Analyzing Security Protocols in Hierarchical Networks

  • Ye Zhang
  • Hanne Riis Nielson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4218)


Validating security protocols is a well-known hard problem even in a simple setting of a single global network. But a real network often consists of, besides the public-accessed part, several sub-networks and thereby forms a hierarchical structure. In this paper we first present a process calculus capturing the characteristics of hierarchical networks and describe the behavior of protocols on such networks. We then develop a static analysis to automate the validation. Finally we demonstrate how the technique can benefit the protocol development and the design of network systems by presenting a series of experiments we have conducted.


Model Check Hierarchical Network Attack Process Protocol Validation Process Calculus 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M.: Secrecy by typing in security protocols. Journal of the ACM 46(5), 749–786 (1999)MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Nielson, H.R.: Static validation of security protocols. Journal of Computer Security 13(3), 347–390 (2005)Google Scholar
  3. 3.
    Buchholtz, M., Nielson, H.R., Nielson, F.: A calculus for control flow analysis of security protocols. Int. J. Inf. Sec. 2(3-4), 145–167 (2004)Google Scholar
  4. 4.
    Bugliesi, M., Castagna, G., Crafa, S.: Boxed Ambients. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 38–63. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Bugliesi, M., Castagna, G., Crafa, S.: Reasoning about security in mobile ambients. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 102–120. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Burrows, M., Abadi, M., Needham, R.M.: A logic of authentication. In: SOSP, pp. 1–13 (1989)Google Scholar
  7. 7.
    Cardelli, L., Gordon, A.D.: Mobile ambients. Theor. Comput. Sci. 240(1), 177–213 (2000)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Clarke, E.M., Jha, S., Marrero, W.: Verifying security protocols with Brutus. ACM Transactions on Software Engineering and Methodology 9(4), 443–487 (2000)CrossRefGoogle Scholar
  9. 9.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Focardi, R., Gorrieri, R.: A taxonomy of security properties for process algebras. Journal of Computer Security 3(1), 5–34 (1995)Google Scholar
  11. 11.
    Gordon, A.D., Jeffrey, A.: Authenticity by typing for security protocols. Journal of Computer Security 11(4), 451–520 (2003)Google Scholar
  12. 12.
    Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Inf. Process. Lett. 56(3), 131–133 (1995)MATHCrossRefGoogle Scholar
  13. 13.
    Lowe, G.: Breaking and fixing the needham-schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  14. 14.
    Millen, J.K.: The interrogator: A tool for cryptographic protocol security. In: IEEE Symposium on Security and Privacy, pp. 134–141 (1984)Google Scholar
  15. 15.
    Nielson, F., Nielson, H.R., Hansen, R.R.: Validating firewalls using flow logics. Theor. Comput. Sci. 283(2), 381–418 (2002)MATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Nielson, F., Seidl, H., Nielson, H.R.: A succinct solver for ALFP. Nord. J. Comput. 9(4), 335–372 (2002)MATHMathSciNetGoogle Scholar
  17. 17.
    Nielson, H.R., Nielson, F.: Flow Logic: A multi-paradigmatic approach to static analysis. In: The Essence of Computation, pp. 223–244 (2002)Google Scholar
  18. 18.
    Nielson, H.R., Nielson, F., Buchholtz, M.: Security for Mobility. In: FOSAD, pp. 207–265 (2002)Google Scholar
  19. 19.
    Zhang, Y.: Static analysis for protocol validation in hierarchical networks. Master’s thesis, Technical University of Denmark (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ye Zhang
    • 1
  • Hanne Riis Nielson
    • 1
  1. 1.Informatics and Mathematical ModellingTechnical University of DenmarkKongens LyngbyDenmark

Personalised recommendations