Advertisement

Exploiting Symmetries for Testing Equivalence in the Spi Calculus

  • Ivan Cibrario B.
  • Luca Durante
  • Riccardo Sisto
  • Adriano Valenzano
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3299)

Abstract

Testing equivalence is a quite powerful way of expressing security properties of cryptographic protocols, but its formal verification is a difficult task, because it is based on the universal quantification over contexts. A technique based on state exploration to address this verification problem has been previously presented; it relies on an environment-sensitive labelled transition system (ES-LTS) and on symbolic term representation. This paper shows that such a technique can be enhanced by exploiting symmetries found in the ES-LTS structure. Experimental results show that the proposed enhancement can substantially reduce the size of the ES-LTS and that the technique as a whole compares favorably with respect to related work.

Keywords

Model Checker Canonical Representation Cryptographic Protocol State Exploration Input Event 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Gordon, A.D.: A bisimulation method for cryptographic protocols. Nordic J. Comput. 5(4), 267–303 (1998)MATHMathSciNetGoogle Scholar
  2. 2.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols the spi calculus. SRC - Research Report 149, Digital System Research Center (1998)Google Scholar
  3. 3.
    Bellare, M., Garay, J., Hauser, R., Herberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Waidner, M.: iKP - A family of secure electronic payment protocols. In: Proceedings of the 1st USENIX Workshop on Electronic Commerce, Berkeley, CA, pp. 157–166. USENIX Assoc. (1995)Google Scholar
  4. 4.
    Boreale, M., De Nicola, R., Pugliese, R.: Proof techniques for cryptographic processes. SIAM J. Comput. 31(3), 947–986 (2002)MATHCrossRefGoogle Scholar
  5. 5.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. Proceedings of the Royal Society, Series A 426, 233–271 (1871)CrossRefMathSciNetGoogle Scholar
  6. 6.
    Cibrario Bertolotti, I., Durante, L., Sisto, R., Valenzano, A.: A new knowledge representation strategy for cryptographic protocol analysis. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 284–298. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Cibrario Bertolotti, I., Durante, L., Sisto, R., Valenzano, A.: Symmetry-based reduction for testing equivalence in the spi calculus. Technical Report DAI/ARC 1-04, Politecnico di Torino (2004)Google Scholar
  8. 8.
    Clarke, E.M., Jha, S., Marrero, W.: Partial order reductions for security protocol verification. In: Schwartzbach, M.I., Graf, S. (eds.) TACAS 2000. LNCS, vol. 1785, p. 503. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Clarke, E.M., Jha, S., Marrero, W.: Verifying security protocols with Brutus. ACM Trans. Softw. Eng. Meth. 9(4), 443–487 (2000)CrossRefGoogle Scholar
  10. 10.
    Durante, L., Sisto, R., Valenzano, A.: Automatic testing equivalence verification of spi calculus specifications. ACM Trans. Softw. Eng. Meth. 12(2), 222–284 (2003)CrossRefGoogle Scholar
  11. 11.
    Fiore, M., Abadi, M.: Computing symbolic models for verifying cryptographic protocols. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW 2001), Washington, pp. 160–173. IEEE Computer Society Press, Los Alamitos (2001)CrossRefGoogle Scholar
  12. 12.
    Gnesi, S., Latella, D., Lenzini, G.: A BRUTUS logic for the Spi-Calculus. In: Proceedings of WITS 2002 (2002)Google Scholar
  13. 13.
    Jensen, K.: Coloured Petri nets: basic concepts, analysis methods and practical use. Springer, Berlin (1995)MATHGoogle Scholar
  14. 14.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  15. 15.
    Lowe, G.: Some new attacks upon security protocols. In: Proceedings of the 9th IEEE Computer Security Foundations Workshop (CSFW 1996), Washington, pp. 162–169. IEEE Computer Society Press, Los Alamitos (1996)CrossRefGoogle Scholar
  16. 16.
    Lowe, G.: Casper: a compiler for the analysis of security protocols. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW 1997), Washington, pp. 18–30. IEEE Computer Society Press, Los Alamitos (1997)CrossRefGoogle Scholar
  17. 17.
    Millen, J.K., Clark, S.C., Freedman, S.B.: The Interrogator: Protocol security analysis. IEEE Trans. Softw. Eng. 13(2), 274–288 (1987)CrossRefGoogle Scholar
  18. 18.
    Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, parts I and II. Inf. Comput. 100(1), 1–77 (1992)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(12), 993–999 (1978)MATHCrossRefGoogle Scholar
  20. 20.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Sec. 6, 85–128 (1998)Google Scholar
  21. 21.
    Schneider, S.: Verifying authentication protocols in CSP. IEEE Trans. Softw. Eng. 24(9), 741–758 (1998)CrossRefGoogle Scholar
  22. 22.
    Sistla, A.P., Gyuris, V., Emerson, E.A.: Smc: A symmetry-based model checker for verification of safety and liveness properties. ACM Trans. Softw. Eng. Meth. 9(2), 133–166 (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Ivan Cibrario B.
    • 1
  • Luca Durante
    • 1
  • Riccardo Sisto
    • 2
  • Adriano Valenzano
    • 1
  1. 1.IEIIT – CNR 
  2. 2.Dipartimento di Automatica e InformaticaPolitecnico di TorinoTorinoItaly

Personalised recommendations