Formalism of Protocol Security Analysis

  • Ling Dong
  • Kefei Chen


Formal methods are natural extensions to informal ones that have been used to analyze cryptographic protocols. First, some famous formalisms such as BAN logic, model checking and strand space are briefly introduced; then a belief multiset formalism is put forward based on the trusted freshness notion in Chapters 4, 5 and also 6, and the formalism is simple and precise for automation of security analysis.


Medium Access Control Model Check Cryptographic Protocol Security Goal Strand Space 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Mao W (2004) Modern Cryptography: Theory and Practice. Prentice Hall, New JerseyGoogle Scholar
  2. [2]
    Menezes A, van Oorschot P, Vanstone S (1996) Handbook of Applied Cryptography. CRC Press, New YorkCrossRefGoogle Scholar
  3. [3]
    Goldreich O (2003) Foundations of Cryptography. Cambridge University Press, New YorkGoogle Scholar
  4. [4]
    Burrows M, Abadi M, Needham R (1990) A Logic of Authentication. ACM Transactions on Computer Systems 8(1): 18–36CrossRefGoogle Scholar
  5. [5]
    Lowe G (1999) Towards a Completeness Result for Model Checking of Security Protocols. Journal of Computer Security 7(2–3): 89–146Google Scholar
  6. [6]
    Fabrega FJT, Herzog JC, Guttman JD (1998) Strand Spaces: Why is a Security Protocol Correct? In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, 3–6 May 1998Google Scholar
  7. [7]
    Needham RM, Schroeder MD (1978) Using Encryption for Authentication in Large Network of Computers. Communication of the ACM 21(12): 993–999zbMATHCrossRefGoogle Scholar
  8. [8]
    Zhang YQ (2000) Study on Analysis of Security Protocols of Computer Communication Network. PhD Dissertation (in Chinese), XIDIAN UniversityGoogle Scholar
  9. [9]
    Gong L, Needham R, Yahalom R (1990) Reasoning About Belief in Cryptographic Protocols. In Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, Oakland, 7–9 May 1990Google Scholar
  10. [10]
    Abadi M, Tuttle MR (1991) A Semantics for a Logic of Authentication. In: Proceedings of the 10th ACM Symposium on Principles of Distributed Computing, Montreal, 19–21 Aug 1991Google Scholar
  11. [11]
    Syverson PF, Oorschot PCV (1994) On Unifying Some Cryptographic Protocol Logics. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, Oakland, 16–18 May 1994Google Scholar
  12. [12]
    Lowe G (1996) Breaking and Fixing the Needham-Schroeder Public-key Protocol Using FDR. In: TACAS’96 Proceedings of the 12th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, Passau, 27–29 Mar 1996. Lecture Notes in Computer Science (Lecture Notes in Software Configuration Management), vol 1055. Springer, Heidelberg, pp 147–166Google Scholar
  13. [13]
    Millen JK, Clark SC, Freedman SB (1987) The Interrogator: Protocol Security Analysis. IEEE Trans. Software Eng. 13(2): 274–288CrossRefGoogle Scholar
  14. [14]
    Mitchell JC, Mitchell M, Stern U (1997) Automated Analysis of Cryptographic Protocols Using Mur?. In: Proceedings of 1997 IEEE Symposium on Security and Privacy, Oakland, 4–7 May 1997Google Scholar
  15. [15]
    Meadows C (1994) A Model of Computation for the NRL Protocol Analyzer. In: Proceedings of the 1994 Computer Security FoundationsWorkshop, Franconia, 14–16 June 1994Google Scholar
  16. [16]
    Meadows C (1996) The NRL Protocol Analyzer: an Overview. Journal of Logic Programming 26(2): 113–131zbMATHCrossRefGoogle Scholar
  17. [17]
    Meadows C (1999) Analysis of the Internet key Exchange Protocol Using the NRL Protocol Analyzer. In: Proceedings of 1999 IEEE Symposium on Security and Privacy, Oakland, 9–12 May 1999Google Scholar
  18. [18]
    Fabrega FJT, Herzog JC, Guttman JD (1999) Mixed Strand Spaces. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, Mordano, 28–30 June 1999Google Scholar
  19. [19]
    Song D, Berezin S, Perrig A (2001) Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis. Journal of Computer Security 9(1–2): 47–74Google Scholar
  20. [20]
    Dong L (2008) Cryptographic Protocol Engineering and Protocol Security Based on Trusted Freshness. PhD Dissertation (in Chinese), Shanghai Jiaotong UniversityGoogle Scholar
  21. [21]
    Chen K, Dong L, Lai X (2008) Security Analysis of Cryptographic Protocols Based on Trusted Freshness. Journal of Korea Institute of Information Security and Cryptology, 18(6B): 1–13zbMATHGoogle Scholar
  22. [22]
    Dong L, Chen K, Lai X (2009) Belief Multisets for Cryptographic Protocol Analysis. Journal of Software 20(11): 3060–3076 (in Chinese)CrossRefGoogle Scholar
  23. [23]
    Dong L, Chen K, Lai X, Wen M (2009) When is a Key Establishment Protocol Correct? Security and Communication Networks, 2(6): 567–579Google Scholar
  24. [24]
    Otway D, Rees O (1987) Efficient and Timely Mutual Authentication. Operating Systems Review 21(1): 8–10CrossRefGoogle Scholar
  25. [25]
    Abadi M, Needham R (1996) Prudent Engineering Practice for Cryptographic Protocols. IEEE Transactions on Software Engineering 22(1): 6–15CrossRefGoogle Scholar
  26. [26]
    Denning DE, Sacco GM (1981) Timestamps in Key Distribution Protocols. Communication of the ACM 24(8): 533–536CrossRefGoogle Scholar
  27. [27]
    Lowe G (1995) An Attack on the Needham-Schroeder Public Key Authentication Protocol. Information Processing Letters 56(3): 131–133zbMATHCrossRefGoogle Scholar
  28. [28]
    ANSI/IEEE Std 802.11. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Sept 1999Google Scholar
  29. [29]
    Furqan Z, Muhammad S, Guha RK (2006) Formal Verification of 802.11i Using Strand Space Formalism. In: IEEE Proceedings of ICNICONSMCL’2006, Morne, 23–29 Apr 2006. IEEE Press, pp 140–140Google Scholar
  30. [30]
    Sithirasenan E, Zafar S, Muthukkumarasamy V (2006) Formal Verification of the IEEE 802.11i WLAN Security Protocol. In: IEEE Proceedings of ASWEC’2006, Sydney, 18–21 Apr 2006. IEEE Press, pp 181–190Google Scholar
  31. [31]
    Brown B (2003) 802.11: The Security Differences Between b and i. IEEE Potentials 22(4): 23–27CrossRefGoogle Scholar
  32. [32]
    IEEE Std 802.11i-2004. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Medium Access Control (MAC) Security Enhancements. July 2004Google Scholar
  33. [33]
    IEEE Std 802.1X. Port-based Network Access Control. New York: IEEE Press, 2001Google Scholar
  34. [34]
    IEEE Std EAP-2004. Extensible Authentication Protocol (EAP). New York: IEEE Press, June 2004Google Scholar
  35. [35]
    He C, Mitchell JC (2004) Analysis of the 802.11i 4-Way Handshake. In: Proceedings of the 3rd ACMWorkshop on Wireless security (Wise’04), Philadelphia, 1 Oct 2004. pp 43–50Google Scholar
  36. [36]
    Chen JC, Jiang MC, Liu YW (2005) Wireless Lan Security and IEEE 802.11i. IEEE Wireless Communications 12(1): 27–36CrossRefGoogle Scholar
  37. [37]
    Guttman JD, Thayer F (2000) Authentication Tests. In: Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, 14–17 May 2000Google Scholar
  38. [38]
    Bellare M, Rogaway P (1993) Entity Authentication and Key Distribution. In: CRYPTO’93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, 22–26 Aug 1993. Lecture Notes in Computer Science, vol 773. Springer-Verlag, pp 232–249Google Scholar
  39. [39]
    Canetti R, Krawczy H (2001) Analysis of Key-exchange Protocols and Their Use for Building Secure Channels. In: EUROCRYPT’01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, Innsbruck, 6–10 May 2001. Lecture Notes in Computer Science, vol 2045. Springer-Verlag, pp 453–474Google Scholar

Copyright information

© Higher Education Press, Beijing and Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Ling Dong
    • 1
  • Kefei Chen
    • 1
  1. 1.Dept. of Computer Science and EngineeringShanghai Jiaotong UniversityShanghaiP.R. China

Personalised recommendations