Analyzing Protocol Security Through Information-Flow Control

  • N. V. Narendra KumarEmail author
  • R. K. Shyamasundar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10109)


Security protocols are essential for establishing trust in electronic transactions over open networks. Currently used languages/logics for protocol specifications do not facilitate/force the designer to make explicit goals, intentional assumptions or the preceding history across interactions among the stakeholders. This has resulted in gaps in specifications which in turn have led to problems such as: (i) inefficient/non-optimal protocol designs, (ii) incompatible theoretical attacks discovered by analyzers due to different threat models and (iii) faulty or insecure implementations due to insufficient guidelines for the implementer. We have recently developed the readers-writers flow model (RWFM) that has several benefits, including simple and intuitive labels. In this paper, we demonstrate that the problem of incomplete protocol specification can be overcome by enriching them with labels from RWFM, which make explicit the assumptions and goals at each stage of the protocol. In particular, we use readers and writers as labels for data objects and roles for tracking information flows in a protocol that makes explicit the construction of new messages from components of previous messages and also the knowledge of roles at various stages. We illustrate our approach and demonstrate its advantages in comparison to prominent specification languages in the literature by using the example of Needham-Schroeder public key protocol. Further, we argue how the proposed approach leads to a robust protocol specification language including security/cryptographic protocols that shall be of immense aid to the designer, user and the implementer of protocols.


Security protocols Formal methods Information-flow security 


  1. 1.
    Abadi, M., Needham, R.: Prudent engineering practice for cryptographic protocols. IEEE Trans. Softw. Eng. 22(1), 6–15 (1996). CrossRefGoogle Scholar
  2. 2.
    Abadi, M.: Security protocols and their properties. In: Foundations of Secure Computation, NATO Science Series, pp. 39–60. IOS Press (2000)Google Scholar
  3. 3.
    Anderson, R., Needham, R.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 236–247. Springer, Heidelberg (1995). doi: 10.1007/3-540-44750-4_19. Google Scholar
  4. 4.
    Aura, T.: Strategies against replay attacks. In: Proceedings of the 10th Computer Security Foundations Workshop, 1997, pp. 59–68, June 1997Google Scholar
  5. 5.
    Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998). doi: 10.1007/BFb0055716. Google Scholar
  6. 6.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13(4), 850–864 (1984). MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S.P., Anderson, R.J.: Chip and skim: cloning EMV cards with the pre-play attack. CoRR abs/1209.2531 (2012)Google Scholar
  8. 8.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990). CrossRefzbMATHGoogle Scholar
  9. 9.
    Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A., Walstad, C.: Formalanalysis of Kerberos 5. Theor. Comput. Sci. 367(12), 57–87 (2006)., Automated Reasoning for Security Protocol AnalysisMathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    DeMillo, R.A., Lynch, N.A., Merritt, M.J.: Cryptographic protocols. In: Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, STOC 1982, pp. 383–400. ACM, New York (1982)
  11. 11.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Denning, D.E., Sacco, G.M.: Timestamps in key distribution protocols. Commun. ACM 24(8), 533–536 (1981). CrossRefGoogle Scholar
  13. 13.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Inf. Process. Lett. 56(3), 131–133 (1995). CrossRefzbMATHGoogle Scholar
  15. 15.
    Murdoch, S., Drimer, S., Anderson, R., Bond, M.: Chip and pin is broken. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 433–446, May 2010Google Scholar
  16. 16.
    Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). CrossRefzbMATHGoogle Scholar
  17. 17.
    Narendra Kumar, N.V., Shyamasundar, R.K.: Realizing purpose-based privacy policies succinctly via information-flow labels. In: 4th IEEE BDCloud, pp. 753–760. IEEE (2014)Google Scholar
  18. 18.
    Narendra Kumar, N.V., Shyamasundar, R.K.: POSTER: dynamic labelling for analyzing security protocols. In: 22nd ACM CCS, pp. 1665–1667 (2015)Google Scholar
  19. 19.
    Roscoe, A.W.: Intensional specifications of security protocols. In: Proceedings of the 9th IEEE Computer Security Foundations Workshop, 1996, pp. 28–38, June 1996Google Scholar
  20. 20.
    Syverson, P.: Limitations on design principles for public key protocols. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996, pp. 62–72, May 1996Google Scholar
  21. 21.
    Wagner, D., Schneier, B.: Analysis of the SSL 3.0 protocol. In: Proceedings of the 2nd Conference on Proceedings of the Second USENIX Workshop on Electronic Commerce, vol. 2. WOEC 1996 (1996)Google Scholar
  22. 22.
    Woo, T.Y.C., Lam, S.S.: A lesson on authentication protocol design. SIGOPS Oper. Syst. Rev. 28(3), 24–37 (1994). CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringIndian Institute of Technology BombayMumbaiIndia

Personalised recommendations