Abstract
Ensuring correspondence is very important and useful in designing security protocols. Previously, many research works focus on the verification of former-correspondence which means “if the protocol executes some event, then it must have executed some other events before”. However, in some security protocols, it is also important to ensure the engagement of some events after an event happens. In this work, we propose a new property called later-correspondence, which is very useful for e-commerce protocols. The applied \(\pi \)-calculus is extended to specify the protocols. A simplified intruder model is proposed for modeling the intruder capabilities which includes the malicious behaviors of both protocol agents and intruders. The later-correspondence is verified based on the Labeled Transition System (LTS) using model checking. In order to avoid the states explosion, we limit the number of protocol sessions and reduce most of the useless messages from the intruder knowledge with message pattern filtering. We implement our method in a model checker PAT [23] and the verification results show that our method can verify later-correspondence in an effective way.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. Proc. R. Soc. Lond. A 426, 233–271 (1989)
Lowe, G.: Breaking and fixing the needham-schroeder public-key protocol using FDR. In: Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems, pp. 147–166 (1989)
Xie, X.F., Li, X.H., Cao, K.Y., Feng, Z.Y.: Security modeling based on CSP for network protocol. Int. J. Digit. Content Technol. Appl. 6, 496–504 (2012)
Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: why is a security protocol correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 160–171 (1998)
Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: proving security protocols correct. J. Comput. Secur. 7, 191–230 (1999)
Bella, G., Paulson, L.C.: Using Isabelle to prove properties of the Kerberos authentication system. In: DIMACS Workshop on Design and Formal Verification of Security Protocols (1997)
Athena, D.X.S.: A New efficient automatic checker for security protocol analysis.In: Computer Security Foundations Workshop, pp. 192–202 (1999)
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In:Computer Security Foundations Workshop, pp. 82–96 (2001)
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Program. 26, 113–131 (1996)
Sun, J., Liu, Y., Dong, J.S.: Model checking CSP revisited: introducing a process analysis toolkit. In: Margaria, T., Steffen, B. (eds.) ISoLA 2008. CCIS, vol. 17, pp. 307–322. Springer, Heidelberg (2008)
Mitchell, J.C., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using Murphi. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 141–151. IEEE Computer Society Press (1997)
Hoare, C.: Communicating Sequential Processes. International Series in Computer Science. Prentice-Hall, Upper Saddle River (1985)
Gordon, A., Jeffrey, A.: Authenticity by typing for security protocols. J. Comput. Secur. 11, 451–519 (2003)
Gordon, A., Jeffrey, A.: Types and effects for asymmetric cryptographic protocols. J. Comput. Secur. 12, 435–484 (2004)
Gordon, A.D., Hüttel, H., Hansen, R.R.: Type inference for correspondence types. In: 6th International Workshop on Security Issues in Concurrency (2008)
Bugliesi, M., Focardi, R., Maffei, M.: Analysis of typed analyses of authentication protocols. In: Proceedings 18th IEEE Computer Security Foundations Workshop, pp. 112–125 (2005)
Bugliesi, M., Focardi, R., Maffei, M.: Dynamic types for authentication. J. Comput. Secur. 15, 563–617 (2007)
Cremers, C., Mauw, S., de Vink, E.: Defining authentication in a trace model. In: Proceedings of the First International Workshop on Formal Aspects in Security and Trust, pp. 131–145 (2003)
Corin, R., Saptawijaya, A., Etalle, S.: A logic for constraint based security protocol analysis. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 155–168 (2006)
Schmidt, B., Meier, S., Cremers, C., Basin, D.: Automated analysis of Difie-Hellman protocols and advanced security properties. In: Computer Security Foundations Symposium (CSF), pp. 78–94 (2012)
Tuan, L.A., Sun, J., Liu, Y., Dong, J.S., Li, X.H., Tho, Q.T.: SEVE: automatic tool for verification of security protocols. Front. Comput. Sci. Spec. Issue Form. Eng. Method 6, 57–75 (2012)
Liu, Y., Sun, J., Dong, J.S.: Developing model checkers using PAT. In: Bouajjani, A., Chin, W.-N. (eds.) ATVA 2010. LNCS, vol. 6252, pp. 371–377. Springer, Heidelberg (2010)
Blanchet, B.: Automatic verification of correspondences for security protocols. J. Comput. Secur. 17, 363–434 (2009)
Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols. In: IEEE Symposium on Security and Privacy, pp. 178–194 (1993)
Dolev, D., Yao, A.C.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2, 198–208 (1983)
Ryan, M.D., Smyth, B.: Applied pi calculus. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols. IOS Press, Amsterdam (2011)
Clark, J.A., Jacob, J.L.: A survey of authentication protocol literature: version 1.0 (1997). http://www.cs.york.ac.uk/jac/papers/drareview.ps.gz
Zhang, Q., Zhang, L., et al.: A new certified E-mail protocol based on signcrytion. J. Univ. Electron. Sci. Technol. China 37, 282–284 (2008)
Blanchet, B., Smyth, B.: ProVerif 1.86pl3: automatic cryptographic protocol verifier, user manual and tutorial (2011). http://prosecco.gforge.inria.fr/personal/bblanche/proverif/manual.pdf
Acknowledgments
This work was supported in part by the National Science Foundation of China (No. 91118003, 61272106, 61003080) and 985 funds of Tianjin University.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Xie, X., Li, X., Liu, Y., Li, L., Feng, R., Feng, Z. (2015). Automatic Verification for Later-Correspondence of Security Protocols. In: Liu, S., Duan, Z. (eds) Structured Object-Oriented Formal Language and Method. SOFL+MSVL 2014. Lecture Notes in Computer Science(), vol 8979. Springer, Cham. https://doi.org/10.1007/978-3-319-17404-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-17404-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17403-7
Online ISBN: 978-3-319-17404-4
eBook Packages: Computer ScienceComputer Science (R0)