Advertisement

A Comparison between Strand Spaces and Multiset Rewriting for Security Protocol Analysis

  • I. Cervesato
  • N. Durgin
  • P. Lincoln
  • J. Mitchell
  • A. Scedrov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2609)

Abstract

Formal analysis of security protocols is largely based on a set of assumptions commonly referred to as the Dolev-Yao model. Two formalisms that state the basic assumptions of this model are related here: strand spaces [FHG98] and multiset rewriting with existential quantification [CDL+ 99,DLMS99]. Strand spaces provide a simple and economical approach to state-based analysis of completed protocol runs by emphasizing causal interactions among protocol participants. The multiset rewriting formalism provides a very precise way of specifying finite-length protocols, with a bounded initialization phase but allowing unboundedly many instances of each protocol role, such as client, server, initiator, or responder. Although it is fairly intuitive that these two languages should be equivalent in some way, a number of modifications to each system are required to obtain a meaningful equivalence. We extend the strand formalism with a way of incrementally growing bundles in order to emulate an execution of a protocol with parametric strands. We omit the initialization part of the multiset rewriting setting, which formalizes the choice of initial data, such as shared public or private keys, and which has no counterpart in the strand space setting. The correspondence between the modified formalisms directly relates the intruder theory from the multiset rewriting formalism to the penetrator strands. The relationship we illustrate here between multiset rewriting specifications and strand spaces thus suggests refinements to both frameworks, and deepens our understanding of the Dolev-Yao model.

Keywords

Security Protocol Transition Sequence Strand Space Intruder Model Security Protocol Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [BCJS02]
    Frederic Butler, Iliano Cervesato, Aaron D. Jaggard, and Andre Scedrov. A Formal Analysis of Some Properties of Kerberos 5 Using MSR. In Fifteenth Computer Security Foundations Workshop-CSFW-15, pages 175–190, Cape Breton, NS, Canada, June 2002. IEEE Computer Society Press.Google Scholar
  2. [CDKS00]
    Iliano Cervesato, Nancy Durgin, Max I. Kanovich, and Andre Scedrov. Interpreting Strands in Linear Logic. In H. Veith, N. Heintze, and E. Clark, editors, 2000 Workshop on Formal Methods and Computer Security-FMCS’00, Chicago, IL, July 2000.Google Scholar
  3. [CDL+ 99] Iliano Cervesato, Nancy A. Durgin, Patrick D. Lincoln, John C. Mitchell, and Andre Scedrov. A meta-notation for protocol analysis. In P. Syverson, editor, Proceedings of the 12th IEEE Computer Security Foundations Workshop-CSFW’99, pages 55–69, Mordano, Italy, June 1999. IEEE Computer Society Press.Google Scholar
  4. [CDL+ 00]
    Iliano Cervesato, Nancy A. Durgin, Patrick D. Lincoln, John C. Mitchell, and Andre Scedrov. Relating strands and multiset rewriting for security protocol analysis. In P. Syverson, editor, 13th IEEE Computer Security Foundations Workshop-CSFW’00, pages 35–51, Cambrige, UK, 3-5 July 2000. IEEE Computer Society Press.Google Scholar
  5. [Cer01]
    Iliano Cervesato. Typed MSR: Syntax and Examples. In V.I. Gorodetski, V.A. Skormin, and L.J. Popyack, editors, First International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security-MMM’01, pages 159–177, St. Petersburg, Russia, May 2001. Springer-Verlag LNCS 2052.Google Scholar
  6. [DLMS99]
    Nancy Durgin, Patrick Lincoln, John Mitchell, and Andre Scedrov. Undecidability of bounded security protocols. In N. Heintze and E. Clarke, editors, Proceedings of the Workshop on Formal Methods and Security Protocols-FMSP, Trento, Italy, July 1999. Extended version at ftp://ftp.cis.upenn.edu/pub/papers/scedrov/msr-long.ps.
  7. [DM99]
    Grit Denker and Jonathan K. Millen. CAPSL Intermediate Language. In N. Heintze and E. Clarke, editors, Proceedings of the Workshop on Formal Methods and Security Protocols-FMSP, Trento, Italy, July 1999.Google Scholar
  8. [DY83]
    Danny Dolev and Andrew C. Yao. On the security of public-key protocols. IEEE Transactions on Information Theory, 2(29):198–208, 1983.CrossRefMathSciNetGoogle Scholar
  9. [FHG98]
    F. Javier Thayer Fábrega, Jonathan C. Herzog, and Joshua D. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 160–171, Oakland, CA, May 1998. IEEE Computer Society Press.Google Scholar
  10. [FHG99]
    F. Javier Thayer Fábrega, Jonathan C. Herzog, and Joshua D. Guttman. Mixed strand spaces. In P. Syverson, editor, Proceedings of the 12th IEEE Computer Security Foundations Workshop-CSFW’99, pages 72–82, Mordano, Italy, June 1999. IEEE Computer Society Press.Google Scholar
  11. [Man99]
    A. Maneki. Honest functions and their application to the analysis of cryptographic protocols. In P. Syverson, editor, Proceedings of the 12th IEEE Computer Security Foundations Workshop-CSFW’99, pages 83–89, Mordano, Italy, June 1999. IEEE Computer Society Press.Google Scholar
  12. [NS78]
    R.M. Needham and M.D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.zbMATHCrossRefGoogle Scholar
  13. [Son99]
    Dawn Song. Athena: a new efficient automatic checker for security protocol analysis. In Proceedings of the Twelth IEEE Computer Security Foundations Workshop, pages 192–202, Mordano, Italy, June 1999. IEEE Computer Society Press.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • I. Cervesato
    • 1
  • N. Durgin
    • 2
  • P. Lincoln
    • 3
  • J. Mitchell
    • 2
  • A. Scedrov
    • 4
  1. 1.Advanced Engineering and Sciences DivisionITT Industries, Inc.AlexandriaUSA
  2. 2.Computer Science DepartmentStanford UniversityUSA
  3. 3.Computer Science LaboratorySRI InternationalUSA
  4. 4.Mathematics DepartmentUniversity of PennsylvaniaPhiladelphiaUSA

Personalised recommendations