Skip to main content
SpringerLink
Log in

A Z Based Approach to Verifying Security Protocols

  • Conference paper
Formal Methods and Software Engineering (ICFEM 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2885))

Included in the following conference series:

Abstract

Security protocols preserve essential properties, such as confidentiality and authentication, of electronically transmitted data. However, such properties cannot be directly expressed or verified in contemporary formal methods. Via a detailed example, we describe the phases needed to formalise and verify the correctness of a security protocol in the state-oriented Z formalism.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. In: Fourth ACM Conference on Computer and Communications Security, pp. 36–47. ACM Press, New York (1997)

    Chapter  Google Scholar 

  2. Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET registration protocols. IEEE Journal On Selected Areas In Communications 21(5), 77–87 (2003)

    Article  Google Scholar 

  3. Boyd, C.: Security architectures using formal methods. IEEE Journal On Selected Areas In Communications 11(5), 694–701 (1993)

    Article  Google Scholar 

  4. Boyd, C., Kearney, P.: Exploring fair exchange protocols using specification animation. In: Okamoto, E., Pieprzyk, J.P., Seberry, J. (eds.) ISW 2000. LNCS, vol. 1975, pp. 209–223. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  5. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. Technical Report TR 39, Digital Equipment Corporation (February 1989)

    Google Scholar 

  6. Butler, M.: On the use of data refinement in the development of secure communications systems. Formal Aspects of Computing 14(1), 2–34 (2002)

    Article  MATH  Google Scholar 

  7. Carlsen, U.: Generating formal cryptographic protocol specifications. In: Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 137–146. IEEE Computer Society Press, Los Alamitos (1994)

    Chapter  Google Scholar 

  8. Clark, J., Jacob, J.: A survey of authentication protocol literature: Version 1.0 (1997), http://www.cs.york.ac.uk/~jac/papers/drareviewps.ps (accessed May 2003)

  9. Cohen, E.: Taps: A first-order verifier for cryptographic protocols. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW 2000), pp. 144–158. IEEE Computer Society Press, Los Alamitos (2000)

    Chapter  Google Scholar 

  10. Denker, G., Millen, J.K., Grau, A., Filipe, J.K.: Optimizing protocol rewrite rules of CIL specifications. In: Proceedings of 13th IEEE Computer Security Foundations Workshop (CSFW 2000), pp. 52–63. IEEE Computer Society Press, Los Alamitos (2000)

    Chapter  Google Scholar 

  11. Diffie, W., Hellman, M.E.: Multiuser cryptographic techniques. In: Proceedings of AFIPS 1976 National Computer Conference, Montvale, New Jersey, pp. 109–112 (1976)

    Google Scholar 

  12. Gong, L.: Variations on the themes of message freshness and replay — or the difficulty of devising formal methods to analyze cryptographic protocols. In: Proceedings of the Computer Security Foundations Workshop VI, pp. 131–136. IEEE Computer Society Press, Los Alamitos (1993)

    Chapter  Google Scholar 

  13. Kemmerer, R.: Analyzing encryption protocols using formal verification techniques. IEEE Journal On Selected Areas In Communications 7(4), 448–457 (1989)

    Article  Google Scholar 

  14. Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–133 (1995)

    Article  MATH  Google Scholar 

  15. Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of 10th IEEE Computer Security Foundations Workshop (CSFW 1997), pp. 31–43. IEEE Computer Society Press, Los Alamitos (1997)

    Chapter  Google Scholar 

  16. Ma, L., Tsai, J.J.P.: Formal Verification Techniques for Computer Communication Security Protocols, volume 2. World Scientific Publishing Company (2001), http://www.cs.uic.edu/~lma/abstract1.pdf (accessed May 2003)

  17. Meadows, C.: The NRL protocol analyzer: An overview. Journal of Logic Programming 26(2), 113–131 (1996)

    Article  MATH  Google Scholar 

  18. Meadows, C.A.: Formal verification of cryptographic protocols: A survey. In: Safavi-Naini, R., Pieprzyk, J.P. (eds.) ASIACRYPT 1994. LNCS, vol. 917, pp. 133–149. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  19. Morgan, C.: Programming from Specifications. Prentice Hall International Series In Computer Science. Prentice Hall International, Englewood Cliffs (1989)

    Google Scholar 

  20. Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(12), 993–999 (1978)

    Article  MATH  Google Scholar 

  21. Paulson, L.C.: Proving properties of security protocols by induction. In: Proceedings of 10th IEEE Computer Security Foundations Workshop (CSFW 1997), pp. 70–83. IEEE Computer Society Press, Los Alamitos (1997)

    Chapter  Google Scholar 

  22. Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: The Modelling and Analysis of Security Protocols: The CSP Approach. Addison-Wesley, Reading (2000)

    Google Scholar 

  23. Schneider, S.: Security properties and CSP. In: Proceedings of the 1996 IEEE Computer Society Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos (1996)

    Google Scholar 

  24. Shmatikov, V., Stern, U.: Efficient finite-state analysis for large security protocols. In: Proceedings of 11th IEEE Computer Security Foundations Workshop (CSFW 1998), pp. 106–115. IEEE Computer Society Press, Los Alamitos (1998)

    Google Scholar 

  25. Spivey, J.M.: The Z Notation: A Reference Manual. Prentice Hall International Series In Computer Science. Prentice Hall, London (1992)

    Google Scholar 

  26. Stubblebine, S.G., Wright, R.N.: An authentication logic with formal semantics supporting synchronization, revocation, and recency. IEEE Transactions on Software Engineering 28(3), 256–285 (2002)

    Article  Google Scholar 

  27. Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Why is a security protocol correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, May 1998, pp. 160–171. IEEE Computer Society Press, Los Alamitos (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, Australia

    Benjamin W. Long, Colin J. Fidge & Antonio Cerone

Authors
  1. Benjamin W. Long
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Colin J. Fidge
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antonio Cerone
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing, National University of Singapore, Singapore

    Jin Song Dong

  2. University of York,  

    Jim Woodcock

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Long, B.W., Fidge, C.J., Cerone, A. (2003). A Z Based Approach to Verifying Security Protocols. In: Dong, J.S., Woodcock, J. (eds) Formal Methods and Software Engineering. ICFEM 2003. Lecture Notes in Computer Science, vol 2885. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39893-6_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-39893-6_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20461-9

  • Online ISBN: 978-3-540-39893-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation