Verifying Smart Card Applications: An ASM Approach

  • Dominik Haneberg
  • Holger Grandy
  • Wolfgang Reif
  • Gerhard Schellhorn
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4591)


We present Prosecco, a formal model for security protocols of smart card applications, based on Abstract State Machines (ASM) [BS03],[Gur95], and a suitable method for verifying security properties of such protocols. The main part of this article describes the structure of the protocol ASM and all its relevant parts. Our modeling technique enables an attacker model exactly tailored to the application, instead of only an attacker similar to the Dolev-Yao model. We also introduce a proof technique for security properties of the protocols. Properties are proved in the KIV system using symbolic execution and invariants. Furthermore we describe a graphical notation based on UML diagrams that allows to specify the important parts of the application in a simple way.

Our formal approach is exemplified with a small e-commerce application. We use an electronic wallet to demonstrate the ASM-based protocol model and we also show what the proof obligations of some of the security properties look like.


Smart Card Security Protocol Security Property Symbolic Execution Cryptographic Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Accorsi, R., Basin, D., Viganò, L.: Towards an awareness-based semantics for security protocol analysis. In: Goubault-Larrecq, J. (ed.) Workshop on Logical Aspects of Cryptographic Protocol Verification, Elsevier, Amsterdam (2001)Google Scholar
  2. Anderson, R.J., Needham, R.M.: Programming Satan’s Computer. In: van Leeuwen, J. (ed.) Computer Science Today. LNCS, vol. 1000, Springer, Heidelberg (1995)Google Scholar
  3. Burrows, M., Abadi, M., Needham, R.M.: A Logic of Authentication. Technical report, SRC Research Report 39 (1989)Google Scholar
  4. Bella, G.: Mechanising a Protocol for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. Basin, D., Mödersheim, S., Viganò, L.: An On-The-Fly Model-Checker for Security Protocol Analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)Google Scholar
  6. Börger, E.: The ASM Refinement Method. Formal Aspects of Computing, 15(1-2) (2003)Google Scholar
  7. Bella, G., Riccobene, E.: Formal Analysis of the Kerberos Authentication System. Journal of Universal Computer Science 3(12), 1337–1381 (1997)zbMATHGoogle Scholar
  8. Bella, G., Riccobene, E.: A Realistic Environment for Crypto-Protocol Aalyses by ASMs. In: Glässer, U., Schmitt, P. (eds.) Proc. 5th Int. Workshop on Abstract State Machines, Magdeburg University (1998)Google Scholar
  9. Balser, M., Reif, W., Schellhorn, G., Stenzel, K., Thums, A.: Formal system development with KIV. In: Maibaum, T.S.E. (ed.) ETAPS 2000 and FASE 2000. LNCS, vol. 1783, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. Börger, E., Stärk, R.F.: Abstract State Machines—A Method for High-Level System Design and Analysis. Springer, Heidelberg (2003)zbMATHGoogle Scholar
  11. Derrick, J., Wehrheim, H.: Using Coupled Simulations in Non-atomic Refinement. In: Bert, D., Bowen, J.P., King, S., Walden, M. (eds.) ZB 2003. LNCS, vol. 2651, Springer, Heidelberg (2003)Google Scholar
  12. Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proc. 22th IEEE Symposium on Foundations of Computer Science, IEEE, Los Alamitos (1981)Google Scholar
  13. Fábrega, F.J.T., Herzog, J.C., Guttman, J.D.: Strand Spaces: Proving Security Protocols Correct. Journal of Computer Security 7, 191–230 (1999)Google Scholar
  14. Grandy, H., Haneberg, D., Reif, W., Stenzel, K.: Developing Provably Secure M-Commerce Applications. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. Grandy, H., Stenzel, K., Reif, W.: A Refinement Method for Java Programs. Technical Report 2006-29, University of Augsburg (December 2006)Google Scholar
  16. Gurevich, Y.: Evolving algebras 1993: Lipari guide. In: Börger, E. (ed.) Specification and Validation Methods, Oxford Univ. Press, New York (1995)Google Scholar
