Skip to main content
SpringerLink
Log in
Book cover

International Static Analysis Symposium

SAS 2002: Static Analysis pp 326–341Cite as

An Improved Constraint-Based System for the Verification of Security Protocols

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2477))

Abstract

We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov [30]. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect flaws associated to partial runs and (3) a more expressive syntax, in which a principal may also perform explicit checks. In this paper we also show why these improvements yield a more effective and practical system.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Abadi and B. Blanchet. Secrecy types for asymmetric communication. In F. Honsel and M. Miculan, editors, Proc. Foundation of Software Science and Computation Structures (FoSSaCS 2001), volume 2030 of LNCS, pages 25–41. Springer-Verlag, 2001.

    Chapter  Google Scholar 

  2. M. Abadi and B. Blanchet. Analyzing Security Protocols with Secrecy Types and Logic Programs. In 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2002), pages 33–44, Portland, Oregon, 2002. ACM Press.

    Google Scholar 

  3. L. C. Aiello and F. Massacci. Verifying security protocols as planning in logic programming. Transactions on Computational Logic, 2(4):542–580, 2001.

    Article  MathSciNet  Google Scholar 

  4. K. R. Apt. From Logic Programming to Prolog. International Series in Computer Science. Prentice Hall, 1997.

    Google Scholar 

  5. D. Basin. Lazy infinite-state analysis of security protocols. In R. Baumgart, editor, Secure Networking-CQRE (Secure)’ 99, International Exhibition and Congress, volume 1740 of LNCS, pages 30–42. Springer-Verlag, 1999.

    Chapter  Google Scholar 

  6. G. Bella and L. C. Paulson. Kerberos version IV: Inductive analysis of the secrecy goals. In J.-J. Quisquater, editor, Proc. 5th European Symposium on Research in Computer Security, volume 1485 of LNCS, pages 361–375, Louvain-la-Neuve, Belgium, 1998. Springer-Verlag.

    Google Scholar 

  7. B. Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In S. Schneider, editor, Proc. 14th IEEE Computer Security Foundations Workshop, 2001.

    Google Scholar 

  8. M. Boreale. Symbolic trace analysis of cryptographic protocols. In 28th Colloquium on Automata, Languages and Programming (ICALP), LNCS, pages 667–681. Springer-Verlag, 2001.

    Chapter  Google Scholar 

  9. M. Bozzano. Ensuring security through model checking in a logical environment (preliminary results). In G. Delzanno, S. Etalle, and M. Gabbrielli, editors, Proc. Workshop on Specification, Analysis and Validation for Emerging Technologies (SAVE01), 2001.

    Google Scholar 

  10. M. Burrows, M. Abadi, and R. Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18–36, 1990.

    Article  Google Scholar 

  11. I. Cervesato, N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. A meta-notation for protocol analysis. In PCSFW: Proc. 12th Computer Security Foundations Workshop, pages 55–69. IEEE Computer Society Press, 1999.

    Google Scholar 

  12. I. Cervesato, N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. Relating strands and multiset rewriting for security protocol analysis. In PCSFW: Proc. 13th Computer Security Foundations Workshop, pages 35–51. IEEE Computer Society Press, 2000.

    Google Scholar 

  13. Y. Chevalier, F. Jacquemard, M. Rusinowitch, M. Turuani, and L. Vigneron. CASRUL web site. http://www.loria.fr/equipes/protheo/SOFTWARES/CASRUL/.

  14. Y. Chevalier and L. Vigneron. A tool for lazy verification of security protocols. In Proc. 16th IEEE International Conference Automated Software Engineering, 2001.

    Google Scholar 

  15. Y. Chevalier and L. Vigneron. Towards efficient automated verification of security protocols. In Proc. VERIF01, Verification Workshop in conjunction with IJCAR, pages 19–33, 2001.

    Google Scholar 

  16. J. Clark and J. Jacob. A survey of authentication protocol literature: Version 1.0. http://www.cs.york.ac.uk/jac/papers/drareview.ps.gz, 1997.

  17. G. Delzanno and S. Etalle. Proof theory, transformations, and logic programming for debugging security protocols. In A. Pettorossi, editor, Proc. Eleventh International Workshop on Logic Program Synthesis and Transformation-LOP STR 2001, LNCS, pages 76–91. Springer-Verlag, 2002.

    Google Scholar 

  18. G. Denker, J. Meseguer, and C. Talcott. Protocol specification and analysis in Maude. In N. Heintze and J. Wing, editors, In Proc. of Workshop on Formal Methods and Security Protocols, 1998.

    Google Scholar 

  19. D. Dolev and A. C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198–208, 1983.

    Article  MATH  MathSciNet  Google Scholar 

  20. M. Fiore and M. Abadi. Computing symbolic models for verifying cryptographic protocols, 2001.

    Google Scholar 

  21. J.C. Herzog F.T. Fabrega and J.D. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of The 1998 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1998.

