Skip to main content
SpringerLink
Log in

Performance Evaluations of Cryptographic Protocols Verification Tools Dealing with Algebraic Properties

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9482))

Included in the following conference series:

Abstract

There exist several automatic verification tools of cryptographic protocols, but only few of them are able to check protocols in presence of algebraic properties. Most of these tools are dealing either with Exclusive-Or (XOR) and exponentiation properties, so-called Diffie-Hellman (DH). In the last few years, the number of these tools increased and some existing tools have been updated. Our aim is to compare their performances by analysing a selection of cryptographic protocols using XOR and DH. We compare execution time and memory consumption for different versions of the following tools OFMC, CL-Atse, Scyther, Tamarin, TA4SP, and extensions of ProVerif (XOR-ProVerif and DH-ProVerif ). Our evaluation shows that in most of the cases the new versions of the tools are faster but consume more memory. We also show how the new tools: Tamarin, Scyther and TA4SP, can be compared to previous ones. We also discover and understand for the protocol IKEv2-DS a difference of modelling by the authors of different tools, which leads to different security results. Finally, for Exclusive-Or and Diffie-Hellman properties, we construct two families of protocols Pxor\(_i\) and Pdh\(_i\) that allow us to clearly see for the first time the impact of the number of operators and variables in the tools’ performances.

P. Lafourcade—This research was conducted with the support of the “Digital trust” Chair from the University of Auvergne Foundation.

M. Puys—This work has been partially supported by the LabEx PERSYVAL-Lab (ANR–11-LABX-0025).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.avispa-project.org/.

  2. 2.

    http://webloria.loria.fr/equipes/cassis/softwares/AtSe/.

  3. 3.

    http://www.imm.dtu.dk/~samo/.

  4. 4.

    http://www.univ-orleans.fr/lifo/membres/Yohan.Boichut/ta4sp.html.

  5. 5.

    http://prosecco.gforge.inria.fr/personal/bblanche/proverif/.

  6. 6.

    https://www.cs.ox.ac.uk/people/cas.cremers/scyther/.

  7. 7.

    http://www.infsec.ethz.ch/research/software/tamarin.html.

  8. 8.

    http://maude.cs.uiuc.edu/download/.

  9. 9.

    http://linux.die.net/man/1/time.

  10. 10.

    http://linux.die.net/man/1/timeout.

  11. 11.

    http://www.avispa-project.org/library/IKEv2-DS.html.

  12. 12.

    http://www.avispa-project.org/library/IKEv2-DSx.html.

References

  1. IEEE 802.11 Local Metropolitan Area Networks: Wireless LAN Medium Acess Control (MAC) and Physical (PHY) Specifications (1999)

    Google Scholar 

  2. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  3. Armando, A., Basin, D., Bouallagui, M., Chevalier, Y., Compagna, L., Mödersheim, S., Rusinowitch, M., Turuani, M., Viganò, L., Vigneron, L.: The AVISS security protocol analysis tool. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 349–353. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  4. Armando, A., Compagna, L.: An optimized intruder model for SAT-based model-checking of security protocols. In: Armando, A., Viganò, L. (eds.) ENTCS, vol. 125, pp. 91–108. Elsevier Science Publishers, March 2005

    Google Scholar 

  5. Ateniese, G., Steiner, M., Tsudik, G.: New multiparty authentication services and key agreement protocols. IEEE J. Sel. Areas Commun. 18(4), 628–639 (2000)

    Article  Google Scholar 

  6. Baigneres, T., Junod, P., Lu, Y., Monnerat, J., Vaudenay, S.: A Classical Introduction to Cryptography Exercise Book, 1st edn. Springer Publishing Company, Berlin (2010). Incorporated

    Google Scholar 

  7. Basin, D., Mödersheim, S., Viganò, L.: An on-the-fly model-checker for security protocol analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Basin, D.A., Mödersheim, S., Viganò, L.: OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3), 181–208 (2005)

    Article  Google Scholar 

  9. Bellovin, S.M., Miller, F.: Inventor of the one-time pad. Cryptologia 35(3), 203–222 (2011). An earlier version is available as technical report CUCS-009-11

    Google Scholar 

  10. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of CSFW 2001, pp. 82–96. IEEE Computer Society Press (2001)

    Google Scholar 

  11. Blanchet, B.: Cryptographic Protocol Verifier User Manual (2004)

    Google Scholar 

  12. Boichut, Y., Héam, P.-C., Kouchnarenko, O.: TA4SP, 2004. Produit logiciel. TA4SP est un outil de validation de protocoles de sécurité. Grâce à une technique d’approximation appliquée sur le problème d’atteignabilité en réécriture, TA4SP peut prouver qu’une propriété de secret est inviolée pour un nombre de sessions non-borné en sur-approximant la connaissance atteignable de l’intrus. L’outil peut également montrer qu’une propriété est violée en sous-approximant la connaissance de l’intrus. Une démo de l’outil est disponible à l’adresse : http://lifc.univ-fcomte.fr/~boichut/outil/ta4sp.php

