Formal Analysis of Combinations of Secure Protocols

  • Elliott Blot
  • Jannik DreierEmail author
  • Pascal Lafourcade
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10723)


When trying to prove the security of a protocol, one usually analyzes the protocol in isolation, i.e., in a network with no other protocols. But in reality, there will be many protocols operating on the same network, maybe even sharing data including keys, and an intruder may use messages of one protocol to break another. We call that a multi-protocol attack. In this paper, we try to find such attacks using the Tamarin prover. We analyze both examples that were previously analyzed by hand or using other tools, and find novel attacks.


  1. 1.
    Abadi, M., Needham, R.: Prudent engineering practice for cryptographic protocols. IEEE Trans. Softw. Eng. 22(1), 6–15 (1996)CrossRefGoogle Scholar
  2. 2.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005). CrossRefGoogle Scholar
  3. 3.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations, CSFW 2001, Washington, DC, USA, pp. 82–96. IEEE Computer Society (2001)Google Scholar
  4. 4.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990)CrossRefzbMATHGoogle Scholar
  5. 5.
    Buttyan, L., Staamann, S., Wilhelm, U.: A simple logic for authentication protocol design. In: 11th IEEE Computer Security Foundations Workshop, pp. 153–162. IEEE Computer Society Press (1998)Google Scholar
  6. 6.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (2000).
  7. 7.
    Clark, J., Jacob, J.: A survey of authentication protocol literature: version 1.0 (1997)Google Scholar
  8. 8.
    Clark, J.A., Jacob, J.: On the security of recent protocols. Inf. Process. Lett. 56(3), 151–155 (1995)CrossRefzbMATHGoogle Scholar
  9. 9.
    C. Cremers. Feasibility of multi-protocol attacks. In: Proceedings of the First International Conference on Availability, Reliability and Security (ARES), Vienna, Austria, pp. 287–294. IEEE Computer Society (2006)Google Scholar
  10. 10.
    Cremers, C., Mauw, S.: Security properties. In: Operational Semantics and Verification of Security Protocols. ISC, pp. 37–65. Springer, Heidelberg (2012).
  11. 11.
    Cremers, C., Mauw, S., de Vink, E.: Injective synchronisation: an extension of the authentication hierarchy. Theor. Comput. Sci. 367(1), 139–161 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Cremers, C.J.: Unbounded verification, falsification, and characterization of security protocols by pattern refinement. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 119–128. ACM, New York (2008)Google Scholar
  13. 13.
    Denning, D.E., Sacco, G.M.: Timestamps in key distribution protocols. Commun. ACM 24(8), 533–536 (1981)CrossRefGoogle Scholar
  14. 14.
    Durgin, N.A., Mitchell, J.C., Pavlovic, D.: A compositional logic for proving security properties of protocols. J. Comput. Secur. 11(4), 677–722 (2003)CrossRefGoogle Scholar
  15. 15.
    Elliott, B., Dreier, J., Lafourcade, P.: Formal Analysis of Combinations of Secure Protocols (Extended Version). Technical report (2017).
  16. 16.
    Hwang, T., Chen, Y.-H.: On the security of SPLICE/AS - the authentication system in WIDE internet. Inf. Process. Lett. 53(2), 97–101 (1995)CrossRefzbMATHGoogle Scholar
  17. 17.
    Kao, I.-L., Chow, R.: An efficient and secure authentication protocol using uncertified keys. SIGOPS Oper. Syst. Rev. 29(3), 14–21 (1995)CrossRefGoogle Scholar
  18. 18.
    Kelsey, J., Schneier, B., Wagner, D.: Protocol interactions and the chosen protocol attack. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 91–104. Springer, Heidelberg (1998). CrossRefGoogle Scholar
  19. 19.
    Lowe, G.: An attack on the needham-schroeder public-key authentication protocol. Inf. Process. Lett. 56(3), 131–133 (1995)CrossRefzbMATHGoogle Scholar
  20. 20.
    Lowe, G.: A hierarchy of authentication specification. In: 10th Computer Security Foundations Workshop (CSFW 1997), 10–12 June 1997, Rockport, Massachusetts, USA, pp. 31–44. IEEE Computer Society (1997)Google Scholar
  21. 21.
    Lowe, G.: Towards a completeness result for model checking of security protocols. J. comput. secur. 7(2–3), 89–146 (1999)CrossRefGoogle Scholar
  22. 22.
    Mathuria, A., Singh, A.R., Shravan, P.V., Kirtankar, R.: Some new multi-protocol attacks. In: Proceedings of the 15th International Conference on Advanced Computing and Communications, ADCOM 2007, Washington, DC, USA, pp. 465–471. IEEE Computer Society (2007)Google Scholar
  23. 23.
    Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  24. 24.
    Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)CrossRefzbMATHGoogle Scholar
  25. 25.
    Needham, R.M., Schroeder, M.D.: Authentication revisited. SIGOPS Oper. Syst. Rev. 21(1), 7 (1987)CrossRefGoogle Scholar
  26. 26.
    Perrig, A., Song, D.: Looking for diamonds in the desert - extending automatic protocol generation to three-party authentication and key agreement protocols. In: Proceedings of the 13th IEEE Workshop on Computer Security Foundations, CSFW 2000, Washington, DC, USA, pp. 64–76. IEEE Computer Society (2000)Google Scholar
  27. 27.
    Song, D.X., Berezin, S., Perrig, A.: Athena: a novel approach to efficient automatic security protocol analysis. J. Comput. Secur. 9(1–2), 47–74 (2001)CrossRefGoogle Scholar
  28. 28.
    Woo, T.Y.C., Lam, S.S.: A lesson on authentication protocol design. SIGOPS Oper. Syst. Rev. 28(3), 24–37 (1994)CrossRefGoogle Scholar
  29. 29.
    Yamaguchi, S., Okayama, K., Miyahara, H.: The design and implementation of an authentication system for the wide area distributed environment. IEICE Trans. Inf. Syst. 74(11), 3902–3909 (1991)Google Scholar
  30. 30.
    Zhou, H., Foley, S.N.: Fast automatic synthesis of security protocols using backward search. In: Proceedings of the 2003 ACM Workshop on Formal Methods in Security Engineering, FMSE 2003, pp. 1–10. ACM, New York (2003)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Elliott Blot
    • 1
  • Jannik Dreier
    • 2
    Email author
  • Pascal Lafourcade
    • 1
  1. 1.LIMOSUniversity Clermont AuvergneClermont-FerrandFrance
  2. 2.LORIA, Université de Lorraine, INRIA, CNRSNancyFrance

Personalised recommendations