Skip to main content
SpringerLink
Log in

A Multiset Rewriting Model for Specifying and Verifying Timing Aspects of Security Protocols

  • Chapter
  • First Online:
Foundations of Security, Protocols, and Equational Reasoning

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11565))

Abstract

Catherine Meadows has played an important role in the advancement of formal methods for protocol security verification. Her insights on the use of, for example, narrowing and rewriting logic has made possible the automated discovery of new attacks and the shaping of new protocols. Meadows has also investigated other security aspects, such as, distance-bounding protocols and denial of service attacks. We have been greatly inspired by her work. This paper describes the use of Multiset Rewriting for the specification and verification of timing aspects of protocols, such as network delays, timeouts, timed intruder models and distance-bounding properties. We detail these timed features with a number of examples and describe decidable fragments of related verification problems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Indeed, it was Cathy that suggested us to investigate DB protocols.

  2. 2.

    For simplicity, we ammended only the initiator role, Alice, with a timeout. Since Lowe attack is an attack against both Alice and Bob, the protocol could similary be enhanced with another timeout in the reponder role that would additionally enable Bob to detect that something is wrong.

  3. 3.

    Substitution application (\(\mathcal {S}\theta \)) is defined as usual [11], i.e., by mapping time variables in \(\mathcal {S}\) to non-negative real numbers, nonce names to nonce names (renaming of nonces) and term variables to terms.

  4. 4.

    Instead of such fixed connections of agents to particular channels it is possible to represent agents establishing or dropping connections by additional rules in the model.

  5. 5.

    In our generalization of protocol theories we might omit the condition \(i \le j\) that was the condition in [10] forcing that protocols proceed in execution.

References

  1. Alturki, M.A., Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Statistical model checking of distance fraud attacks on the Hancke-Kuhn family of protocols. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 60–71. ACM (2018)

    Google Scholar 

  2. Basin, D.A., Capkun, S., Schaller, P., Schmidt, B.: Formal reasoning about physical properties of security protocols. ACM Trans. Inf. Syst. Secur. 14(2), 16 (2011)

    Article  Google Scholar 

  3. Bella, G., Paulson, L.C.: Kerberos version IV: inductive analysis of the secrecy goals. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 361–375. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055875

    Chapter  Google Scholar 

  4. Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_30

    Chapter  Google Scholar 

  5. Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: CSFW, pp. 55–69 (1999)

    Google Scholar 

  6. Cheval, V., Cortier, V.: Timing attacks in security protocols: symbolic framework and proof techniques. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 280–299. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7_15

    Chapter  Google Scholar 

  7. Chothia, T., Smirnov, V.: A traceability attack against e-passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_5

    Chapter  Google Scholar 

  8. Cremers, C., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance Hijacking attacks on distance bounding protocols. In: 2012 IEEE Symposium on Security and Privacy, pp. 113–127 (2012). https://doi.org/10.1109/SP.2012.17

  9. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  10. Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12(2), 247–311 (2004)

    Article  Google Scholar 

  11. Enderton, H.B.: A Mathematical Introduction to Logic. Academic Press, Cambridge (1972)

    MATH  Google Scholar 

  12. Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007–2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_1

    Chapter  MATH  Google Scholar 

  13. Evans, N., Schneider, S.: Analysing time dependent security properties in CSP using PVS. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 222–237. Springer, Heidelberg (2000). https://doi.org/10.1007/10722599_14

    Chapter  Google Scholar 

  14. Gorrieri, R., Locatelli, E., Martinelli, F.: A simple language for real-time cryptographic protocol analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 114–128. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36575-3_9. http://dl.acm.org/citation.cfm?id=1765712.1765723

    Chapter  Google Scholar 

  15. Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SECURECOMM 2005, pp. 67–73 (2005). https://doi.org/10.1109/SECURECOMM.2005.56

  16. Jakubowska, G., Penczek, W.: Modelling and checking timed authentication of security protocols. Fundamenta Informaticae 79(3–4), 363–378 (2007)

    MathSciNet  MATH  Google Scholar 

  17. Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A.: Bounded memory Dolev-Yao adversaries in collaborative systems. Inf. Comput. 238, 233–261 (2014)

    Article  MathSciNet  Google Scholar 

  18. Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Compliance in real time multiset rewriting models. https://arxiv.org/abs/1811.04826

  19. Kanovich, M., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.: Discrete vs. dense times in the analysis of cyber-physical security protocols. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 259–279. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7_14

    Chapter  Google Scholar 

  20. Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Can we mitigate the attacks on distance-bounding protocols by using challenge-response rounds repeatedly? In: FCS (2016)

    Google Scholar 

  21. Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Timed multiset rewriting and the verification of time-sensitive distributed systems. In: Fränzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 228–244. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44878-7_14

    Chapter  MATH  Google Scholar 

  22. Kanovich, M., Rowe, P., Scedrov, A.: Policy compliance in collaborative systems. In: Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium, CSF 2009, pp. 218–233. IEEE Computer Society, Washington, DC (2009). https://doi.org/10.1109/CSF.2009.19

