Abstract
Catherine Meadows has played an important role in the advancement of formal methods for protocol security verification. Her insights on the use of, for example, narrowing and rewriting logic has made possible the automated discovery of new attacks and the shaping of new protocols. Meadows has also investigated other security aspects, such as, distance-bounding protocols and denial of service attacks. We have been greatly inspired by her work. This paper describes the use of Multiset Rewriting for the specification and verification of timing aspects of protocols, such as network delays, timeouts, timed intruder models and distance-bounding properties. We detail these timed features with a number of examples and describe decidable fragments of related verification problems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Indeed, it was Cathy that suggested us to investigate DB protocols.
- 2.
For simplicity, we ammended only the initiator role, Alice, with a timeout. Since Lowe attack is an attack against both Alice and Bob, the protocol could similary be enhanced with another timeout in the reponder role that would additionally enable Bob to detect that something is wrong.
- 3.
Substitution application (\(\mathcal {S}\theta \)) is defined as usual [11], i.e., by mapping time variables in \(\mathcal {S}\) to non-negative real numbers, nonce names to nonce names (renaming of nonces) and term variables to terms.
- 4.
Instead of such fixed connections of agents to particular channels it is possible to represent agents establishing or dropping connections by additional rules in the model.
- 5.
In our generalization of protocol theories we might omit the condition \(i \le j\) that was the condition in [10] forcing that protocols proceed in execution.
References
Alturki, M.A., Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Statistical model checking of distance fraud attacks on the Hancke-Kuhn family of protocols. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 60–71. ACM (2018)
Basin, D.A., Capkun, S., Schaller, P., Schmidt, B.: Formal reasoning about physical properties of security protocols. ACM Trans. Inf. Syst. Secur. 14(2), 16 (2011)
Bella, G., Paulson, L.C.: Kerberos version IV: inductive analysis of the secrecy goals. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 361–375. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055875
Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_30
Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: CSFW, pp. 55–69 (1999)
Cheval, V., Cortier, V.: Timing attacks in security protocols: symbolic framework and proof techniques. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 280–299. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7_15
Chothia, T., Smirnov, V.: A traceability attack against e-passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_5
Cremers, C., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance Hijacking attacks on distance bounding protocols. In: 2012 IEEE Symposium on Security and Privacy, pp. 113–127 (2012). https://doi.org/10.1109/SP.2012.17
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12(2), 247–311 (2004)
Enderton, H.B.: A Mathematical Introduction to Logic. Academic Press, Cambridge (1972)
Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007–2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_1
Evans, N., Schneider, S.: Analysing time dependent security properties in CSP using PVS. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 222–237. Springer, Heidelberg (2000). https://doi.org/10.1007/10722599_14
Gorrieri, R., Locatelli, E., Martinelli, F.: A simple language for real-time cryptographic protocol analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 114–128. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36575-3_9. http://dl.acm.org/citation.cfm?id=1765712.1765723
Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SECURECOMM 2005, pp. 67–73 (2005). https://doi.org/10.1109/SECURECOMM.2005.56
Jakubowska, G., Penczek, W.: Modelling and checking timed authentication of security protocols. Fundamenta Informaticae 79(3–4), 363–378 (2007)
Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A.: Bounded memory Dolev-Yao adversaries in collaborative systems. Inf. Comput. 238, 233–261 (2014)
Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Compliance in real time multiset rewriting models. https://arxiv.org/abs/1811.04826
Kanovich, M., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.: Discrete vs. dense times in the analysis of cyber-physical security protocols. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 259–279. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7_14
Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Can we mitigate the attacks on distance-bounding protocols by using challenge-response rounds repeatedly? In: FCS (2016)
Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Timed multiset rewriting and the verification of time-sensitive distributed systems. In: Fränzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 228–244. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44878-7_14
Kanovich, M., Rowe, P., Scedrov, A.: Policy compliance in collaborative systems. In: Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium, CSF 2009, pp. 218–233. IEEE Computer Society, Washington, DC (2009). https://doi.org/10.1109/CSF.2009.19
Kanovich, M.I., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.L.: Towards timed models for cyber-physical security protocols (2014). Available in Nigam’s homepage
Kanovich, M.I., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.L.: Time, computational complexity, and probability in the analysis of distance-bounding protocols. J. Comput. Secur. 25(6), 585–630 (2017). https://doi.org/10.3233/JCS-0560
Kanovich, M.I., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.L., Perovic, R.: A rewriting framework and logic for activities subject to regulations. Math. Struct. Comput. Sci. 27(3), 332–375 (2017). https://doi.org/10.1017/S096012951500016X
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: TACAS, pp. 147–166 (1996)
Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Program. 26(2), 113–131 (1996). https://doi.org/10.1016/0743-1066(95)00095-X. http://www.sciencedirect.com/science/article/pii/074310669500095X
Meadows, C.: A cost-based framework for analysis of denial of service in networks. J. Comput. Secur. 9(1–2), 143–164 (2001). http://dl.acm.org/citation.cfm?id=374742.374757
Meadows, C.A., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols: authentication logic analysis and collusion attacks. In: Poovendran, R., Roy, S., Wang, C. (eds.) Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks. ADIS, vol. 30, pp. 279–298. Springer, Boston (2007). https://doi.org/10.1007/978-0-387-46276-9_12
Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). https://doi.org/10.1145/359657.359659
Nigam, V., Talcott, C., Aires Urquiza, A.: Towards the automated verification of cyber-physical security protocols: bounding the number of timed intruders. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part II. LNCS, vol. 9879, pp. 450–470. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_23
Pavlovic, D., Meadows, C.: Bayesian authentication: quantifying security of the Hancke-Kuhn protocol. Electron. Notes Theoret. Comput. Sci. 265, 97–122 (2010)
Rowe, P.: Policy compliance, confidentiality and complexity in collaborative systems. Ph.D. thesis. University of Pennsylvania (2009)
Acknowledgments
We thank Cathy for her inspiring work, insightful and motivating discussions and for her friendship. Part of this work was done during the visits to the University of Pennsylvania by Alturki, Ban Kirigin, Kanovich, Nigam, and Talcott, which were partially supported by ONR and by the University of Pennsylvania. Ban Kirigin is supported in part by the Croatian Science Foundation under the project UIP-05-2017-9219. Scedrov is partially supported by ONR. Talcott is partly supported by ONR grant N00014-15-1-2202 and NRL grant N0017317-1-G002. Nigam is partially supported by NRL grant N0017317-1-G002, and CNPq grant 303909/2018-8.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Alturki, M.A., Ban Kirigin, T., Kanovich, M., Nigam, V., Scedrov, A., Talcott, C. (2019). A Multiset Rewriting Model for Specifying and Verifying Timing Aspects of Security Protocols. In: Guttman, J., Landwehr, C., Meseguer, J., Pavlovic, D. (eds) Foundations of Security, Protocols, and Equational Reasoning. Lecture Notes in Computer Science(), vol 11565. Springer, Cham. https://doi.org/10.1007/978-3-030-19052-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-19052-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19051-4
Online ISBN: 978-3-030-19052-1
eBook Packages: Computer ScienceComputer Science (R0)