Advertisement

An On-the-Fly Model-Checker for Security Protocol Analysis

  • David Basin
  • Sebastian Mödersheim
  • Luca Viganò
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2808)

Abstract

We introduce the on-the-fly model-checker OFMC, a tool that combines two methods for analyzing security protocols. The first is the use of lazy data-types as a simple way of building an efficient on-the-fly model checker for protocols with infinite state spaces. The second is the integration of symbolic techniques for modeling a Dolev-Yao intruder, whose actions are generated in a demand-driven way. We present experiments that demonstrate that our tool is state-of-the-art, both in terms of coverage and performance, and that it scales well to industrial-strength protocols.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Amadio, R., Lugiez, D.: On the reachability problem in cryptographic protocols. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 380–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    AVISPA: Automated Validation of Internet Security Protocols and Applications. FET Open Project IST-2001-39252, http://www.avispa-project.org
  3. 3.
    Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge U. Pr., New York (1998)Google Scholar
  4. 4.
    Basin, D.: Lazy infinite-state analysis of security protocols. In: Baumgart, R. (ed.) CQRE 1999. LNCS, vol. 1740, pp. 30–42. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Basin, D., Mödersheim, S., Viganò, L.: An On-The-Fly Model-Checker for Security Protocol Analysis (Extended Version). Technical Report 404, ETH Zurich, Computer Science (2003), http://www.inf.ethz.ch/research/publications/
  6. 6.
    Basin, D., Mödersheim, S., Viganò, L.: Constraint Differentiation: A New Reduction Technique for Constraint-Based Analysis of Security Protocols. Technical Report 405, ETH Zurich, Computer Science (2003), http://www.inf.ethz.ch/research/publications/
  7. 7.
    Boreale, M.: Symbolic trace analysis of cryptographic protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 667–681. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Chevalier, Y., Vigneron, L.: A Tool for Lazy Verification of Security Protocols. In: Proc. ASE 2001. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  9. 9.
    Clark, J., Jacob, J.: A Survey of Authentication Protocol Literature: Version 1.0, November 17 (1997), URL: http://www.cs.york.ac.uk/~jac/papers/drareview.ps.gz
  10. 10.
    Corin, R., Etalle, S.: An Improved Constraint-Based System for the Verification of Security Protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 326–341. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Denker, G., Millen, J., Rueß, H.: The CAPSL Integrated Protocol Environment. Technical Report SRI-CSL-2000-02, SRI International (2000)Google Scholar
  12. 12.
    Dolev, D., Yao, A.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 2(29) (1983)Google Scholar
  13. 13.
    Donovan, B., Norris, P., Lowe, G.: Analyzing a library of security protocols using Casper and FDR. In: Proc. FMSP 1999 (Formal Methods and Security Protocols) (1999)Google Scholar
  14. 14.
    Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of Bounded Security Protocols. In: Proc. FMSP 1999 (Formal Methods and Security Protocols) (1999)Google Scholar
  15. 15.
    Fábrega, F.J.T., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7, 191–230 (1999)Google Scholar
  16. 16.
    Fiore, M., Abadi, M.: Computing Symbolic Models for Verifying Cryptographic Protocols. In: Proc. CSFW 2001. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  17. 17.
    Huima, A.: Efficient infinite-state analysis of security protocols. In: Proc. FLOC 1999 Workshop on Formal Methods and Security Protocols, FMSP 1999 (1999)Google Scholar
  18. 18.
    ITU-T Recommendation H.530: Symmetric Security Procedures for H.510 (Mobility for H.323 Multimedia Systems and Services) (2002)Google Scholar
  19. 19.
    Jacquemard, F., Rusinowitch, M., Vigneron, L.: Compiling and Verifying Security Protocols. In: Parigot, M., Voronkov, A. (eds.) LPAR 2000. LNCS (LNAI), vol. 1955, pp. 131–160. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. 20.
    Lowe, G.: Casper: a Compiler for the Analysis of Security Protocols. Journal of Computer Security 6(1), 53–84 (1998)Google Scholar
  21. 21.
    Meadows, C.: Analysis of the Internet Key Exchange Protocol Using the NRL Protocol Analyzer. In: Proc. 1999 IEEE Symposium on Security and Privacy (1999)Google Scholar
  22. 22.
    Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc. CCS 2001, pp. 166–175. ACM Press, New York (2001)CrossRefGoogle Scholar
  23. 23.
    Mitchell, J.C., Mitchell, M., Stern, U.: Automated Analysis of Cryptographic Protocols Using Murphi. In: Proc. 1997 IEEE Symposium on Security and Privacy (1997)Google Scholar
  24. 24.
    Paulson, L.C.: The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security 6(1), 85–128 (1998)Google Scholar
  25. 25.
    Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modelling and Analysis of Security Protocols. Addison-Wesley, Reading (2000)Google Scholar
  26. 26.
    Song, D., Berezin, S., Perrig, A.: Athena: a novel approach to efficient automatic security protocol analysis. Journal of Computer Security 9, 47–74 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • David Basin
    • 1
  • Sebastian Mödersheim
    • 1
  • Luca Viganò
    • 1
  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland

Personalised recommendations