  23. Kanovich, M.I., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.L.: Towards timed models for cyber-physical security protocols (2014). Available in Nigam’s homepage

    Google Scholar 

  24. Kanovich, M.I., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.L.: Time, computational complexity, and probability in the analysis of distance-bounding protocols. J. Comput. Secur. 25(6), 585–630 (2017). https://doi.org/10.3233/JCS-0560

    Article  MATH  Google Scholar 

  25. Kanovich, M.I., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.L., Perovic, R.: A rewriting framework and logic for activities subject to regulations. Math. Struct. Comput. Sci. 27(3), 332–375 (2017). https://doi.org/10.1017/S096012951500016X

    Article  MathSciNet  MATH  Google Scholar 

  26. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: TACAS, pp. 147–166 (1996)

    Google Scholar 

  27. Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Program. 26(2), 113–131 (1996). https://doi.org/10.1016/0743-1066(95)00095-X. http://www.sciencedirect.com/science/article/pii/074310669500095X

    Article  MATH  Google Scholar 

  28. Meadows, C.: A cost-based framework for analysis of denial of service in networks. J. Comput. Secur. 9(1–2), 143–164 (2001). http://dl.acm.org/citation.cfm?id=374742.374757

    Article  Google Scholar 

  29. Meadows, C.A., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols: authentication logic analysis and collusion attacks. In: Poovendran, R., Roy, S., Wang, C. (eds.) Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks. ADIS, vol. 30, pp. 279–298. Springer, Boston (2007). https://doi.org/10.1007/978-0-387-46276-9_12

    Chapter  Google Scholar 

  30. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). https://doi.org/10.1145/359657.359659

    Article  MATH  Google Scholar 

  31. Nigam, V., Talcott, C., Aires Urquiza, A.: Towards the automated verification of cyber-physical security protocols: bounding the number of timed intruders. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part II. LNCS, vol. 9879, pp. 450–470. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_23

    Chapter  Google Scholar 

  32. Pavlovic, D., Meadows, C.: Bayesian authentication: quantifying security of the Hancke-Kuhn protocol. Electron. Notes Theoret. Comput. Sci. 265, 97–122 (2010)

    Article  MathSciNet  Google Scholar 

  33. Rowe, P.: Policy compliance, confidentiality and complexity in collaborative systems. Ph.D. thesis. University of Pennsylvania (2009)

    Google Scholar 

Download references

Acknowledgments

We thank Cathy for her inspiring work, insightful and motivating discussions and for her friendship. Part of this work was done during the visits to the University of Pennsylvania by Alturki, Ban Kirigin, Kanovich, Nigam, and Talcott, which were partially supported by ONR and by the University of Pennsylvania. Ban Kirigin is supported in part by the Croatian Science Foundation under the project UIP-05-2017-9219. Scedrov is partially supported by ONR. Talcott is partly supported by ONR grant N00014-15-1-2202 and NRL grant N0017317-1-G002. Nigam is partially supported by NRL grant N0017317-1-G002, and CNPq grant 303909/2018-8.

Author information

Authors and Affiliations

  1. KFUPM, Dhahran, Saudi Arabia

    Musab A. Alturki

  2. Runtime Verification Inc., Urbana, USA

    Musab A. Alturki

  3. Department of Mathematics, University of Rijeka, Rijeka, Croatia

    Tajana Ban Kirigin

  4. University College, London, London, UK

    Max Kanovich

  5. Federal University of Paraíba, João Pessoa, Brazil

    Vivek Nigam

  6. fortiss, Munich, Germany

    Vivek Nigam

  7. University of Pennsylvania, Philadelphia, USA

    Andre Scedrov

  8. National Research University Higher School of Economics, Moscow, Russia

    Max Kanovich & Andre Scedrov

  9. SRI International, Menlo Park, USA

    Carolyn Talcott

Authors
  1. Musab A. Alturki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tajana Ban Kirigin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Max Kanovich
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vivek Nigam
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Andre Scedrov
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Carolyn Talcott
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carolyn Talcott .

Editor information

Editors and Affiliations

  1. Worcester Polytechnic Institute, Worcester, MA, USA

    Joshua D. Guttman

  2. George Washington University, Washington, DC, USA

    Carl E. Landwehr

  3. University of Illinois, Urbana, IL, USA

    José Meseguer

  4. University of Hawai'i, Honolulu, HI, USA

    Dusko Pavlovic

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Alturki, M.A., Ban Kirigin, T., Kanovich, M., Nigam, V., Scedrov, A., Talcott, C. (2019). A Multiset Rewriting Model for Specifying and Verifying Timing Aspects of Security Protocols. In: Guttman, J., Landwehr, C., Meseguer, J., Pavlovic, D. (eds) Foundations of Security, Protocols, and Equational Reasoning. Lecture Notes in Computer Science(), vol 11565. Springer, Cham. https://doi.org/10.1007/978-3-030-19052-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-19052-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-19051-4

  • Online ISBN: 978-3-030-19052-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation