Symbolic Timed Trace Equivalence

  • Vivek Nigam
  • Carolyn TalcottEmail author
  • Abraão Aires Urquiza
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11565)


Intruders can infer properties of a system by measuring the time it takes for the system to respond to some request of a given protocol, that is, by exploiting time side channels. These properties may help intruders distinguish whether a system is a honeypot or concrete system helping them avoid defense mechanisms, or track a user among others violating his privacy. Observational and trace equivalence are technical machineries used for verifying whether two systems are distinguishable. Automating the check for trace equivalence suffers the state-space explosion problem. Symbolic verification is used to mitigate this problem allowing for the verification of relatively large systems. This paper introduces a novel definition of timed trace equivalence based on symbolic time constraints. Protocol verification problems can then be reduced to problems solvable by off-the-shelf SMT solvers. We implemented such machinery in Maude and carry out a number of experiments demonstrating the feasibility of our approach.



We thank the anonymous reviewer for careful reading and helpful suggestions for improvement. Nigam was partially supported by NRL grant N0017317-1-G002 and by CNPq grant 303909/2018-8. Talcott was partly supported by ONR grant N00014-15-1-2202 and NRL grant N0017317-1-G002.


  1. 1.
    Abadi, M., Fournet, C.: Private authentication. Theor. Comput. Sci. 322(3), 427–476 (2004)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Agha, G., Mason, I.A., Smith, S.F., Talcott, C.L.: A foundation for actor computation. J. Funct. Program. 7, 1–72 (1997)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using the applied pi calculus. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, Edinburgh, United Kingdom, 17–19 July 2010, pp. 107–121 (2010)Google Scholar
  4. 4.
    Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). Scholar
  5. 5.
    Basin, D., Sebastian Mödersheim, L.V.: OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. (2004).
  6. 6.
    Bella, G., Paulson, L.C.: Kerberos version IV: inductive analysis of the secrecy goals. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 361–375. Springer, Heidelberg (1998). Scholar
  7. 7.
    Benton, N., Hofmann, M., Nigam, V.: Effect-dependent transformations for concurrent programs. In: Proceedings of the 18th International Symposium on Principles and Practice of Declarative Programming, 5–7 September 2016, Edinburgh, United Kingdom, pp. 188–201 (2016)Google Scholar
  8. 8.
    Brands, S., Chaum, D.: Distance-bounding protocols (extended abstract). In: EUROCRYPT, pp. 344–359 (1993)Google Scholar
  9. 9.
    Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: CSFW, pp. 55–69 (1999)Google Scholar
  10. 10.
    Cheval, V., Cortier, V.: Timing attacks in security protocols: symbolic framework and proof techniques. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 280–299. Springer, Heidelberg (2015). Scholar
  11. 11.
    Chothia, T., Smirnov, V.: A traceability attack against e-passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010). Scholar
  12. 12.
    Clavel, M., et al.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). Scholar
  13. 13.
    Corin, R., Etalle, S., Hartel, P.H., Mader, A.: Timed model checking of security protocols. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, New York, NY, USA, pp. 23–32. ACM (2004)Google Scholar
  14. 14.
    Cortier, V., Delaune, S.: A method for proving observational equivalence. In: Proceedings of the 22nd IEEE Computer Security Foundations Symposium, CSF 2009, Port Jefferson, New York, USA, 8–10 July 2009, pp. 266–276 (2009)Google Scholar
  15. 15.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Durán, F., Eker, S., Escobar, S., Martí-Oliet, N., Meseguer, J., Talcott, C.: Built-in variant generation and unification, and their applications in Maude 2.7. In: Olivetti, N., Tiwari, A. (eds.) IJCAR 2016. LNCS (LNAI), vol. 9706, pp. 183–192. Springer, Cham (2016). Scholar
  17. 17.
    Biere, A., Bloem, R. (eds.): CAV 2014. LNCS, vol. 8559. Springer, Cham (2014). Scholar
  18. 18.
    Dutertre, B.: Solving exists/forall problems with yices. In: SMT (2015)Google Scholar
  19. 19.
    Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). Scholar
  20. 20.
