Abstract
Conformity to prudent design principles is an established approach to protocol correctness although it is not free of limitations. We term goal availability a design principle that is often implicitly followed, prescribing protocols to aim at principal-centric goals. Adherence to a design principle is normally established through protocol analysis that is an evaluation of whether a protocol achieves its goals. However, the literature shows that there exists no clear guidance on how to conduct and interpret such an analysis, a process that is only left to the analyzer’s skill and experience. Goal availability has the desirable feature that its supporting protocol analysis can be precisely guided by what becomes a principle of realistic analysis, which we call guarantee availability. It prescribes that the outcome of the analysis, which is the set of guarantees confirming the protocol goals, be practically applicable by the protocol participants. In consequence, the guarantees must be based on assumptions that the principals have the capacity to verify. Our focus then turns entirely to protocol analysis, because an analysis conforming to guarantee availability signifies that the analyzed protocol conforms to goal availability. Existing analysis of (both classical and deployed) protocols has been reconsidered with the aim of studying their conformity to guarantee availability. Some experiments clarify the relationships between goal availability and the existing design principles, with particular reference to explicitness. Other experiments demonstrate that boosting an analysis with guarantee availability generally makes it deeper, unveiling additional protocol niceties that depending on the analyzer’s skills may remain overseen otherwise. In particular, an established claim about a protocol (made using a well-known formal method) can be subverted.
Similar content being viewed by others
References
Abadi, M., Gordon, A.: Reasoning about cryptographic protocols in the spi calculus. In: Mazurkiewicz, A.W., Winkowski, J. (eds.) Proceedings of the 8th International Conference on Concurrency Theory (CONCUR’97), LNCS 1243, pp. 59–73. Springer (1997)
Abadi M., Needham R.M.: Prudent engineering practice for cryptographic protocols. IEEE Trans. Softw. Eng. 22(1), 6–15 (1996)
Abdalla M., Fouque P.A., Pointcheval D.: Password-based authenticated key exchange in the three-party setting. IEE Proc. Inf. Secur. 153(1), 27–39 (2006)
Anderson, R., Needham, R.M.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) Proceedings of Advances in Cryptography (CRYPTO’95), LNCS 963, pp. 236–247. Springer (1995)
Bella, G.: Availability of protocol goals. In: Panda, B. (ed.) Proceedings of the 18th ACM Symposium on Applied Computing (ACM SAC’03), pp. 312–317. ACM Press (2003a)
Bella G.: Inductive verification of smartcard protocols. J. Comput. Secur. 11(1), 87–132 (2003b)
Bella G.: Formal Correctness of Security Protocols. Information Security and Cryptography. Springer, Berlin (2007)
Bella, G., Paulson, L.C.: Kerberos Version IV: inductive analysis of the secrecy goals. In: Quisquater, J.J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) Proceedings of the 5th European Symposium on Research in Computer Security (ESORICS’98), LNCS 1485, pp. 361–375. Springer (1998)
Bella G., Paulson L.C.: Accountability protocols: formalized and verified. ACM Trans. Inf. Syst. Secur. 9(2), 1–24 (2006)
Bella G., Massacci F., Paulson L.C.: Verifying the SET registration protocols. IEEE J. Sel. Areas Commun. 21(1), 77–87 (2003)
Bellare, M., Rogaway, P.: Provably secure session key distribution—the three party case. In: Proceedings of the 27th ACM SIGACT Symposium on Theory of Computing (STOC’95), pp. 57–66. ACM Press (1995)
Brackin, S.: A HOL extension of GNY for automatically cryptographic protocols. In: Proceedings of the 9th IEEE Computer Security Foundations Workshop (CSFW’96), pp. 62–76. IEEE Press (1996)
Burrows M., Abadi M., Needham R.M.: A logic of authentication. Proc. R. Soc. Lond. 426, 233–271 (1989)
Denning D.E., Sacco G.M.: Timestamps in key distribution protocols. Commun. ACM 24(8), 533–536 (1981)
Dolev D., Yao A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 198–208 (1983)
Gollmann, D.: On the verification of cryptographic protocols—a tale of two committees. In: Schneider, S., Ryan, P.Y.A. (eds.) Proceedings of the Workshop on Secure Architectures and Information Flow, ENTCS 32, pp. 42–58. Elsevier (2000)
Gong, L., Syverson. P.: Fail-stop protocols: an approach to designing secure protocols. In: Iyer, R.K., Morganti, M., Fuchs, W.K., Gligor, V. (eds.) Proceedings of the 5th International Working Conference on Dependable Computing for Critical Applications (DCCA’95), pp. 79–100. IEEE Press (1998)
Heather, J., Schneider, S.: Towards automatic verification of authentication protocols on an unbounded network. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW’00), pp. 132–143. IEEE Press (2000)
Jerdonek, R., Honeyman, P., Coffman, K., Rees, J., Wheeler, K.: Implementation of a provably secure, smartcard-based key distribution protocol. In: Quisquater, J.J., Schneier, B. (eds.) Proceedings of the 3rd Smartcard Research and Advanced Application Conference (CARDIS’98), pp. 229–235. (1998)
Lowe G.: Breaking and fixing the Needham–Schroeder public-key protocol using CSP and FDR. In: Margaria, T., Steffen, B. (eds) Proceedings of the 2nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’96), LNCS 1055, pp. 147–166. Springer, Berlin (1996)
Lowe G., Roscoe A.W.: Using CSP to detect errors in the TMN protocol. IEEE Trans. Softw. Eng. 3(10), 659–669 (1997)
Meadows, C.: Invariant generation techniques in cryptographic protocol analysis. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW’00), pp. 159–169. IEEE Press (2000)
Meadows C.A.: The NRL protocol analyzer: an overview. J. Log. Program. 26(2), 113–131 (1996)
Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL: A Proof Assistant for Higher-Order Logic. Springer, LNCS Tutorial 2283 (2002)
Paulson, L.C.: Proving properties of security protocols by induction. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW’97), pp. 70–83. IEEE Press (1997)
Paulson L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6, 85–128 (1998)
Paulson L.C.: Inductive analysis of the internet protocol TLS. ACM Trans. Comput. Syst. Secur. 2(3), 332–351 (1999)
Ryan, P.Y.A., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, A.W.: Modelling and Analysis of Security Protocols. Addison-Wesley (2001)
Schneider, S.: Verifying authentication protocols with CSP. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW’97), pp. 3–17. IEEE Press (1997)
Shoup, V., Rubin, A.: Session key distribution using smartcards. In: Maurer, U. (ed.) Advances in Cryptology (Eurocrypt’96), LNCS 1070, pp. 321–331. Springer (1996)
Song, B., Kim, K.: Two-pass authenticated key agreement protocol with key confirmation. In: Roy, B.K., Okamoto, E. (eds.) Proceeings of 1st International Conference in Cryptology in India, Indocrypt 2000, LNCS 1977, pp. 237–249. Springer (2000)
Syverson, P.F.: Limitations on design principles for public key protocols. In: Proceedings of the 15th IEEE Symposium on Security and Privacy (SSP’96), pp. 62–72. IEEE Press (1996)
Thayer F.J., Herzog J.C., Guttman J.D.: Strand spaces: proving security protocols correct. J. Comput. Secur. 7, 191–220 (1999)
URL (2009a) Isabelle download page. http://www.cl.cam.ac.uk/Research/HVG/Isabelle/download.html
URL (2009b) Old Isabelle releases. http://www.cl.cam.ac.uk/Research/HVG/Isabelle/download_past.html
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bella, G. The principle of guarantee availability for security protocol analysis. Int. J. Inf. Secur. 9, 83–97 (2010). https://doi.org/10.1007/s10207-009-0097-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-009-0097-y