Lazy Infinite-State Analysis of Security Protocols

  • David Basin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1740)


Security protocols are used to exchange information in a Distributed system with the aim of providing security guarantees. We Present an approach to modeling security protocols using lazy data types in a higher-order functional programming language. Our approach supports the formalization of protocol models in a natural and high-level way, and the automated analysis of safety properties using infinite-state model checking, where the model is explicitly constructed in a demand-driven manner. We illustrate these ideas with an extended example: modeling and checking the Needham-Schroeder public-key authentication protocol.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. R. Anderson and R. Needham. Programming Satan’s computer. In Commputer Science Today, volume 1000 of LNCS, pages 426–441. Springer-Verlag, 1995.CrossRefGoogle Scholar
  2. Michael Burrows, Martin Abadi, and Roger Needham. A logic of authentication. ACM Transactions in Computer Systems, 8(1):18–36, 1990.CrossRefGoogle Scholar
  3. John Clark and Jeremy Jacob. A survey of authentication protocol literature: Version 1.0. Available at the URL>.
  4. G. Denker, J. Meseguer, and C. Talcott. Protocol specification and analysis in Maude. In N. Heintze and J. Wing, editors Proceedings of the Workshop on Formal Methods and Security Protocols, pages 939–944, Indianapolis, Indiana, June 1998.Google Scholar
  5. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29:198–208, 1983.zbMATHCrossRefMathSciNetGoogle Scholar
  6. Dan P. Friedman and David S. Wise. Cons should not evaluate its arguments. In S. Michaelson and R. Milner, editors, Automata, Languages and Programming, pages 257–284. Edinburgh University Press, 1976.Google Scholar
  7. Nevin Heintze, J.D. Tygar, Jeannette M. Wing, and Hao-Chi Wong. Model checking electronic commerce protocols. In Proceedings of the UNISEX 1996 Workshop on Electronic Commerce, 1996.Google Scholar
  8. P. Hudak, S. Peyton Jones, and P. Wadler (Editors). Report on the programming language Haskell: A non-strict, purely functional language (version 1.2). ACM SIGPLAN Notices, 27(5), 1992Google Scholar
  9. Richard Kemmerer, Catherine Meadows, and Jonathan Millen. Three systems for cryptographic protocol analysis. Journal of Cryptology, 7(2):79–130, 1994.zbMATHCrossRefGoogle Scholar
  10. Gawin Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proceedings of TACAS’96, LNCS 1055. pages 147–166. Springer, Berlin, 1996.Google Scholar
  11. Wenbo Mao. An augmentation of BAN-like logics. In Proceedings of the 8th IEEE Computer Security Foundations of Workshop, pages 44–56. IEEE Computer Society Press, 1995.Google Scholar
  12. W. Marrerp. E. Clarke, and S. Jha. Model checking for security protocols. In Proceedings of the DIMACS Workshop on Design and Verification of Security Protocols. 1997.Google Scholar
  13. Jonathan K. Millen, S.C. Clark, and S.B. Freedman. The Interrogator: Protocol security analysis. IEEE Transactions on Software Engineering, 13(2):274–288, 1987.CrossRefGoogle Scholar
  14. Roger M. Needham and Michael D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.zbMATHCrossRefGoogle Scholar
  15. Lawrence C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85–125, 1998.Google Scholar
  16. A.W. Roscoe. Modelling and verifying key-exchange protocols using CSP and FDR. In Proceedings of 1995 IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 1995.Google Scholar
  17. Steve Schneider. Verifying authentication protocols in CSP. IEEE Transactions on Software Engineering, 24(9):741–758, 1998.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • David Basin
    • 1
  1. 1.Institut für InformatikUniversität FreiburgGermany

Personalised recommendations