    Evans, N., Schneider, S.: Analysing time dependent security properties in CSP using PVS. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 222–237. Springer, Heidelberg (2000). Scholar
  21. 21.
    Gazeau, I., Kremer, S.: Automated analysis of equivalence properties for security protocols using else branches. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 1–20. Springer, Cham (2017). Scholar
  22. 22.
    González-Burgueño, A., Aparicio-Sánchez, D., Escobar, S., Meadows, C.A., Meseguer, J.: Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA. In: 22nd International Conference on Logic for Programming, Artificial Intelligence and Reasoning, pp. 400–417 (2018)Google Scholar
  23. 23.
    González-Burgueño, A., Santiago, S., Escobar, S., Meadows, C.A., Meseguer, J.: Analysis of the PKCS#11 API using the Maude-NPA tool. In: Proceedings of the Security Standardisation Research - Second International Conference, SSR 2015, Tokyo, Japan, 15–16 December 2015, pp. 86–106 (2015)Google Scholar
  24. 24.
    Gorrieri, R., Locatelli, E., Martinelli, F.: A simple language for real-time cryptographic protocol analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 114–128. Springer, Heidelberg (2003). Scholar
  25. 25.
    Gunter, C.A.: Semantics of Programming Languages - Structures and Techniques. Foundations of Computing. MIT Press, Cambridge (1993)Google Scholar
  26. 26.
    Ho, G., Boneh, D., Ballard, L., Provos, N.: Tick tock: building browser red pills from timing side channels. In: Bratus, S., Lindner, F.F.X. (eds.) 8th USENIX Workshop on Offensive Technologies, WOOT 2014 (2014)Google Scholar
  27. 27.
    Jakubowska, G., Penczek, W.: Modelling and checking timed authentication of security protocols. Fundam. Inf. 79(3–4), 363–378 (2007)MathSciNetzbMATHGoogle Scholar
  28. 28.
    Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L.: Towards timed models for cyber-physical security protocols (2014). Available in Nigam’s homepageGoogle Scholar
  29. 29.
    Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L., Perovic, R.: A rewriting framework for activities subject to regulations. In: 23rd International Conference on Rewriting Techniques and Applications (RTA 2012), Nagoya, Japan, 28 May–2 June 2012, pp. 305–322 (2012)Google Scholar
  30. 30.
    Mason, I.A., Talcott, C.L.: IOP: The interoperability platform & IMaude: an interactive extension of Maude. In: Fifth International Workshop on Rewriting Logic and Its Applications (WRLA 2004). Electronic Notes in Theoretical Computer Science. Elsevier (2004)Google Scholar
  31. 31.
    Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Program. 26(2), 113–131 (1996)CrossRefGoogle Scholar
  32. 32.
    Meadows, C.A.: Analysis of the internet key exchange protocol using the NRL protocol analyzer. In: 1999 IEEE Symposium on Security and Privacy, pp. 216–231 (1999)Google Scholar
  33. 33.
    Meadows, C.A.: A cost-based framework for analysis of denial of service networks. J. Comput. Secur. 9(1/2), 143–164 (2001)CrossRefGoogle Scholar
  34. 34.
    Meadows, C.A., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols: authentication logic analysis and collusion attacks. In: Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks, pp. 279–298 (2007)Google Scholar
  35. 35.
    Milner, R.: Communicating and Mobile Systems - The Pi-Calculus. Cambridge University Press, Cambridge (1999)zbMATHGoogle Scholar
  36. 36.
    Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). Scholar
  37. 37.
    Nigam, V., Talcott, C., Urquiza, A.A.: Symbolic timed observational equivalence (2018).
  38. 38.
    Nigam, V., Talcott, C., Aires Urquiza, A.: Towards the automated verification of cyber-physical security protocols: bounding the number of timed intruders. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 450–470. Springer, Cham (2016). Scholar
  39. 39.
    Rocha, C.: Symbolic reachability analysis for rewrite theories. Ph.D. thesis, University of Illinois at Urbana-Champagne (2012)Google Scholar
  40. 40.
    Santiago, S., Escobar, S., Meadows, C., Meseguer, J.: A formal definition of protocol indistinguishability and its verification using Maude-NPA. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 162–177. Springer, Cham (2014). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Vivek Nigam
    • 1
    • 2
  • Carolyn Talcott
    • 3
    Email author
  • Abraão Aires Urquiza
    • 1
  1. 1.Federal University of ParaíbaJoão PessoaBrazil
  2. 2.fortiss GmbHMunichGermany
  3. 3.SRI InternationalMenlo ParkUSA

Personalised recommendations