Symbolic and Cryptographic Analysis of the Secure WS-ReliableMessaging Scenario

  • Michael Backes
  • Sebastian Mödersheim
  • Birgit Pfitzmann
  • Luca Viganò
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3921)


Web services are an important series of industry standards for adding semantics to web-based and XML-based communication, in particular among enterprises. Like the entire series, the security standards and proposals are highly modular. Combinations of several standards are put together for testing as interoperability scenarios, and these scenarios are likely to evolve into industry best practices. In the terminology of security research, the interoperability scenarios correspond to security protocols. Hence, it is desirable to analyze them for security. In this paper, we analyze the security of the new Secure WS-ReliableMessaging Scenario, the first scenario to combine security elements with elements of another quality-of-service standard. We do this both symbolically and cryptographically. The results of both analyses are positive. The discussion of actual cryptographic primitives of web services security is a novelty of independent interest in this paper.


Security Protocol Security Property Simple Object Access Protocol Symmetric Encryption Cryptographic Primitive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography: The computational soundness of formal encryption. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, pp. 3–22. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Heám, P.-C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Backes, M., Mödersheim, S., Pfitzmann, B., Viganò, L.: Symbolic and Cryptographic Analysis of the Secure WS-ReliableMessaging Scenario (Extended Version). Technical Report 502, Department of Computer Science, ETH Zurich (2006), Available at:
  4. 4.
    Backes, M., Pfitzmann, B.: Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In: Proc. 17th IEEE CSFW (2004)Google Scholar
  5. 5.
    Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations (extended abstract). In: Proc. 10th ACM CCS, January 2003, Full version in IACR Cryptology ePrint Archive 2003/015, pp. 220–230 (2003),
  6. 6.
    Backes, M., Pfitzmann, B., Waidner, M.: Symmetric authentication within a simulatable cryptographic library. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 271–290. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Backes, M., Pfitzmann, B., Waidner, M.: A general composition theorem for secure reactive systems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Basin, D., Mödersheim, S., Viganò, L.: OFMC: A Symbolic Model-Checker for Security Protocols. International Journal of Information Security 4(3), 181–208 (2005)CrossRefGoogle Scholar
  9. 9.
    Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET Purchase Protocols. Journal of Automated Reasoning (to appear)Google Scholar
  10. 10.
    Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Bellare, M., Rogaway, P.: Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient constructions. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Bhargavan, K., Corin, R., Fournet, C., Gordon, A.: Secure sessions for web services. In: Proc. ACM Workshop on Secure Web Services (SWS) (2004)Google Scholar
  13. 13.
    Bhargavan, K., Fournet, C., Gordon, A.: A semantics for web service authentication. In: Proc. 31st POPL, pp. 198–209. ACM Press, New York (2004)Google Scholar
  14. 14.
    Bhargavan, K., Fournet, C., Gordon, A.: Verifying policy-based security for web services. In: Proc. 11th ACM CCS, pp. 268–277 (2004)Google Scholar
  15. 15.
    Bhargavan, K., Fournet, C., Gordon, A., Pucella, R.: TulaFale: A security tool for web servics. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 197–222. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Proc. 14th IEEE CSFW, pp. 82–96 (2001)Google Scholar
  17. 17.
    Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Static validation of security protocols. Journal of Computer Security 13(3), 347–390 (2005)CrossRefzbMATHGoogle Scholar
  18. 18.
    Box, D., Curbera, F., et al.: Web Services Addressing (WS-Addressing) (August 2004)Google Scholar
  19. 19.
    Box, D., Ehnebuske, D., Kakivaya, G., Layman, A., Mendelsohn, N., Nielsen, H.F., Thatte, S., Winer, D.: Simple object access protocol (SOAP) 1.1 (May 2000)Google Scholar
  20. 20.
    Canetti, R., Herzog, J.: Universally composable symbolic analysis of cryptographic protocols (the case of encryption-based mutual authentication and key exchange). Cryptology ePrint Archive, Report 2004/334 (2004)Google Scholar
  21. 21.
    Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Mantovani, J., Mödersheim, S., Vigneron, L.: A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols. In: Proc. Workshop on Specification and Automated Processing of Security Requirements (SAPS 2004), pp. 193–205. Austrian Computer Society (2004)Google Scholar
  22. 22.
    Clark, J., Jacob, J.: A Survey of Authentication Protocol Literature: Version 1.0, 17 November (1997)Google Scholar
  23. 23.
    Comon-Lundh, H., Cortier, V.: Security properties: two agents are sufficient. In: Degano, P. (ed.) ESOP 2003 and ETAPS 2003. LNCS, vol. 2618, pp. 99–113. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Davis, D., Ferris, C., Gajjala, V., Gavrylyuk, K., Gudgin, M., Kaler, C., Langworthy, D., Moroney, M., Nadalin, A., Roots, J., Storey, T., Vishwanath, T., Walte, D.: Secure WS-ReliableMessaging scenarios (April 2005),
  25. 25.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Donovan, B., Norris, P., Lowe, G.: Analyzing a library of security protocols using Casper and FDR. In: Proc. Workshop on Formal Methods and Security Protocols (FMSP 1999) (1999)Google Scholar
  27. 27.
    Ferguson, D.F., Storey, T., Lovering, B., Shewchuk, J.: Secure, reliable, transacted Web Services – architecture and composition (October 2003), Available at:
  28. 28.
    Ferris, C., Langworthy, D., et al.: Web Services Reliable Messaging Protocol (WS-ReliableMessaging) (February 2005)Google Scholar
  29. 29.
    Gordon, A., Pucella, R.: Validating a web service security abstraction by typing. In: Proc. 1st ACM Workshop on XML Security, pp. 18–29 (2002)Google Scholar
  30. 30.
    Gotsman, A., Massacci, F., Pistore, M.: Towards an Independent Semantics and Verification Technology for the HLPSL Specification Language. Electronic Notes in Theoretical Computer Science 135(1), 59–77 (2005)CrossRefzbMATHGoogle Scholar
  31. 31.
    Groß, T., Pfitzmann, B., Sadeghi, A.-R.: Proving a WS-Federation Passive Requestor Profile with a Browser Model. In: Proc. ACM Workshop on Secure Web Services (SWS), pp. 54–64. ACM Press, New York (2005)Google Scholar
  32. 32.
    Gudgin, M., Nadalin, A., et al.: Web Services Secure Conversation Language (WS-SecureConversation) (February 2005)Google Scholar
  33. 33.
    Gudgin, M., Nadalin, A., et al.: Web Services Trust Language (WS-Trust (February 2005)Google Scholar
  34. 34.
    Hur, M., Johnson, R.D., Medvinsky, A., Rouskov, Y., Spellman, J., Weeden, S., Nadalin, A.: Passive Requestor Federation Interop Scenario, Version 0.4 (February 2004),
  35. 35.
    Jacquemard, F., Rusinowitch, M., Vigneron, L.: Compiling and verifying security protocols. In: Parigot, M., Voronkov, A. (eds.) LPAR 2000. LNCS (LNAI), vol. 1955, pp. 131–160. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  36. 36.
    Kaler, C., et al.: Web Services Security (WS-Security), version 1.0 (April 2002)Google Scholar
  37. 37.
    Kleiner, E., Roscoe, A.: On the relationship of traditional and Web Services Security protocols. In: Proceedings of the XXI Mathematical Foundations of Programming Semantics (MFPS 2005). Electronic Notes in Theoretical Computer Science (to appear)Google Scholar
  38. 38.
    Laud, P.: Symmetric encryption in automatic analyses for confidentiality against active adversaries. In: Proc. 25th IEEE Symposium on Security & Privacy, pp. 71–85 (2004)Google Scholar
  39. 39.
    Lowe, G.: A hierarchy of authentication specifications. In: Proc. 10th IEEE CSFW, pp. 31–43 (1997)Google Scholar
  40. 40.
    Micciancio, D., Warinschi, B.: Soundness of formal encryption in the presence of active adversaries. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 133–151. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  41. 41.
    Song, D., Berezin, S., Perrig, A.: Athena: a novel approach to efficient automatic security protocol analysis. Journal of Computer Security 9, 47–74 (2001)CrossRefGoogle Scholar
  42. 42.
    Turuani, M.: Sécurité des Protocoles Cryptographiques: Décidabilité et Complexité. Phd, Université Henri Poincaré, Nancy (December 2003)Google Scholar
  43. 43.
    Viganò, L.: Automated Security Protocol Analysis with the AVISPA Tool. In: In Proceedings of the XXI Mathematical Foundations of Programming Semantics (MFPS 2005). Electronic Notes in Theoretical Computer Science (to appear)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Michael Backes
    • 1
  • Sebastian Mödersheim
    • 2
  • Birgit Pfitzmann
    • 1
  • Luca Viganò
    • 2
  1. 1.IBM Zurich Research LabSwitzerland
  2. 2.Information Security GroupETH ZurichSwitzerland

Personalised recommendations