    Google Scholar 

  22. A. Huima. Efficient infinite-state analysis of security protocols. In Proc. Workshop Formal Methods and Security Protocols (FLOC 1999), 1999.

    Google Scholar 

  23. F. Jacquemard, M. Rusinowitch, and L. Vigneron. Compiling and verifying security protocols. In M. Parigot and A. Vonkorov, editors, Proc. LPAR: International Conference on Logic for Programming and Automated Reasoning, number 1995 in LNCS, pages 131–160. Springer-Verlag, 2000.

    Chapter  Google Scholar 

  24. J. W. Lloyd. Foundations of Logic Programming. Symbolic Computation-Artificial Intelligence. Springer-Verlag, Berlin, 1987. Second edition.

    MATH  Google Scholar 

  25. G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 1055, pages 147–166. Springer-Verlag, Berlin Germany, 1996.

    Google Scholar 

  26. G. Lowe. Some new attacks upon security protocols. In PCSFW: Proceedings of The 9th Computer Security Foundations Workshop. IEEE Computer Society Press, 1996.

    Google Scholar 

  27. G. Lowe. Casper: A compiler for the analysis of security protocols. In Proc. 10th IEEE Computer Security Foundations Workshop (CSFW’ 97), pages 18–30. IEEE, 1997.

    Google Scholar 

  28. C. Meadows. Formal verification of cryptographic protocols: A survey. In J. Pieprzyk and R. Safavi-Naini, editors, Advances in Cryptology-ASIACRYPT’ 94, LNCS, pages 133–150. Springer-Verlag, 1995.

    Chapter  Google Scholar 

  29. C. Meadows. The NRL protocol analyzer: An overview. Journal of Logic Programming, 26(2):113–131, 1996.

    Article  MATH  Google Scholar 

  30. J. Millen and V. Shmatikov. Constraint solving for bounded-process cryptographic protocol analysis. In Proc. 2001 ACM Conference on Computer and Communication Security, pages 166–175. ACM press, 2001.

    Google Scholar 

  31. J. K. Millen, S. C. Clark, and S. B. Freedman. The Interrogator: Protocol security analysis. IEEE Transactions on Software Engineering, 13(2):274–288, February 1987. Special Issue on Computer Security and Privacy.

    Google Scholar 

  32. J. C. Mitchell, M. Mitchell, and U. Stern. Automated analysis of cryptographic protocols using murø. In Proceedings of the 1997 Conference on Security and Privacy, pages 141–153. IEEE Press, 1997.

    Google Scholar 

  33. L. C. Paulson. Mechanized proofs of security protocols: Needham-Schroeder with public keys. Technical Report 413, University of Cambridge, Computer Laboratory, January 1997.

    Google Scholar 

  34. L. C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85–128, 1998.

    Google Scholar 

  35. A. W. Roscoe. Modelling and verifying key-exchange protocols using CSP and FDR. In IEEE Symposium on Foundations of Secure Systems, 1995.

    Google Scholar 

  36. A. W. Roscoe. The Theory and Practice of Concurrency. Prentice-Hall, 1999.

    Google Scholar 

  37. M. Rusinowitch and M. Turuani. Protocol insecurity with finite number of sessions is np-complete. In S. Schneider, editor, Proc. 14th IEEE Computer Security Foundations Workshop, 2001.

    Google Scholar 

  38. P. Ryan, S. Schneider, M. Goldsmith, G. Lowe, and B. Roscoe. Modelling and analysis of security protocols, 2001.

    Google Scholar 

  39. D. X. Song, S. Berezin, and A. Perrig. Athena: A novel approach to efficient automatic security protocol analysis. Journal of Computer Security, 9(1/2):47–74, 2001.

    Google Scholar 

  40. T.Y.C. Woo and S. S. Lam. A lesson on authenticated protocol design. Operating Systems Review, 28(3):24–37, 1994.

    Article  Google Scholar 

  41. J. Zhou and D. Gollmann. An efficient non-repudiation protocol. In Proceedings of the 10th Computer Security Foundations Workshop (CSFW’ 97), pages 126–132, 1997.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science, University of Twente, P.O.Box 217, 7500AE, Enschede, The Netherlands

    Ricardo Corin & Sandro Etalle

  2. Center for Mathematics and Computer Science, CWI, Amsterdam

    Sandro Etalle

Authors
  1. Ricardo Corin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sandro Etalle
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science Facultad de Informática, Technical University of Madrid, Campus de Montegancedo, 28660, Boadilla del Monte, Madrid, Spain

    Manuel V. Hermenegildo  & Germán Puebla  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Corin, R., Etalle, S. (2002). An Improved Constraint-Based System for the Verification of Security Protocols. In: Hermenegildo, M.V., Puebla, G. (eds) Static Analysis. SAS 2002. Lecture Notes in Computer Science, vol 2477. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45789-5_24

Download citation

  • DOI: https://doi.org/10.1007/3-540-45789-5_24

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44235-6

  • Online ISBN: 978-3-540-45789-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation