Towards the Automated Verification of Cyber-Physical Security Protocols: Bounding the Number of Timed Intruders

  • Vivek NigamEmail author
  • Carolyn Talcott
  • Abraão Aires Urquiza
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9879)


Timed Intruder Models have been proposed for the verification of Cyber-Physical Security Protocols (CPSP) amending the traditional Dolev-Yao intruder to obey the physical restrictions of the environment. Since to learn a message, a Timed Intruder needs to wait for a message to arrive, mounting an attack may depend on where Timed Intruders are. It may well be the case that in the presence of a great number of intruders there is no attack, but there is an attack in the presence of a small number of well placed intruders. Therefore, a major challenge for the automated verification of CPSP is to determine how many Timed Intruders to use and where should they be placed. This paper answers this question by showing it is enough to use the same number of Timed Intruders as the number of participants. We also report on some preliminary experimental results in discovering attacks in CPSP.


Intrusive Time Intruder Model Distance Bounding Protocols Strand Spaces Protocol Session 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We thank the anonymous reviewers for their valuable comments and observations. Talcott was partially supported by NSF grant CNS-1318848 and ONR grant N00014-15-1-2202. Nigam and Talcott were partially supported by Capes Science without Borders grant 88881.030357/2013-01. Nigam was partially supported by Capes and CNPq.


  1. 1.
    Arnaud, M., Cortier, V., Delaune, S.: Modeling, verifying ad hoc routing protocols. Inf. Comput. 238, 30–67 (2014). Special Issue on Security and Rewriting TechniquesMathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanović, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Basin, D.A., Capkun, S., Schaller, P., Schmidt, B.: Formal reasoning about physical properties of security protocols. ACM Trans. Inf. Syst. Secur. 14(2), 16 (2011)CrossRefGoogle Scholar
  4. 4.
    Cervesato, I.: Data access specification and the most powerful symbolic attacker in MSR. In: Okada, M., Babu, C.S., Scedrov, A., Tokuda, H. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 384–416. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Cheval, V., Cortier, V.: Timing attacks in security protocols: symbolic framework and proof techniques. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 280–299. Springer, Heidelberg (2015)Google Scholar
  6. 6.
    Chothia, T., Garcia, F.D., de Ruiter, J., van den Breekel, J., Thompson, M.: Relay cost bounding for contactless EMV payments. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 189–206. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  7. 7.
    Chothia, T., Smirnov, V.: A traceability attack against e-passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude: A High-Performance Logical Framework. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  9. 9.
    Corin, R., Etalle, S., Hartel, P.H., Mader, A.: Timed model checking of security protocols. In: FMSE. ACM (2004)Google Scholar
  10. 10.
    Cremers, C.J.F., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: IEEE Symposium on Security and Privacy, SP (2012)Google Scholar
  11. 11.
    Doghmi, S.F., Guttman, J.D., Thayer, F.J.: Searching for shapes in cryptographic protocols. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 523–537. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Doghmi, S.F., Guttman, J.D., Thayer, F.J.: Skeletons, homomorphisms, shapes, characterizing protocol executions. In: Mathematical Foundations of Program Semantics (2007)Google Scholar
  13. 13.
    Durán, F., Eker, S., Escobar, S., Martí-Oliet, N., Meseguer, J., Talcott, C.: Built-in variant generation and unification, and their applications in Maude 2.7. In: Olivetti, N., Tiwari, A. (eds.) IJCAR 2016. LNCS, vol. 9706, pp. 183–192. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-40229-1_13 CrossRefGoogle Scholar
  14. 14.
    Escobar, S., Meadows, C.A., Meseguer, J.: Maude-NPA, cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007/2008/2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Kanovich, M., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.: Discrete vs. dense times in the analysis of cyber-physical security protocols. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 259–279. Springer, Heidelberg (2015)Google Scholar
  16. 16.
    Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L.: Towards timed models for cyber-physical security protocols. Available in Nigam’s homepage (2014)Google Scholar
  17. 17.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  18. 18.
    Malladi, S., Bruhadeshwar, B., Kothapalli, K.: Automatic analysis of distance bounding protocols. CoRR, abs/1003.5383 (2010)Google Scholar
  19. 19.
    Meadows, C., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols, authentication logic analysis and collusion attacks. In: Poovendran, R., Roy, S., Wang, C. (eds.) Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks. Advances in Information Security, vol. 30, pp. 279–298. Springer, New York (2007)CrossRefGoogle Scholar
  20. 20.
    Millen, J.K.: A necessarily parallel attack. In: Workshop on Formal Methods and Security Protocols (1999)Google Scholar
  21. 21.
    Nigam, V., Talcott, C., Urquiza, A.A.: Towards the automated verification of cyber-physical security protocols, Bounding the number of timed intruders. CoRR, abs/1605.08563 (2016)Google Scholar
  22. 22.
    Nigam, V., Talcott, C., Urquiza, A.A.: (2016)
  23. 23.
    Pavlovic, D., Meadows, C.: Deriving ephemeral authentication using channel axioms. In: Security Protocols, Workshop, pp. 240–261 (2009)Google Scholar
  24. 24.
    Santiago, S., Escobar, S., Meadows, C.A., Meseguer, J.: Effective sequential protocol composition in Maude-NPA. CoRR, abs/1603.00087 (2016)Google Scholar
  25. 25.
    Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: proving security protocols correct. J. Comput. Secur. 7(1), 191–230 (1999)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Vivek Nigam
    • 1
    Email author
  • Carolyn Talcott
    • 2
  • Abraão Aires Urquiza
    • 1
  1. 1.Federal University of ParaíbaJoão PessoaBrazil
  2. 2.SRI InternationalMenlo ParkUSA

Personalised recommendations