Verification of Authentication Protocols for Epistemic Goals via SAT Compilation
- 41 Downloads
This paper introduces a new methodology that uses knowledge structures, a specific form of Kripke semantics for epistemic logic, to analyze communication protocols over hostile networks. The paper particularly focuses on automatic verification of authentication protocols. Our approach is based on the actual definitions of a protocol, not on some difficult-to-establish justifications. The proposed methodology is different from many previous approaches to automatic verification of security protocols in that it is justification-oriented instead of falsification-oriented, i.e., finding bugs in a protocol. The main idea is based on observations: separating a principal executing a run of protocol from the role in the protocol, and inferring a principal’s knowledge from the local observations of the principal. And we show analytically and empirically that this model can be easily reduced to Satisfiability (SAT) problem and efficiently implemented by a modern SAT solver.
Keywordsauthentication protocol formal verification knowledge structure SAT
Unable to display preview. Download preview PDF.
- Hintikka J. Knowledge and Belief. Ithaca, NY: Cornell University Press, 1962.Google Scholar
- Li Gong, Roger Needham, Raphael Yahalom. Reasoning about beliefs in cryptographic protocols. In Proc. IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, California, 1990, IEEE Computer Society Press, pp.234–248.Google Scholar
- Abadi M, Tuttle M R. A semantics for a logic of authentication. In Proc. the 10th Annual ACM Symp. Principles of Distributed Computing, Montreal, Canada, 1991, pp.201–216.Google Scholar
- Boyd C, Mao M. On a limitation of BAN logic. In Proc. EUROCRYPT’93, Lofthus, Norway: Springer-Verlag, LNCS 765, 1993, pp.240–247.Google Scholar
- P van Oorschot. Extending cryptographic logics of belief to key agreement. In Proc. 1st ACM Conf. Computer and Communications Security, Fairfax, USA, Nov. 1993, pp.232–243.Google Scholar
- P F Syverson, P C van Oorschot. A unified cryptographic protocol logic. Technical Report 5540-227, CHACS, Naval Research Lab, 1996.Google Scholar
- Kaile Su, Guanfeng Lv, Yan Zhang. Reasoning about knowledge by variable forgetting. In Proc. the 9th Int. Conf. Principles of Knowledge Representation and Reasoning KR-2004, Whistler, Canada, June 2004, pp.576–586.Google Scholar
- Lowe G. A hierarchy of authentication specifications. In Proc. 10th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, Rockport, USA, 1997, pp.31–43.Google Scholar
- Kaile Su, Guanfeng Lv, Qingliang Chen. Knowledge structure approach to verification of authentication protocols. Science in China, Series E: Information Sciences, April 2005, 35(4): 337–351.Google Scholar
- Gavin Lowe. Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. Tools and Algorithms for the Construction and Analysis of Systems, Margaria and Steffen (eds.), LNCS 1055, Passau, Germany: Springer Verlag, 1996, pp.147–166.Google Scholar
- Fangzhen Lin. On strongest necessary and weakest sufficient conditions. In Proc. Seventh Int. Conf. Principles of Knowledge Representation and Reasoning, Breckenridge, Colorado, USA, April 11–15, 2000, pp.167–175.Google Scholar
- Durgin N, Lincoln P, Mitchell J, Scedrov A. Undecidability of bounded security protocols. In Proc. Workshop on Formal Methods and Security Protocols (FMSP’99), Trento, Italy, 1999, http://citeseer.nj.nec.com/durgin99undecidability.html.
- Iliano Cervesato, Catherine Meadows, Dusko Pavlovic. An encapsulated authentication logic for reasoning about key distribution protocol. In Eighteenth Computer Security Foundations Workshop — CSFW-18, IEEE Computer Society Press, Aix-en-Provence, France, 20–22 June, 2005, pp.48–61.Google Scholar
- Nancy A Durgin, John C Mitchell, Dusko Pavlovic. A compositional logic for proving security properties of protocols. Journal of Computer Security, 2003, 11(4): 677–722.Google Scholar
- F Javier Thayer, Jonathan C Herzog, Joshua D Guttman. Strand spaces. Technical Report, The MITRE Corporation, Nov. 1997.Google Scholar
- John V Franco, Michal Kouril, John S Schlipf et al. SBSAT: A state-based, BDD-based satisfiability solver. In Proc. the Theory and Applications of Satisfiability Testing, 6th Int. Conf., SAT 2003., Santa Margherita Ligure, Italy, Springer, LNCS 2919, 2003, pp.398–410.Google Scholar
- Pierre Bieber. A logic of communication in hostile environment. In Proc. the 3rd IEEE Computer Security Foundations Workshop, Franconia, USA, IEEE Computer Society Press, June 1990, pp.14–22.Google Scholar
- Clarke E, Jha S Marrero. A machine checkable logic of knowledge for specifying security properties of electronic commerce protocols. In Proc. 13th IEEE Annual Symposium on Logic in Computer Science LICS98 Workshop on Formal Methods and Security Protocols, Indianapolis, Indiana, June 21–24, 1998, http://citeseer.ist.psu.edu/clarke98machine.html.
- Paul Syverson. Towards a strand semantics for authentication logic. Electronic Notes in Theoretical Computer Science, 1999, http://www.elsevier.nl/locate/entcs/volume20.html.
- Anupam Datta, Ante Derek, John C Mitchell, Dusko Pavlovic. A derivation system for security protocols and its logical formalization. In 16th IEEE Computer Security Foundations Workshop CSFW-16 2003, Pacific Grove, CA, USA, IEEE Computer Society, June 30–July 2, 2003, pp.109–125.Google Scholar
- Li Mengjun, Li Zhoujun, Chen Huowang. A survey of security protocol verification based on process algebra. Chinese J. Computer Research and Development, July 2004, 41(7): 1097–1103.Google Scholar
- Abadi M, Gordon A. A calculus for cryptographic protocols: The spi calculus. In Proc. 4th ACM Conf. Computer and Communication Security, Zurich, Switzerland, April 1997, pp.36–47.Google Scholar
- Song D, Berezin S, Perrig A. Athena: A novel approach to efficient automatic security protocol analysis. Journal of Computer Security, 2001, 9(1, 2): 47–74.Google Scholar