Abstract
Security protocols preserve essential properties, such as confidentiality and authentication, of electronically transmitted data. However, such properties cannot be directly expressed or verified in contemporary formal methods. Via a detailed example, we describe the phases needed to formalise and verify the correctness of a security protocol in the state-oriented Z formalism.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. In: Fourth ACM Conference on Computer and Communications Security, pp. 36–47. ACM Press, New York (1997)
Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET registration protocols. IEEE Journal On Selected Areas In Communications 21(5), 77–87 (2003)
Boyd, C.: Security architectures using formal methods. IEEE Journal On Selected Areas In Communications 11(5), 694–701 (1993)
Boyd, C., Kearney, P.: Exploring fair exchange protocols using specification animation. In: Okamoto, E., Pieprzyk, J.P., Seberry, J. (eds.) ISW 2000. LNCS, vol. 1975, pp. 209–223. Springer, Heidelberg (2000)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. Technical Report TR 39, Digital Equipment Corporation (February 1989)
Butler, M.: On the use of data refinement in the development of secure communications systems. Formal Aspects of Computing 14(1), 2–34 (2002)
Carlsen, U.: Generating formal cryptographic protocol specifications. In: Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 137–146. IEEE Computer Society Press, Los Alamitos (1994)
Clark, J., Jacob, J.: A survey of authentication protocol literature: Version 1.0 (1997), http://www.cs.york.ac.uk/~jac/papers/drareviewps.ps (accessed May 2003)
Cohen, E.: Taps: A first-order verifier for cryptographic protocols. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW 2000), pp. 144–158. IEEE Computer Society Press, Los Alamitos (2000)
Denker, G., Millen, J.K., Grau, A., Filipe, J.K.: Optimizing protocol rewrite rules of CIL specifications. In: Proceedings of 13th IEEE Computer Security Foundations Workshop (CSFW 2000), pp. 52–63. IEEE Computer Society Press, Los Alamitos (2000)
Diffie, W., Hellman, M.E.: Multiuser cryptographic techniques. In: Proceedings of AFIPS 1976 National Computer Conference, Montvale, New Jersey, pp. 109–112 (1976)
Gong, L.: Variations on the themes of message freshness and replay — or the difficulty of devising formal methods to analyze cryptographic protocols. In: Proceedings of the Computer Security Foundations Workshop VI, pp. 131–136. IEEE Computer Society Press, Los Alamitos (1993)
Kemmerer, R.: Analyzing encryption protocols using formal verification techniques. IEEE Journal On Selected Areas In Communications 7(4), 448–457 (1989)
Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1995)
Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of 10th IEEE Computer Security Foundations Workshop (CSFW 1997), pp. 31–43. IEEE Computer Society Press, Los Alamitos (1997)
Ma, L., Tsai, J.J.P.: Formal Verification Techniques for Computer Communication Security Protocols, volume 2. World Scientific Publishing Company (2001), http://www.cs.uic.edu/~lma/abstract1.pdf (accessed May 2003)
Meadows, C.: The NRL protocol analyzer: An overview. Journal of Logic Programming 26(2), 113–131 (1996)
Meadows, C.A.: Formal verification of cryptographic protocols: A survey. In: Safavi-Naini, R., Pieprzyk, J.P. (eds.) ASIACRYPT 1994. LNCS, vol. 917, pp. 133–149. Springer, Heidelberg (1995)
Morgan, C.: Programming from Specifications. Prentice Hall International Series In Computer Science. Prentice Hall International, Englewood Cliffs (1989)
Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(12), 993–999 (1978)
Paulson, L.C.: Proving properties of security protocols by induction. In: Proceedings of 10th IEEE Computer Security Foundations Workshop (CSFW 1997), pp. 70–83. IEEE Computer Society Press, Los Alamitos (1997)
Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: The Modelling and Analysis of Security Protocols: The CSP Approach. Addison-Wesley, Reading (2000)
Schneider, S.: Security properties and CSP. In: Proceedings of the 1996 IEEE Computer Society Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos (1996)
Shmatikov, V., Stern, U.: Efficient finite-state analysis for large security protocols. In: Proceedings of 11th IEEE Computer Security Foundations Workshop (CSFW 1998), pp. 106–115. IEEE Computer Society Press, Los Alamitos (1998)
Spivey, J.M.: The Z Notation: A Reference Manual. Prentice Hall International Series In Computer Science. Prentice Hall, London (1992)
Stubblebine, S.G., Wright, R.N.: An authentication logic with formal semantics supporting synchronization, revocation, and recency. IEEE Transactions on Software Engineering 28(3), 256–285 (2002)
Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Why is a security protocol correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, May 1998, pp. 160–171. IEEE Computer Society Press, Los Alamitos (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Long, B.W., Fidge, C.J., Cerone, A. (2003). A Z Based Approach to Verifying Security Protocols. In: Dong, J.S., Woodcock, J. (eds) Formal Methods and Software Engineering. ICFEM 2003. Lecture Notes in Computer Science, vol 2885. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39893-6_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-39893-6_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20461-9
Online ISBN: 978-3-540-39893-6
eBook Packages: Springer Book Archive