durgin, P.D. Lincoln, J.C. Mitchell, A. Scedrov, Undecidability of bounded security protocols, in Formal Methods and Security Protocols (FMSP’99), Trento, Italy (1999)

    Google Scholar 

  12. T. Genet, F. Klay, Rewriting for cryptographic protocol verification, in 17th International Conference on Automated Deduction (CADE’00), ed. by D.A. McAllester, Pittsburgh, USA. Lecture Notes in Artificial Intelligence, vol. 1831 (Springer, Berlin, 2000), pp. 271–290

    Google Scholar 

  13. FET Open Project IST-2001-39252. AVISPA: automated validation of internet security protocols and applications. http://www.avispa-project.org/ (accessed 18 Sept 2012)

  14. G.L. Lowe, Casper: a compiler for the analysis of security protocols, in 10th IEEE Computer Security Foundations Workshop (CSFW’97), Rockport, USA (IEEE Computer Society, Los Alamitos, 1997), pp. 18–30

    Chapter  Google Scholar 

  15. G. Lowe, A hierarchy of authentication specifications, in 10th IEEE Computer Security Foundations Workshop (CSFW’97), Rockport, USA (IEEE Computer Society, Los Alamitos, 1997), pp. 31–44

    Chapter  Google Scholar 

  16. J.K. Millen, A necessarily parallel attack, in FLOC Workshop on Formal Methods and Security Protocols (FMSP’99), ed. by N. Heintze, E. Clarke, Trento, Italy (1999)

    Google Scholar 

  17. L.C. Paulson, Inductive analysis of the Internet protocol TLS. ACM Trans. Inf. Syst. Secur. 2(3), 332–351 (1999)

    Article  Google Scholar 

  18. M. Rusinowitch, M. Turuani, Protocol insecurity with a finite number of sessions and composed keys is NP-complete. Theor. Comput. Sci. 299(1–3), 451–475 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  19. P.Y.A. Ryan, S. Schneider, Modelling and Analysis of Security Protocols: The CSP Approach (Addison-Wesley, Reading, 2001)

    Google Scholar 

  20. Security Protocols Open Repository (SPORE). http://www.lsv.ens-cachan.fr/spore (accessed 18 Sept 2012)

  21. F.J. Thayer, J.C. Herzog, J.D. Guttman, Strand Spaces: proving security protocols correct. J. Comput. Secur. 7(2–3), 191–230 (1999)

    Google Scholar 

  22. F.L. Tiplea, C. Enea, C.V. Birjoveneanu, Decidability and complexity results for security protocols, in Verification of Infinite-State Systems with Applications to Security (VISSAS’05), ed. by E.M. Clarke, M. Minea, F.L. Tiplea, Timisoara, Romania. NATO Security Through Science Series D: Information and Communication Security, vol. 1 (IOS Press, Lansdale, 2006), pp. 185–211

    Google Scholar 

  23. M. Turuani, The CL-Atse protocol analyser, in 17th International Conference on Rewriting Techniques and Applications (RTA’06), ed. by F. Pfenning, Seattle, USA. Lecture Notes in Computer Science, vol. 4098 (Springer, Berlin, 2006), pp. 227–286

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, ETH Zürich, Zürich, Switzerland

    Cas Cremers

  2. Computer Science and Communications Research Unit, University of Luxembourg, Luxembourg, Luxembourg

    Sjouke Mauw

Authors
  1. Cas Cremers
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sjouke Mauw
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Cremers, C., Mauw, S. (2012). Verification. In: Operational Semantics and Verification of Security Protocols. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78636-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-78636-8_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-78635-1

  • Online ISBN: 978-3-540-78636-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation