A Multiset Rewriting Model for Specifying and Verifying Timing Aspects of Security Protocols

  • Musab A. Alturki
  • Tajana Ban Kirigin
  • Max Kanovich
  • Vivek Nigam
  • Andre Scedrov
  • Carolyn TalcottEmail author
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11565)


Catherine Meadows has played an important role in the advancement of formal methods for protocol security verification. Her insights on the use of, for example, narrowing and rewriting logic has made possible the automated discovery of new attacks and the shaping of new protocols. Meadows has also investigated other security aspects, such as, distance-bounding protocols and denial of service attacks. We have been greatly inspired by her work. This paper describes the use of Multiset Rewriting for the specification and verification of timing aspects of protocols, such as network delays, timeouts, timed intruder models and distance-bounding properties. We detail these timed features with a number of examples and describe decidable fragments of related verification problems.



We thank Cathy for her inspiring work, insightful and motivating discussions and for her friendship. Part of this work was done during the visits to the University of Pennsylvania by Alturki, Ban Kirigin, Kanovich, Nigam, and Talcott, which were partially supported by ONR and by the University of Pennsylvania. Ban Kirigin is supported in part by the Croatian Science Foundation under the project UIP-05-2017-9219. Scedrov is partially supported by ONR. Talcott is partly supported by ONR grant N00014-15-1-2202 and NRL grant N0017317-1-G002. Nigam is partially supported by NRL grant N0017317-1-G002, and CNPq grant 303909/2018-8.


  1. 1.
    Alturki, M.A., Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Statistical model checking of distance fraud attacks on the Hancke-Kuhn family of protocols. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 60–71. ACM (2018)Google Scholar
  2. 2.
    Basin, D.A., Capkun, S., Schaller, P., Schmidt, B.: Formal reasoning about physical properties of security protocols. ACM Trans. Inf. Syst. Secur. 14(2), 16 (2011)CrossRefGoogle Scholar
  3. 3.
    Bella, G., Paulson, L.C.: Kerberos version IV: inductive analysis of the secrecy goals. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 361–375. Springer, Heidelberg (1998). Scholar
  4. 4.
    Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). Scholar
  5. 5.
    Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: CSFW, pp. 55–69 (1999)Google Scholar
  6. 6.
    Cheval, V., Cortier, V.: Timing attacks in security protocols: symbolic framework and proof techniques. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 280–299. Springer, Heidelberg (2015). Scholar
  7. 7.
    Chothia, T., Smirnov, V.: A traceability attack against e-passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010). Scholar
  8. 8.
    Cremers, C., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance Hijacking attacks on distance bounding protocols. In: 2012 IEEE Symposium on Security and Privacy, pp. 113–127 (2012).
  9. 9.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12(2), 247–311 (2004)CrossRefGoogle Scholar
  11. 11.
    Enderton, H.B.: A Mathematical Introduction to Logic. Academic Press, Cambridge (1972)zbMATHGoogle Scholar
  12. 12.
    Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007–2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). Scholar
  13. 13.
    Evans, N., Schneider, S.: Analysing time dependent security properties in CSP using PVS. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 222–237. Springer, Heidelberg (2000). Scholar
  14. 14.
    Gorrieri, R., Locatelli, E., Martinelli, F.: A simple language for real-time cryptographic protocol analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 114–128. Springer, Heidelberg (2003). Scholar
  15. 15.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SECURECOMM 2005, pp. 67–73 (2005).
  16. 16.
    Jakubowska, G., Penczek, W.: Modelling and checking timed authentication of security protocols. Fundamenta Informaticae 79(3–4), 363–378 (2007)MathSciNetzbMATHGoogle Scholar
  17. 17.
    Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A.: Bounded memory Dolev-Yao adversaries in collaborative systems. Inf. Comput. 238, 233–261 (2014)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Compliance in real time multiset rewriting models.
  19. 19.
    Kanovich, M., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.: Discrete vs. dense times in the analysis of cyber-physical security protocols. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 259–279. Springer, Heidelberg (2015). Scholar
  20. 20.
    Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Can we mitigate the attacks on distance-bounding protocols by using challenge-response rounds repeatedly? In: FCS (2016)Google Scholar
  21. 21.
    Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Timed multiset rewriting and the verification of time-sensitive distributed systems. In: Fränzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 228–244. Springer, Cham (2016). Scholar
  22. 22.
    Kanovich, M., Rowe, P., Scedrov, A.: Policy compliance in collaborative systems. In: Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium, CSF 2009, pp. 218–233. IEEE Computer Society, Washington, DC (2009).
  23. 23.
    Kanovich, M.I., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.L.: Towards timed models for cyber-physical security protocols (2014). Available in Nigam’s homepageGoogle Scholar
  24. 24.
    Kanovich, M.I., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.L.: Time, computational complexity, and probability in the analysis of distance-bounding protocols. J. Comput. Secur. 25(6), 585–630 (2017). Scholar
  25. 25.
    Kanovich, M.I., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.L., Perovic, R.: A rewriting framework and logic for activities subject to regulations. Math. Struct. Comput. Sci. 27(3), 332–375 (2017). Scholar
  26. 26.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: TACAS, pp. 147–166 (1996)Google Scholar
  27. 27.
    Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Program. 26(2), 113–131 (1996). Scholar
  28. 28.
    Meadows, C.: A cost-based framework for analysis of denial of service in networks. J. Comput. Secur. 9(1–2), 143–164 (2001). Scholar
  29. 29.
    Meadows, C.A., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols: authentication logic analysis and collusion attacks. In: Poovendran, R., Roy, S., Wang, C. (eds.) Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks. ADIS, vol. 30, pp. 279–298. Springer, Boston (2007). Scholar
  30. 30.
    Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). Scholar
  31. 31.
    Nigam, V., Talcott, C., Aires Urquiza, A.: Towards the automated verification of cyber-physical security protocols: bounding the number of timed intruders. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part II. LNCS, vol. 9879, pp. 450–470. Springer, Cham (2016). Scholar
  32. 32.
    Pavlovic, D., Meadows, C.: Bayesian authentication: quantifying security of the Hancke-Kuhn protocol. Electron. Notes Theoret. Comput. Sci. 265, 97–122 (2010)MathSciNetCrossRefGoogle Scholar
  33. 33.
    Rowe, P.: Policy compliance, confidentiality and complexity in collaborative systems. Ph.D. thesis. University of Pennsylvania (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Musab A. Alturki
    • 1
    • 2
  • Tajana Ban Kirigin
    • 3
  • Max Kanovich
    • 4
    • 8
  • Vivek Nigam
    • 5
    • 6
  • Andre Scedrov
    • 7
    • 8
  • Carolyn Talcott
    • 9
    Email author
  1. 1.KFUPMDhahranSaudi Arabia
  2. 2.Runtime Verification Inc.UrbanaUSA
  3. 3.Department of MathematicsUniversity of RijekaRijekaCroatia
  4. 4.University College, LondonLondonUK
  5. 5.Federal University of ParaíbaJoão PessoaBrazil
  6. 6.fortissMunichGermany
  7. 7.University of PennsylvaniaPhiladelphiaUSA
  8. 8.National Research University Higher School of EconomicsMoscowRussia
  9. 9.SRI InternationalMenlo ParkUSA

Personalised recommendations