Skip to main content
SpringerLink
Log in

Is Your Security Protocol on Time ?

  • Conference paper
International Symposium on Fundamentals of Software Engineering (FSEN 2007)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4767))

Included in the following conference series:

Abstract

In this paper we offer a novel methodology for verifying correctness of (timed) security protocols. The idea consists in computing the time of a correct execution of a session and finding out whether the Intruder can change it to shorter or longer by an active attack. Moreover, we generalize the correspondence property so that attacks can be also discovered when some time constraints are not satisfied. As case studies we verify generalized authentication of KERBEROS, TMN, Neumann Stubblebine Protocol, Andrew Secure Protocol, WMF, and NSPK.

The authors acknowledge partial support from the Ministry of Science and Information Society Technologies under grant number 3 T11C 011 28 and N516 038 31/3853.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Armando, A., Compagna, L.: SATMC: A SAT-based model checker for security protocols. In: Alferes, J.J., Leite, J.A. (eds.) JELIA 2004. LNCS (LNAI), vol. 3229, pp. 730–733. Springer, Heidelberg (2004)

    Google Scholar 

  2. Basin, D.A., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. International Journal of Information Security 4, 181–208 (2005)

    Article  Google Scholar 

  3. Boreale, M., Buscemi, M.G.: Experimenting with STA, a tool for automatic analysis of security protocols. In: SAC 2002. Proc. of the 2002 ACM Symposium on Applied Computing, pp. 281–285. ACM, New York (2002)

    Google Scholar 

  4. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganó, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)

    Google Scholar 

  5. Kurkowski, M., Penczek, W., Zbrzezny, A.: Sat-based verification of security protocols via translation to networks of automata. In: MoChart IV. LNCS (LNAI), vol. 4428, pp. 146–165. Springer, Heidelberg (2007)

    Google Scholar 

  6. Delzanno, G., Ganty, P.: Automatic verification of time sensitive cryptographic protocols. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 342–356. Springer, Heidelberg (2004)

    Google Scholar 

  7. Evans, N., Schneider, S.: Analysing time dependent security properties in CSP using PVS. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 222–237. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  8. Gorrieri, R., Locatelli, E., Martinelli, F.: A simple language for real-time cryptographic protocol analysis. In: Degano, P. (ed.) ESOP 2003 and ETAPS 2003. LNCS, vol. 2618, pp. 114–128. Springer, Heidelberg (2003)

    Google Scholar 

  9. Lowe, G.: Casper: A compiler for the analysis of security protocols. Journal of Computer Security 6, 53–84 (1998)

    Google Scholar 

  10. Corin, R., Etalle, S., Hartel, P.H., Mader, A.: Timed model checking of security protocols. In: FMSE 2004. Proc. of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 23–32. ACM Press, New York (2004)

    Chapter  Google Scholar 

  11. Bengtsson, J., Larsen, K.G., Larsson, F., Pettersson, P., Yi, W., Weise, C.: New generation of UPPAAL. In: Proc. of the Int. Workshop on Software Tools for Technology Transfer (1998)

    Google Scholar 

  12. Jakubowska, G., Penczek, W., Srebrny, M.: Verifying security protocols with timestamps via translation to timed automata. In: CS&P 2005. Proc. of the International Workshop on Concurrency, Specification and Programming, pp. 100–115. Warsaw University (2005)

    Google Scholar 

  13. Jakubowska, G., Penczek, W.: Modelling and checking timed authentication of security protocols. In: CS&P 2006. Proc. of the Int. Workshop on Concurrency, Specification and Programming, vol. 206(2) of Informatik-Berichte, pp. 280–291. Humboldt University (2006)

    Google Scholar 

  14. Clark, J.A., Jacob, J.L.: A survey of authentication protocol literature. Technical Report 1.0 (1997)

    Google Scholar 

  15. Security protocols open repository (2003), http://www.lsv.ens-cachan.fr//spore

  16. Lowe, G.: An attack on the needham-schroeder public-key authentication protocol. Information Processing Letters 56, 131–133 (1995)

    Article  MATH  Google Scholar 

  17. Doroś, A., Janowska, A., Janowski, P.: From specification languages to timed automata. In: CS&P 2002. Proc. of the Int. Workshop on Concurrency, Specification and Programming, vol. 161(1) of Informatik-Berichte, pp. 117–128. Humboldt University (2002)

    Google Scholar 

  18. Daws, C., Olivero, A., Tripakis, S., Yovine, S.: The tool KRONOS. In: Alur, R., Sontag, E.D., Henzinger, T.A. (eds.) Hybrid Systems III. LNCS, vol. 1066, pp. 208–219. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  19. Dembiński, P., Janowska, A., Janowski, P., Penczek, W., Półrola, A., Szreter, M., Woźna, B., Zbrzezny, A.: VerICS: A tool for verifying timed automata and Estelle specifications. In: Garavel, H., Hatcliff, J. (eds.) ETAPS 2003 and TACAS 2003. LNCS, vol. 2619, pp. 278–283. Springer, Heidelberg (2003)

    Google Scholar 

  20. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)

    Article  Google Scholar 

  21. Armando, A., Compagna, L.: An optimized intruder model for SAT-based model-checking of security protocols. ENTCS 125, 91–108 (2005)

    Google Scholar 

  22. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton, USA (2001)

    Google Scholar 

  23. Panti, M., Spalazzi, L., Tacconi, S.: Using the NuSMV model checker to verify the kerberos protocol. In: Simulation Series. Society for Computer Simulation, vol. 34, pp. 230–236 (2002)

    Google Scholar 

  24. Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols. In: SP 1993. Proc. of the 1993 IEEE Symposium on Security and Privacy, pp. 178–194. IEEE Computer Society, Los Alamitos (1993)

    Google Scholar 

  25. Jakubowska, G., Penczek, W.: Verifying timed properties of security protocols. Technical Report 991, ICS PAS, Ordona 21, 01-237 Warsaw (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Szczecin University of Technology, Faculty of Computer Science and Information Systems,  

    Gizela Jakubowska

  2. Institute of Computer Science, PAS, and Institute of Informatics, Podlasie Academy,  

    Wojciech Penczek

Authors
  1. Gizela Jakubowska
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wojciech Penczek
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Farhad Arbab Marjan Sirjani

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jakubowska, G., Penczek, W. (2007). Is Your Security Protocol on Time ?. In: Arbab, F., Sirjani, M. (eds) International Symposium on Fundamentals of Software Engineering. FSEN 2007. Lecture Notes in Computer Science, vol 4767. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75698-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75698-9_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75697-2

  • Online ISBN: 978-3-540-75698-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation