Automatic Verification for Later-Correspondence of Security Protocols

  • Xiaofei Xie
  • Xiaohong LiEmail author
  • Yang Liu
  • Li Li
  • Ruitao Feng
  • Zhiyong Feng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8979)


Ensuring correspondence is very important and useful in designing security protocols. Previously, many research works focus on the verification of former-correspondence which means “if the protocol executes some event, then it must have executed some other events before”. However, in some security protocols, it is also important to ensure the engagement of some events after an event happens. In this work, we propose a new property called later-correspondence, which is very useful for e-commerce protocols. The applied \(\pi \)-calculus is extended to specify the protocols. A simplified intruder model is proposed for modeling the intruder capabilities which includes the malicious behaviors of both protocol agents and intruders. The later-correspondence is verified based on the Labeled Transition System (LTS) using model checking. In order to avoid the states explosion, we limit the number of protocol sessions and reduce most of the useless messages from the intruder knowledge with message pattern filtering. We implement our method in a model checker PAT [23] and the verification results show that our method can verify later-correspondence in an effective way.


Model Check Operational Semantic Security Protocol Label Transition System Exchange Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was supported in part by the National Science Foundation of China (No. 91118003, 61272106, 61003080) and 985 funds of Tianjin University.


  1. 1.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. Proc. R. Soc. Lond. A 426, 233–271 (1989)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Lowe, G.: Breaking and fixing the needham-schroeder public-key protocol using FDR. In: Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems, pp. 147–166 (1989)Google Scholar
  3. 3.
    Xie, X.F., Li, X.H., Cao, K.Y., Feng, Z.Y.: Security modeling based on CSP for network protocol. Int. J. Digit. Content Technol. Appl. 6, 496–504 (2012)Google Scholar
  4. 4.
    Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: why is a security protocol correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 160–171 (1998)Google Scholar
  5. 5.
    Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: proving security protocols correct. J. Comput. Secur. 7, 191–230 (1999)Google Scholar
  6. 6.
    Bella, G., Paulson, L.C.: Using Isabelle to prove properties of the Kerberos authentication system. In: DIMACS Workshop on Design and Formal Verification of Security Protocols (1997)Google Scholar
  7. 7.
    Athena, D.X.S.: A New efficient automatic checker for security protocol analysis.In: Computer Security Foundations Workshop, pp. 192–202 (1999)Google Scholar
  8. 8.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In:Computer Security Foundations Workshop, pp. 82–96 (2001)Google Scholar
  9. 9.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  10. 10.
    Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Program. 26, 113–131 (1996)CrossRefzbMATHGoogle Scholar
  11. 11.
    Sun, J., Liu, Y., Dong, J.S.: Model checking CSP revisited: introducing a process analysis toolkit. In: Margaria, T., Steffen, B. (eds.) ISoLA 2008. CCIS, vol. 17, pp. 307–322. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Mitchell, J.C., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using Murphi. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 141–151. IEEE Computer Society Press (1997)Google Scholar
  13. 13.
    Hoare, C.: Communicating Sequential Processes. International Series in Computer Science. Prentice-Hall, Upper Saddle River (1985) zbMATHGoogle Scholar
  14. 14.
    Gordon, A., Jeffrey, A.: Authenticity by typing for security protocols. J. Comput. Secur. 11, 451–519 (2003)Google Scholar
  15. 15.
    Gordon, A., Jeffrey, A.: Types and effects for asymmetric cryptographic protocols. J. Comput. Secur. 12, 435–484 (2004)Google Scholar
  16. 16.
    Gordon, A.D., Hüttel, H., Hansen, R.R.: Type inference for correspondence types. In: 6th International Workshop on Security Issues in Concurrency (2008)Google Scholar
  17. 17.
    Bugliesi, M., Focardi, R., Maffei, M.: Analysis of typed analyses of authentication protocols. In: Proceedings 18th IEEE Computer Security Foundations Workshop, pp. 112–125 (2005)Google Scholar
  18. 18.
    Bugliesi, M., Focardi, R., Maffei, M.: Dynamic types for authentication. J. Comput. Secur. 15, 563–617 (2007)Google Scholar
  19. 19.
    Cremers, C., Mauw, S., de Vink, E.: Defining authentication in a trace model. In: Proceedings of the First International Workshop on Formal Aspects in Security and Trust, pp. 131–145 (2003)Google Scholar
  20. 20.
    Corin, R., Saptawijaya, A., Etalle, S.: A logic for constraint based security protocol analysis. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 155–168 (2006)Google Scholar
  21. 21.
    Schmidt, B., Meier, S., Cremers, C., Basin, D.: Automated analysis of Difie-Hellman protocols and advanced security properties. In: Computer Security Foundations Symposium (CSF), pp. 78–94 (2012)Google Scholar
  22. 22.
    Tuan, L.A., Sun, J., Liu, Y., Dong, J.S., Li, X.H., Tho, Q.T.: SEVE: automatic tool for verification of security protocols. Front. Comput. Sci. Spec. Issue Form. Eng. Method 6, 57–75 (2012)zbMATHGoogle Scholar
  23. 23.
    Liu, Y., Sun, J., Dong, J.S.: Developing model checkers using PAT. In: Bouajjani, A., Chin, W.-N. (eds.) ATVA 2010. LNCS, vol. 6252, pp. 371–377. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  24. 24.
    Blanchet, B.: Automatic verification of correspondences for security protocols. J. Comput. Secur. 17, 363–434 (2009)Google Scholar
  25. 25.
    Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols. In: IEEE Symposium on Security and Privacy, pp. 178–194 (1993)Google Scholar
  26. 26.
    Dolev, D., Yao, A.C.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2, 198–208 (1983)CrossRefMathSciNetGoogle Scholar
  27. 27.
    Ryan, M.D., Smyth, B.: Applied pi calculus. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols. IOS Press, Amsterdam (2011)Google Scholar
  28. 28.
    Clark, J.A., Jacob, J.L.: A survey of authentication protocol literature: version 1.0 (1997).
  29. 29.
    Zhang, Q., Zhang, L., et al.: A new certified E-mail protocol based on signcrytion. J. Univ. Electron. Sci. Technol. China 37, 282–284 (2008)Google Scholar
  30. 30.
    Blanchet, B., Smyth, B.: ProVerif 1.86pl3: automatic cryptographic protocol verifier, user manual and tutorial (2011).

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Xiaofei Xie
    • 1
  • Xiaohong Li
    • 1
    Email author
  • Yang Liu
    • 2
  • Li Li
    • 3
  • Ruitao Feng
    • 1
  • Zhiyong Feng
    • 1
  1. 1.School of Computer Science and TechnologyTianjin UniversityTianjinChina
  2. 2.School of Computer EngineeringNanyang Technological UniversitySingaporeSingapore
  3. 3.School of ComputingNational University of SingaporeSingaporeSingapore

Personalised recommendations