Abstract
We present a static analysis technique for the verification of cryptographic protocols, specified in a process calculus. Rather than assuming a specific, fixed set of cryptographic primitives, we only require them to be specified through a term rewriting system, with no restrictions. Examples are provided to support our analysis. First, we tackle forward secrecy for a Diffie-Hellman-based protocol involving exponentiation, multiplication and inversion. Then, a simplified version of Kerberos is analyzed, showing that its use of timestamps succeeds in preventing replay attacks.
Partly supported by the EU within the FETPI Global Computing, project IST-2005-16004 SENSORIA (Software Engineering for Service-Oriented Overlay Computers).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115 (2001)
Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The Spi calculus. Journal of Information and Computation 148(1), 1–70 (1999)
AVISPA project home page, http://www.avispa-project.org
Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. In: 20th IEEE Symposium on Logic in Computer Science (LICS 2005) (2005)
Bodei, C., Degano, P., Nielson, F., Riis Nielson, H.: Static analysis for the π-calculus with application to security. Journal of Information and Computation 168(1), 68–92 (2001)
Boichut, Y.: Tree automata for security protocols (TA4SP) tool, http://lifc.univ-fcomte.fr/~boichut/TA4SP/TA4SP.html
Cervesato, I., Durgin, N.A., Mitchell, J.C., Lincoln, P.D., Scedrov, A.: Relating strands and multiset rewriting for security protocol analysis. In: 13-th IEEE Computer Security Foundations Workshop, pp. 35–51 (2000)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(12), 198–208 (1983)
Feuillade, G., Genet, T., Tong, V.V.T.: Reachability analysis over term rewriting systems. Journal of Automated Reasoning (2004)
Genet, T., Tang-Talpin, Y.T., Tong, V.V.T.: Verification of copy-protection cryptographic protocol using approximations of term rewriting systems. In: Proc. of Workshop on Issues in the Theory of Security (2003)
Genet, T., Klay, F.: Rewriting for cryptographic protocol verification. In: Proceeding of CADE, pp. 271–290 (2000)
Goubault-Larrecq, J., Roger, M., Verma, K.N.: Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically. Journal of Logic and Algebraic Programming 64(2), 219–251 (2005)
Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science 96(1), 73–155 (1992)
Millen, J.K., Shmatikov, V.: Symbolic protocol analysis with products and Diffie-Hellman exponentiation. In: Computer Security Foundations Workshop (2003)
Milner, R.: Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, Cambridge (1999)
Monniaux, D.: Abstracting cryptographic protocols with tree automata. Science of Computer Programming 47(2–3), 177–202 (2003)
Neuman, B.C., Ts’o, T.: Kerberos: An authentication service for computer networks. IEEE Communications Magazine 32, 33–38 (1994)
Nielson, F., Riis Nielson, H., Seidl, H.: Cryptographic analysis in cubic time. Electronic Notes in Theoretical Computer Science 62 (2002)
Steiner, J.G., Neuman, B.C., Shiller, J.I.: Kerberos: An authentication service for open network systems. In: Proc. of the Winter 1988 Usenix Conference, pp. 191–201 (1988)
Timbuk tree automata tool, http://www.irisa.fr/lande/genet/timbuk
Zunino, R.: Control flow analysis for the applied π–calculus. In: Proceedings of the MEFISTO Project 2003. ENTCS, vol. 99, pp. 87–110 (2004)
Zunino, R., Degano, P.: Finite approximations of terms up to rewriting, http://www.di.unipi.it/~zunino/papers/completion.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zunino, R., Degano, P. (2006). Handling exp,× (and Timestamps) in Protocol Analysis. In: Aceto, L., Ingólfsdóttir, A. (eds) Foundations of Software Science and Computation Structures. FoSSaCS 2006. Lecture Notes in Computer Science, vol 3921. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11690634_28
Download citation
DOI: https://doi.org/10.1007/11690634_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33045-5
Online ISBN: 978-3-540-33046-2
eBook Packages: Computer ScienceComputer Science (R0)