Let’s Get Physical: Models and Methods for Real-World Security Protocols

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5674)


Traditional security protocols are mainly concerned with key establishment and principal authentication and rely on predistributed keys and properties of cryptographic operators. In contrast, new application areas are emerging that establish and rely on properties of the physical world. Examples include protocols for secure localization, distance bounding, and device pairing.

We present a formal model that extends inductive, trace-based approaches in two directions. First, we refine the standard Dolev-Yao model to account for network topology, transmission delays, and node positions. This results in a distributed intruder with restricted, but more realistic, communication capabilities. Second, we develop an abstract message theory that formalizes protocol-independent facts about messages, which hold for all instances. When verifying protocols, we instantiate the abstract message theory, modeling the properties of the cryptographic operators under consideration. We have formalized this model in Isabelle/HOL and used it to verify distance bounding protocols where the concrete message theory includes exclusive-or.


Security Protocol Security Property Protocol Step Uninterpreted Function Honest Agent 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  2. 2.
    Capkun, S., Buttyan, L., Hubaux, J.P.: SECTOR: secure tracking of node encounters in multi-hop wireless networks. In: SASN 2003: Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 21–32. ACM Press, New York (2003)CrossRefGoogle Scholar
  3. 3.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: SECURECOMM 2005: Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks, Washington, DC, USA, pp. 67–73. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  4. 4.
    Meadows, C., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.: Distance bounding protocols: Authentication logic analysis and collusion attacks. In: Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks, pp. 279–298. Springer, Heidelberg (2006)Google Scholar
  5. 5.
    Sastry, N., Shankar, U., Wagner, D.: Secure verification of location claims. In: WiSe 2003: Proceedings of the 2003 ACM workshop on Wireless security, pp. 1–10. ACM Press, New York (2003)CrossRefGoogle Scholar
  6. 6.
    Schaller, P., Schmidt, B., Basin, D., Capkun, S.: Modeling and verifying physical properties of security protocols for wireless networks. In: CSF-22: 22nd IEEE Computer Security Foundations Symposium (to appear, 2009)Google Scholar
  7. 7.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6, 85–128 (1998)CrossRefGoogle Scholar
  8. 8.
    Nipkow, T., Paulson, L., Wenzel, M.: Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  9. 9.
    Capkun, S., Hubaux, J.P.: Secure positioning of wireless devices with application to sensor networks. In: INFOCOM, pp. 1917–1928. IEEE, Los Alamitos (2005)Google Scholar
  10. 10.
    Perrig, A., Tygar, J.D.: Secure Broadcast Communication in Wired and Wireless Networks. Kluwer Academic Publishers, Norwell (2002)Google Scholar
  11. 11.
    Ballarin, C.: Interpretation of locales in Isabelle: Theories and proof contexts. In: Borwein, J.M., Farmer, W.M. (eds.) MKM 2006. LNCS (LNAI), vol. 4108, pp. 31–43. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Porter, B.: Cauchy’s mean theorem and the cauchy-schwarz inequality. The Archive of Formal Proofs, Formal proof development (March 2006)Google Scholar
  13. 13.
    Clulow, J., Hancke, G.P., Kuhn, M.G., Moore, T.: So near and yet so far: Distance-bounding attacks in wireless networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 83–97. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Schmidt, B., Schaller, P.: Isabelle Theory Files: Modeling and Verifying Physical Properties of Security Protocols for Wireless Networks,
  15. 15.
    Delzanno, G., Ganty, P.: Automatic Verification of Time Sensitive Cryptographic Protocols. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 342–356. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Evans, N., Schneider, S.: Analysing Time Dependent Security Properties in CSP Using PVS. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 222–237. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Acs, G., Buttyan, L., Vajda, I.: Provably Secure On-Demand Source Routing in Mobile Ad Hoc Networks. IEEE Transactions on Mobile Computing 5(11), 1533–1546 (2006)CrossRefGoogle Scholar
  18. 18.
    Yang, S., Baras, J.S.: Modeling vulnerabilities of ad hoc routing protocols. In: SASN 2003: Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 12–20. ACM, New York (2003)CrossRefGoogle Scholar
  19. 19.
    Courant, J., Monin, J.: Defending the bank with a proof assistant. In: Proceedings of the 6th International Workshop on Issues in the Theory of Security (WITS 2006), pp. 87–98 (2006)Google Scholar
  20. 20.
    Paulson, L.: Defining functions on equivalence classes. ACM Transactions on Computational Logic 7(4), 658–675 (2006)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Basin, D., Constable, R.: Metalogical frameworks. In: Huet, G., Plotkin, G. (eds.) Logical Environments, pp. 1–29. Cambridge University Press, Cambridge (1993); Also available as Technical Report MPI-I-92-205Google Scholar
  22. 22.
    Basin, D., Matthews, S.: Logical frameworks. In: Gabbay, D., Guenthner, F. (eds.) Handbook of Philosophical Logic, 2nd edn., vol. 9, pp. 89–164. Kluwer Academic Publishers, Dordrecht (2002)CrossRefGoogle Scholar
  23. 23.
    Basin, D., Matthews, S.: Structuring metatheory on inductive definitions. Information and Computation 162(1–2) (October/November 2000)Google Scholar
  24. 24.
    Nipkow, T.: Reflecting quantifier elimination for linear arithmetic. Formal Logical Methods for System Security and Correctness, 245 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  1. 1.ETH ZurichZurichSwitzerland

Personalised recommendations