  17. Haneberg, D.: Sicherheit von Smart Card – Anwendungen. PhD thesis, University of Augsburg, Augsburg, Germany (in German) (2006)Google Scholar
  18. Haneberg, D., Grandy, H., Reif, W., Schellhorn, G.: Verifying Smart Card Applications: An ASM Approach. Technical Report 2006-08, Universität Augsburg (2006)Google Scholar
  19. Harel, D., Kozen, D., Tiuryn, J.: Dynamic Logic. MIT Press, Cambridge (2000)zbMATHGoogle Scholar
  20. Haneberg, D., Reif, W., Stenzel, K.: A Method for Secure Smartcard Applications. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. Haneberg, D., Schellhorn, G., Grandy, H., Reif, W.: Verification of Mondex Electronic Purses with KIV: From Transactions to a Security Protocol. Technical Report 2006-32, University of Augsburg (December 2006)Google Scholar
  22. Jürjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002 - The Unified Modeling Language 5th International Conference. LNCS, vol. 2460, Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  24. Web presentation of KIV projects. URL:
  25. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  26. Nipkow, T.: Hoare logics for recursive procedures and unbounded nondeterminism. In: Bradfield, J.C. (ed.) CSL 2002 and EACSL 2002. LNCS, vol. 2471, Springer, Heidelberg (2002)CrossRefGoogle Scholar
  27. The Object Management Group (OMG). OMG Unified Modeling Language Specification Version 1.5 (2003)Google Scholar
  28. Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6, 85–128 (1998)Google Scholar
  29. Paulson, L.C.: Verifying the SET Protocol. In: Goré, R.P., Leitsch, A., Nipkow, T. (eds.) IJCAR 2001. LNCS (LNAI), vol. 2083, Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. Rumbaugh, J., Jacobson, I., Booch, G.: The Unified Modeling Language Reference Manual. Addison-Wesley, Reading (1998)Google Scholar
  31. Ryan, P.Y.A., Schneider, S.A., Goldsmith, M.H., Lowe, G., Roscoe, B.: The Modelling and Analysis of Security Protocols: the CSP Approach. Addison-Wesley, Reading (2001)Google Scholar
  32. Reif, W., Schellhorn, G., Stenzel, K., Balser, M.: Structured specifications and interactive proofs with KIV. In: Bibel, W., Schmitt, P. (eds.) Automated Deduction—A Basis for Applications, Kluwer, Dordrecht (1998)Google Scholar
  33. Schellhorn, G.: Verification of ASM Refinements Using Generalized Forward Simulation. Journal of Universal Computer Science (J.UCS) 7(11), 952–979 (2001) URL: MathSciNetGoogle Scholar
  34. Schellhorn, G.: ASM Refinement and Generalizations of Forward Simulation in Data Refinement: A Comparison. Journal of Theoretical Computer Science 336(2-3), 403–435 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  35. Stepney, S., Cooper, D., Woodcock, J.: AN ELECTRONIC PURSE Specification, Refinement, and Proof. In: Technical monograph PRG-126, July 2000, Oxford University Computing Laboratory, Oxford (2000)Google Scholar
  36. Schellhorn, G., Grandy, H., Haneberg, D., Möbius, N., Reif, W.: A systematic verification Approach for Mondex Electronic Purses using ASMs. Technical Report 2006-27, Universität Augsburg, Augsburg (2006)Google Scholar
  37. Schellhorn, G., Grandy, H., Haneberg, D., Möbius, N., Reif, W.: A Systematic Verification Approach for Mondex Electronic Purses using ASMs. In: Abrial, J.-R., Glässer, U. (eds.) Proceedings of the Dagstuhl Seminar on Rigorous Methods for Software Construction and Analysis. LNCS, Springer, Heidelberg (submitted, 2007)Google Scholar
  38. Schellhorn, G., Grandy, H., Haneberg, D., Reif, W.: The Mondex Challenge: Machine Checked Proofs for an Electronic Purse. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  39. Stenzel, K.: A formally verified calculus for full Java Card. In: Rattray, C., Maharaj, S., Shankland, C. (eds.) AMAST 2004. LNCS, vol. 3116, Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Dominik Haneberg
    • 1
  • Holger Grandy
    • 1
  • Wolfgang Reif
    • 1
  • Gerhard Schellhorn
    • 1
  1. 1.Lehrstuhl für Softwaretechnik und Programmiersprachen, Institut für Informatik, Universität Augsburg, 86135 AugsburgGermany

Personalised recommendations