Analysing Applications Layered on Unilaterally Authenticating Protocols

  • Thomas Gibson-Robinson
  • Gavin Lowe
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7140)

Abstract

There are many approaches to proving the correctness of application-layer protocols that are layered on secure transport protocols, such as TLS. One popular approach is verification by abstraction, in which the correctness of the application-layer protocol is proven under the assumption that the transport layer satisfies certain properties. Following this approach, we adapt the strand spaces model in order to analyse application-layer protocols that depend on unilaterally authenticating secure transport protocols, such as unilateral TLS. We develop proof rules that enable us to prove the correctness of application-layer protocols that use either unilateral or bilateral secure transport protocols, and illustrate them by proving the correctness of WebAuth, a single-sign-on protocol that makes extensive use of unilateral TLS.

Keywords

Security Protocol User Agent Proof Rule Regular Node Security Guarantee 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Dierks, T., Rescorla, E.: The TLS Protocol: Version 1.2 (2008), http://tools.ietf.org/html/rfc5246
  2. 2.
    Bella, G., Longo, C., Paulson, L.: Verifying Second-Level Security Protocols. In: Theorem Proving in Higher Order Logics (2003)Google Scholar
  3. 3.
    Dilloway, C., Lowe, G.: Specifying Secure Transport Channels. In: Computer Security Foundations Symposium (2008)Google Scholar
  4. 4.
    Armando, A., Carbone, R., Compagna, L.: LTL Model Checking for Security Protocols. In: Computer Security Foundations Symposium (2007)Google Scholar
  5. 5.
    Armando, A., Carbone, R., Compagna, L., Cuellar, J., Tobarra, L.: Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps. In: Formal Methods in Security Engineering (2008)Google Scholar
  6. 6.
    Bugliesi, M., Focardi, R.: Language Based Secure Communication. In: Computer Security Foundations Symposium (2008)Google Scholar
  7. 7.
    Mödersheim, S., Viganò, L.: Secure Pseudonymous Channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 337–354. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Kamil, A., Lowe, G.: Specifying and Modelling Secure Channels in Strand Spaces. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 233–247. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Kamil, A.: The Modelling and Analysis of Layered Security Architectures in Strand Spaces. DPhil Thesis. University of Oxford (2010)Google Scholar
  10. 10.
    Thayer Fábrega, F.J., Herzog, J., Guttman, J.: Strand spaces: Proving Security Protocols Correct. Journal of Computer Security (1999)Google Scholar
  11. 11.
    Schemers, R., Allbery, R.: WebAuth Technical Specification v.3 (2009), http://webauth.stanford.edu/protocol
  12. 12.
    Fitzpatrick, B., Recordon, D., Hardt, D., Bufu, J., Hoyt, J.: OpenID Authentication 2.0, http://openid.net/specs/openid-authentication-2_0.html
  13. 13.
    Leach, P.J., Berners-Lee, T., Mogul, J.C., Masinter, L., Fielding, R.T., Gettys, J.: Hypertext Transfer Protocol – HTTP/1.1 (2004), http://tools.ietf.org/html/rfc2616
  14. 14.
    Rescorla, E.: HTTP Over TLS (2000), http://tools.ietf.org/html/rfc2818
  15. 15.
    Guttman, J.D., Thayer, F.J.: Authentication tests and the structure of bundles. Theoretical Computer Science (2002)Google Scholar
  16. 16.
    Groß, T., Mödersheim, S.: Vertical Protocol Composition. In: Computer Security Foundations Symposium (2011)Google Scholar
  17. 17.
    Kamil, A., Lowe, G.: Analysing TLS in the Strand Spaces Model. To appear in Journal of Computer Security (2011)Google Scholar
  18. 18.
    Kamil, A., Lowe, G.: Understanding Abstractions of Secure Channels. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 50–64. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. 19.
    Doghmi, S., Guttman, J., Thayer, F.J.: Searching for Shapes in Cryptographic Protocols. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 523–537. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Thomas Gibson-Robinson
    • 1
  • Gavin Lowe
    • 1
  1. 1.Department of Computer ScienceUniversity of OxfordOxfordUK

Personalised recommendations