A State-Exploration Technique for Spi-Calculus Testing-Equivalence Verification
Several verification techniques based on theorem proving have been developed for the verification of security properties of cryptographic protocols specified by means of the spi calculus. However, to be used successfully, such powerful techniques require skilled users. Here we introduce a different technique which can overcome this drawback by allowing users to carry out the verification task in a completely automatic way. It is based on the definition of an extended labeled transition system, where transitions are labeled by means of the new knowledge acquired by the external environment as the result of the related events. By means of bounding the replication of parallel processes to a finite number, and by using an abstract representation of all explicitly allowed values in interactions between the spi process and the environment, the number of states and transitions remains finite and tractable, thus enabling the use of state-space exploration techniques for performing verification automatically.
KeywordsSpi Calculus Cryptographic Protocols Testing Equivalence.
- M. Abadi, and A. D. Gordon, “A bisimulation method for cryptographic protocols”, Nordic Journal of Computing,Vol. 5, pp. 267–303, 1998. 170 L. Durante, R. Sisto and A. Valenzano Google Scholar
- M. Boreale, R. De Nicola, and R. Pugliese, “Proof Techniques for Cryptographic Processes”, Proc. of the 14th IEEE Symposium Logic In Computer Science (LICS’99), IEEE Computer Society Press, pp. 157–166, 1999.Google Scholar
- G. Lowe, “Breaking and fixing the Needham-Schroeder public-key protocol using FDR”, Proc. of TACAS’97, Springer LNCS 1055, 1996.Google Scholar
- G.Lowe, “Casper: a compiler for the analysis of security protocols”, Proc. of 1996 IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, 1996.Google Scholar
- G. Lowe, B. Roscoe, “Using CSP to Detect Errors in the TMN Protocol”, IEEE Transactions on Software Engineering, Vol. SE-23, No. 10, pp. 659–669, October 1997.Google Scholar
- J. K. Millen, S. C. Clark, and S. B. Freedman, “The Interrogator: Protocol Security Analysis”, IEEE Transactions on Software Engineering, Vol. SE-13, No. 2, pp. 274–288, February 1987.Google Scholar
- R. Milner, J. Parrow, and D. Walker, “A Calculus of mobile processes, parts I and II”, Information and Computation, pages 1–40 and 41–77, September 1992.Google Scholar
- L. C. Paulson, “The inductive approach to verifying cryptographic protocols”, Journal of Computer Security, Vol. 6, pp. 85–128, 1998.Google Scholar
- S. Schneider, “Verifying Authentication Protocols in CSP”, IEEE Transactions on Software Engineering, Vol. SE-24, No. 9, pp. 741–758, September 1998.Google Scholar
- L. Durante, R. Sisto, and A. Valenzano, “A state-exploration technique for spi-calculus testing equivalence verification”, Technical Report DAI/ARC 1–00, Politecnico di Torino, Italy, 2000.Google Scholar