A State-Exploration Technique for Spi-Calculus Testing-Equivalence Verification

  • Luca Durante
  • Riccardo Sisto
  • Adriano Valenzano
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 55)


Several verification techniques based on theorem proving have been developed for the verification of security properties of cryptographic protocols specified by means of the spi calculus. However, to be used successfully, such powerful techniques require skilled users. Here we introduce a different technique which can overcome this drawback by allowing users to carry out the verification task in a completely automatic way. It is based on the definition of an extended labeled transition system, where transitions are labeled by means of the new knowledge acquired by the external environment as the result of the related events. By means of bounding the replication of parallel processes to a finite number, and by using an abstract representation of all explicitly allowed values in interactions between the spi process and the environment, the number of states and transitions remains finite and tractable, thus enabling the use of state-space exploration techniques for performing verification automatically.


Spi Calculus Cryptographic Protocols Testing Equivalence. 


  1. [1]
    M. Abadi, and A. D. Gordon, “A Calculus for Cryptographic Protocols The Spi Calculus”, Digital Research Report, vol. 149, January 1998, pp. 1–110.MATHGoogle Scholar
  2. [2]
    M. Abadi, and A. D. Gordon, “A bisimulation method for cryptographic protocols”, Nordic Journal of Computing,Vol. 5, pp. 267–303, 1998. 170 L. Durante, R. Sisto and A. Valenzano Google Scholar
  3. [3]
    M. Boreale, R. De Nicola, and R. Pugliese, “Proof Techniques for Cryptographic Processes”, Proc. of the 14th IEEE Symposium Logic In Computer Science (LICS’99), IEEE Computer Society Press, pp. 157–166, 1999.Google Scholar
  4. [4]
    G. Lowe, “Breaking and fixing the Needham-Schroeder public-key protocol using FDR”, Proc. of TACAS’97, Springer LNCS 1055, 1996.Google Scholar
  5. [5]
    G.Lowe, “Casper: a compiler for the analysis of security protocols”, Proc. of 1996 IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, 1996.Google Scholar
  6. [6]
    G. Lowe, B. Roscoe, “Using CSP to Detect Errors in the TMN Protocol”, IEEE Transactions on Software Engineering, Vol. SE-23, No. 10, pp. 659–669, October 1997.Google Scholar
  7. [7]
    J. K. Millen, S. C. Clark, and S. B. Freedman, “The Interrogator: Protocol Security Analysis”, IEEE Transactions on Software Engineering, Vol. SE-13, No. 2, pp. 274–288, February 1987.Google Scholar
  8. [8]
    G. Leduc, O. Bonaventure, L. Léonard, E. Koerner, and C. Pecheur, “Model-Based Verification of a Security Protocol for Conditional Access to Services”, Formal Methods in System Design, Vol. 14, No. 2, pp. 171–191, March 1999.CrossRefGoogle Scholar
  9. [9]
    R. Milner, J. Parrow, and D. Walker, “A Calculus of mobile processes, parts I and II”, Information and Computation, pages 1–40 and 41–77, September 1992.Google Scholar
  10. [10]
    L. C. Paulson, “The inductive approach to verifying cryptographic protocols”, Journal of Computer Security, Vol. 6, pp. 85–128, 1998.Google Scholar
  11. [11]
    S. Schneider, “Verifying Authentication Protocols in CSP”, IEEE Transactions on Software Engineering, Vol. SE-24, No. 9, pp. 741–758, September 1998.Google Scholar
  12. [12]
    L. Durante, R. Sisto, and A. Valenzano, “A state-exploration technique for spi-calculus testing equivalence verification”, Technical Report DAI/ARC 1–00, Politecnico di Torino, Italy, 2000.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2000

Authors and Affiliations

  • Luca Durante
    • 1
  • Riccardo Sisto
    • 1
  • Adriano Valenzano
    • 2
  1. 1.Dipartimento di Automatica e InformaticaPolitecnico di TorinoTorinoItaly
  2. 2.Istituto di Ricerca sull’Ingegneria delle Telecomunicazioni e dell’InformazionePolitecnico di TorinoTorinoItaly

Personalised recommendations