  13. Boichut, Y., Héam, P.-C., Kouchnarenko, O., Oehl, F.: Improvements on the Genet and Klay technique to automatically verify security protocols. In: Proceedings of AVIS 2004, April 2004

    Google Scholar 

  14. Boreale, M., Buscemi, M.G.: Experimenting with sta, a tool for automatic analysis of security protocols. In: Proceedings of the ACM Symposium on Applied Computing, SAC 2002, pp. 281–285. New York, NY, USA, ACM (2002)

    Google Scholar 

  15. Boyd, C., Mao, W.: On a limitation of BAN logic. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 240–247. Springer, Heidelberg (1994)

    Google Scholar 

  16. Bozga, L., Lakhnech, Y., Périn, M.: HERMES: an automatic tool for verification of secrecy in security protocols. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 219–222. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  17. Bull, J., Otway, D.J.: The authentication protocol. Technical report DRA/CIS3/PROJ/CORBA/SC/1/CSM/436-04/03, Defence Research Agency (1997)

    Google Scholar 

  18. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)

    Article  Google Scholar 

  19. Cervesato, I.: The dolev-yao intruder is the most powerful attacker. In: Proceedings of the Sixteenth Annual Symposium on Logic in Computer Science — LICS 2001, pp. 16–19. IEEE Computer Society Press, Short (2001)

    Google Scholar 

  20. Cheminod, M., Bertolotti, I.C., Durante, L., Sisto, R., Valenzano, A.: Experimental comparison of automatic tools for the formal analysis of cryptographic protocols. In: DepCoS-RELCOMEX 2007, pp. 153–160, Szklarska Poreba, Poland. IEEE Computer Society, 14–16 June 2007

    Google Scholar 

  21. Chen, X., van Deursen, T., Pang, J.: Improving automatic verification of security protocols with XOR. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 107–126. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  22. Corin, R., Etalle, S.: An improved constraint-based system for the verification of security protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, p. 326. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  23. Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. J. Comput. Secur. 14(1), 1–43 (2006)

    Google Scholar 

  24. Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  25. Cremers, C.: Key exchange in IPsec revisited: formal analysis of IKEv1 and IKEv2. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 315–334. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  26. Cremers, C.J.F., Lafourcade, P., Nadeau, P.: Comparing state spaces in automatic security protocol analysis. In: Cortier, V., Kirchner, C., Okada, M., Sakurada, H. (eds.) Formal to Practical Security. LNCS, vol. 5458, pp. 70–94. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  27. Dalal, N., Shah, J., Hisaria, K., Jinwala, D.: A comparative analysis of tools for verification of security protocols. IJCNS 3(10), 779–787 (2010)

    Article  Google Scholar 

  28. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Soc. 22(6), 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  29. Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the 22Nd Annual Symposium on Foundations of Computer Science, SFCS 1981, pp. 350–357, Washington, DC, USA. IEEE Computer Society (1981)

    Google Scholar 

  30. Durante, L., Sisto, R., Valenzano, A.: Automatic testing equivalence verification of spi calculus specifications. ACM Trans. Softw. Eng. Methodol. 12(2), 222–284 (2003)

    Article  Google Scholar 

  31. Clavel, M., Eker, S., Lincoln, P., Meseguer, J.: Principles of maude. Electron. Notes Theoret. Comput. Sci. 4, 65–89 (1996)

    Article  Google Scholar 

  32. Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  33. Gong, L.: Using one-way functions for authentication. SIGCOMM Comput. Commun. 19(5), 8–11 (1989)

    Article  Google Scholar 

  34. Horng-Twu, L., Wen-Shenq, J., Chi-Kai, L.: An electronic online bidding auction protocol with both security and efficiency. Appl. Math. Comput. 174, 1487–1497 (2008)

    Google Scholar 

  35. Hussain, M., Seret, D.: A comparative study of security protocols validation tools: HERMES vs. AVISPA. In: Proceedings of ICACT 2006, vol. 1, pp. 303–308 (2006)

    Google Scholar 

  36. Kaufman, C.: Internet key exchange protocol version 2 (IKEv2). IETF RFC 4306, December 2005

    Google Scholar 

  37. Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., Kivinen, T.: Internet key exchange protocol version 2 (IKEv2). IETF RFC 7296, October 2014

    Google Scholar 

  38. Küsters, R., Truderung, T.: Reducing protocol analysis with xor to the xor-free case in the horn theory based approach. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM Conference on Computer and Communications Security, pp. 129–138. ACM (2008)

    Google Scholar 

  39. Küsters, R., Truderung, T.: Using ProVerif to analyze protocols with Diffie-Hellman exponentiation. In: Proceedings of the 22nd Computer Security Foundations Symposium (CSF), pp. 157–171. IEEE Computer Society (2009)

    Google Scholar 

  40. Lafourcade, P., Terrade, V., Vigier, S.: Comparison of cryptographic verification tools dealing with algebraic properties. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 173–185. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  41. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  42. Lowe, G.: Casper: a compiler for the analysis of security protocols. J. Comput. Secur. 6(1–2), 53–84 (1998)

    Google Scholar 

  43. Lowe, G., Roscoe, A.W.: Using CSP to detect errors in the TMN protocol. IEEE Trans. Softw. Eng. 23(10), 659–669 (1997)

    Article  Google Scholar 

  44. Lowe, G., Roscoe, B.: Using CSP to detect errors in the TMN protocol. IEEE Trans. Softw. Eng. 23(10), 659–669 (1997)

    Article  Google Scholar 

  45. Meadows, C.A.: Analyzing the Needham-Schroeder public key protocol: a comparison of two approaches. In: Martella, G., Kurth, H., Montolivo, E., Bertino, Elisa (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 351–364. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  46. Meadows, C.: Language generation and verification in the NRL protocol analyzer. In: Proceedings of CSFW 1996, pp. 48–62. IEEE Computer Society Press (1996)

    Google Scholar 

  47. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  48. Mitchell, J., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using Murphi. In: IEEE Symposium on Security and Privacy, May 1997

    Google Scholar 

  49. Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. IEEE Trans. Softw. Eng. 21(12), 993–999 (1978)

    MATH  Google Scholar 

  50. Patel, R., Borisaniya, B., Patel, A., Patel, D., Rajarajan, M., Zisman, A.: Comparative analysis of formal model checking tools for security protocol verification. In: Meghanathan, N., Boumerdassi, S., Chaki, N., Nagamalai, D. (eds.) CNSA 2010. CCIS, vol. 89, pp. 152–163. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  51. Puys, M., Lafourcade, P.: Protocol tool comparison test archive. http://www-verimag.imag.fr/~puys/assets/files/LP15_sources.tar.gz

  52. Roscoe, A.W.: Model-Checking CSP. Prentice Hall, Upper Saddle River (1994)

    Google Scholar 

  53. Roscoe, A.W.: Modelling and verifying key-exchange protocols using CSP and FDR. In: IEEE Symposium on Foundations of Secure Systems (1995)

    Google Scholar 

  54. Ryan, P.Y.A., Schneider, S.A.: An attack on a recursive authentication protocol. a cautionary tale. IEEE Trans. Softw. Eng. 65(1), 7–10 (1998)

    Google Scholar 

  55. Schmidt, B., Meier, S., Cremers, C., Basin, D.: Automated analysis of Diffie-Hellman protocols and advanced security properties. In: Computer Security Foundations Symposium (CSF), 2012 IEEE 25th, pp. 78–94, June 2012

    Google Scholar 

  56. Schneier, B.: Applied Cryptography, 2nd edn. Wiley, Hoboken (1996)

    Google Scholar 

  57. Song, D., Berezin, S., Perrig, A.: Athena: a novel approach to efficient automatic security protocol analysis. IEEE Trans. Softw. Eng. 9(1/2), 47–74 (2001)

    Google Scholar 

  58. Tatebayashi, M., Matsuzaki, N., Newman Jr., D.B.: Key distribution protocol for digital mobile communication systems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 324–334. Springer, Heidelberg (1990)

    Google Scholar 

  59. Turuani, M.: The CL-Atse protocol analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  60. Vaudenay, S.: A Classical Introduction to Cryptography: Applications for Communications Security. Springer-Verlag New York, Inc., Secaucus, NJ, USA (2005). ISBN: 0387254641, 9780387254647

    Google Scholar 

  61. Viganò, L.: Automated security protocol analysis with the AVISPA tool. ENTCS 155, 61–86 (2006)

    Google Scholar 

  62. Ylonen, T., Lonvick, C.: The secure shell (SSH) transport layer protocol. IETF RFC 4253, January 2006

    Google Scholar 

Download references

Acknowledgments

We deeply thank all the tools authors for their helpful advises.

Author information

Authors and Affiliations

  1. University Clermont Auvergne, LIMOS, 63000, Clermont-Ferrand, France

    Pascal Lafourcade

  2. Université Grenoble Alpes, VERIMAG, 38000, Grenoble, France

    Maxime Puys

  3. CNRS, VERIMAG, 38000, Grenoble, France

    Pascal Lafourcade & Maxime Puys

Authors
  1. Pascal Lafourcade
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maxime Puys
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maxime Puys .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  2. School of Computer Science, Carleton University, Ottawa, Ontario, Canada

    Evangelos Kranakis

  3. École des Mines de Nancy, Université de Lorraine, Nancy Cedex, France

    Guillaume Bonfante

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Lafourcade, P., Puys, M. (2016). Performance Evaluations of Cryptographic Protocols Verification Tools Dealing with Algebraic Properties. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds) Foundations and Practice of Security. FPS 2015. Lecture Notes in Computer Science(), vol 9482. Springer, Cham. https://doi.org/10.1007/978-3-319-30303-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30303-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30302-4

  • Online ISBN: 978-3-319-30303-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation