Journal of Computer Science and Technology

, Volume 21, Issue 6, pp 932–943 | Cite as

Verification of Authentication Protocols for Epistemic Goals via SAT Compilation

  • Kai-Le Su
  • Qing-Liang Chen
  • Abdul Sattar
  • Wei-Ya Yue
  • Guan-Feng Lv
  • Xi-Zhong Zheng
Regular Paper


This paper introduces a new methodology that uses knowledge structures, a specific form of Kripke semantics for epistemic logic, to analyze communication protocols over hostile networks. The paper particularly focuses on automatic verification of authentication protocols. Our approach is based on the actual definitions of a protocol, not on some difficult-to-establish justifications. The proposed methodology is different from many previous approaches to automatic verification of security protocols in that it is justification-oriented instead of falsification-oriented, i.e., finding bugs in a protocol. The main idea is based on observations: separating a principal executing a run of protocol from the role in the protocol, and inferring a principal’s knowledge from the local observations of the principal. And we show analytically and empirically that this model can be easily reduced to Satisfiability (SAT) problem and efficiently implemented by a modern SAT solver.


authentication protocol formal verification knowledge structure SAT 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Hintikka J. Knowledge and Belief. Ithaca, NY: Cornell University Press, 1962.Google Scholar
  2. [2]
    Fagin R, Halpern J, Moses Y, Vardi M. Reasoning about Knowledge. Cambridge, MA: MIT Press, 1995.MATHGoogle Scholar
  3. [3]
    Halpern J, Zuck L. A little knowledge goes a long way: Simple knowledge based derivations and correctness proofs for a family of protocols. Journal of the ACM, 1992, 39(3): 449–478.CrossRefMathSciNetMATHGoogle Scholar
  4. [4]
    Stulp F, Verbrugge R. A knowledge-based algorithm for the Internet protocol TCP. Bulletin of Economic Research, 2002, 54(1): 69–94.CrossRefGoogle Scholar
  5. [5]
    Burrows M, Abadi M, Needham R M. A logic of authentication. ACM Trans. Computer Systems, 1990, 8(1): 18–36.CrossRefGoogle Scholar
  6. [6]
    Li Gong, Roger Needham, Raphael Yahalom. Reasoning about beliefs in cryptographic protocols. In Proc. IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, California, 1990, IEEE Computer Society Press, pp.234–248.Google Scholar
  7. [7]
    Abadi M, Tuttle M R. A semantics for a logic of authentication. In Proc. the 10th Annual ACM Symp. Principles of Distributed Computing, Montreal, Canada, 1991, pp.201–216.Google Scholar
  8. [8]
    Boyd C, Mao M. On a limitation of BAN logic. In Proc. EUROCRYPT’93, Lofthus, Norway: Springer-Verlag, LNCS 765, 1993, pp.240–247.Google Scholar
  9. [9]
    P van Oorschot. Extending cryptographic logics of belief to key agreement. In Proc. 1st ACM Conf. Computer and Communications Security, Fairfax, USA, Nov. 1993, pp.232–243.Google Scholar
  10. [10]
    P F Syverson, P C van Oorschot. A unified cryptographic protocol logic. Technical Report 5540-227, CHACS, Naval Research Lab, 1996.Google Scholar
  11. [11]
    Kaile Su, Guanfeng Lv, Yan Zhang. Reasoning about knowledge by variable forgetting. In Proc. the 9th Int. Conf. Principles of Knowledge Representation and Reasoning KR-2004, Whistler, Canada, June 2004, pp.576–586.Google Scholar
  12. [12]
    Lowe G. A hierarchy of authentication specifications. In Proc. 10th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, Rockport, USA, 1997, pp.31–43.Google Scholar
  13. [13]
    Kaile Su, Guanfeng Lv, Qingliang Chen. Knowledge structure approach to verification of authentication protocols. Science in China, Series E: Information Sciences, April 2005, 35(4): 337–351.Google Scholar
  14. [14]
    Needham R M, Schroeder M D. Using encryption for authentication in large networks of computers. Communication of the ACM, 1978, 21(12): 993–999.CrossRefMATHGoogle Scholar
  15. [15]
    Gavin Lowe. Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. Tools and Algorithms for the Construction and Analysis of Systems, Margaria and Steffen (eds.), LNCS 1055, Passau, Germany: Springer Verlag, 1996, pp.147–166.Google Scholar
  16. [16]
    Kripke S. A semantical analysis of modal logic. I: Normal modal propositional calculi. Z. Math. Logik Grundl. Math., 1963, 9: 67–96.MathSciNetMATHGoogle Scholar
  17. [17]
    Fangzhen Lin. On strongest necessary and weakest sufficient conditions. In Proc. Seventh Int. Conf. Principles of Knowledge Representation and Reasoning, Breckenridge, Colorado, USA, April 11–15, 2000, pp.167–175.Google Scholar
  18. [18]
    Dolev D, Yao A C. On the security of public-key protocols. IEEE Trans. Information Theory, Aug. 1983, 29(8): 198–208.CrossRefMathSciNetMATHGoogle Scholar
  19. [19]
    Durgin N, Lincoln P, Mitchell J, Scedrov A. Undecidability of bounded security protocols. In Proc. Workshop on Formal Methods and Security Protocols (FMSP’99), Trento, Italy, 1999,
  20. [20]
    Iliano Cervesato, Catherine Meadows, Dusko Pavlovic. An encapsulated authentication logic for reasoning about key distribution protocol. In Eighteenth Computer Security Foundations Workshop — CSFW-18, IEEE Computer Society Press, Aix-en-Provence, France, 20–22 June, 2005, pp.48–61.Google Scholar
  21. [21]
    Nancy A Durgin, John C Mitchell, Dusko Pavlovic. A compositional logic for proving security properties of protocols. Journal of Computer Security, 2003, 11(4): 677–722.Google Scholar
  22. [22]
    F Javier Thayer, Jonathan C Herzog, Joshua D Guttman. Strand spaces. Technical Report, The MITRE Corporation, Nov. 1997.Google Scholar
  23. [23]
    John V Franco, Michal Kouril, John S Schlipf et al. SBSAT: A state-based, BDD-based satisfiability solver. In Proc. the Theory and Applications of Satisfiability Testing, 6th Int. Conf., SAT 2003., Santa Margherita Ligure, Italy, Springer, LNCS 2919, 2003, pp.398–410.Google Scholar
  24. [24]
    Pierre Bieber. A logic of communication in hostile environment. In Proc. the 3rd IEEE Computer Security Foundations Workshop, Franconia, USA, IEEE Computer Society Press, June 1990, pp.14–22.Google Scholar
  25. [25]
    Clarke E, Jha S Marrero. A machine checkable logic of knowledge for specifying security properties of electronic commerce protocols. In Proc. 13th IEEE Annual Symposium on Logic in Computer Science LICS98 Workshop on Formal Methods and Security Protocols, Indianapolis, Indiana, June 21–24, 1998,
  26. [26]
    Paul Syverson. Towards a strand semantics for authentication logic. Electronic Notes in Theoretical Computer Science, 1999,
  27. [27]
    Joseph Y Halpern, Riccardo Pucella. On the relationship between strand spaces and multi-agent systems. ACM Trans. Inf. Syst. Secur., 2003, 6(1): 43–70.CrossRefGoogle Scholar
  28. [28]
    Anupam Datta, Ante Derek, John C Mitchell, Dusko Pavlovic. A derivation system for security protocols and its logical formalization. In 16th IEEE Computer Security Foundations Workshop CSFW-16 2003, Pacific Grove, CA, USA, IEEE Computer Society, June 30–July 2, 2003, pp.109–125.Google Scholar
  29. [29]
    Li Mengjun, Li Zhoujun, Chen Huowang. A survey of security protocol verification based on process algebra. Chinese J. Computer Research and Development, July 2004, 41(7): 1097–1103.Google Scholar
  30. [30]
    Abadi M, Gordon A. A calculus for cryptographic protocols: The spi calculus. In Proc. 4th ACM Conf. Computer and Communication Security, Zurich, Switzerland, April 1997, pp.36–47.Google Scholar
  31. [31]
    Huai Jinpeng, Li Xianxian. Algebra model and security analysis for cryptographic protocols. Science in China, Series F: Information Sciences, Feb. 2004, 47(2): 199–220.CrossRefMATHGoogle Scholar
  32. [32]
    Xue Rui, Feng Deng-Guo. New semantic model for authentication protocols in ASMs. J. Comput. Sci. & Tech., 2004, 19(4): 555–563.MathSciNetCrossRefGoogle Scholar
  33. [33]
    Clarke E M, Jha S, Marrero W. Verifying security protocols with Brutus. ACM Trans. Software Engineering and Methodology, October 2000, 9(4): 443–487.CrossRefGoogle Scholar
  34. [34]
    Song D, Berezin S, Perrig A. Athena: A novel approach to efficient automatic security protocol analysis. Journal of Computer Security, 2001, 9(1, 2): 47–74.Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2006

Authors and Affiliations

  • Kai-Le Su
    • 1
    • 2
  • Qing-Liang Chen
    • 1
    • 4
  • Abdul Sattar
    • 2
  • Wei-Ya Yue
    • 1
  • Guan-Feng Lv
    • 3
  • Xi-Zhong Zheng
    • 4
  1. 1.Department of Computer ScienceSun Yat-Sen UniversityGuangzhouP.R. China
  2. 2.Institute for Integrated and Intelligent SystemsGriffith University, BrisbaneQldAustralia
  3. 3.College of Computer Science and TechnologyBeijing University of TechnologyBeijingP.R. China
  4. 4.Department of Computer ScienceBrandenburg University of TechnologyCottbusGermany

Personalised recommendations