Skip to main content
SpringerLink
Log in

A Comparison between Strand Spaces and Multiset Rewriting for Security Protocol Analysis

  • Conference paper
  • First Online:
Software Security — Theories and Systems (ISSS 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2609))

Included in the following conference series:

Abstract

Formal analysis of security protocols is largely based on a set of assumptions commonly referred to as the Dolev-Yao model. Two formalisms that state the basic assumptions of this model are related here: strand spaces [FHG98] and multiset rewriting with existential quantification [CDL+ 99,DLMS99]. Strand spaces provide a simple and economical approach to state-based analysis of completed protocol runs by emphasizing causal interactions among protocol participants. The multiset rewriting formalism provides a very precise way of specifying finite-length protocols, with a bounded initialization phase but allowing unboundedly many instances of each protocol role, such as client, server, initiator, or responder. Although it is fairly intuitive that these two languages should be equivalent in some way, a number of modifications to each system are required to obtain a meaningful equivalence. We extend the strand formalism with a way of incrementally growing bundles in order to emulate an execution of a protocol with parametric strands. We omit the initialization part of the multiset rewriting setting, which formalizes the choice of initial data, such as shared public or private keys, and which has no counterpart in the strand space setting. The correspondence between the modified formalisms directly relates the intruder theory from the multiset rewriting formalism to the penetrator strands. The relationship we illustrate here between multiset rewriting specifications and strand spaces thus suggests refinements to both frameworks, and deepens our understanding of the Dolev-Yao model.

Partial support for various authors by OSD/ONR CIP/SW URI “Software Quality and Infrastructure Protection for Diffuse Computing” through ONR Grant N00014-01-1-0795, by NRL under contract N00173-00-C-2086, by DoD MURI “Semantic Consistency in Information Exchange” as ONR grant N00014-97-1-0505 and by NSF grants CCR-9509931, CCR-9629754, CCR-9800785, CCR-0098096, and INT98-15731.

This paper is a revised version of [CDL+00].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Frederic Butler, Iliano Cervesato, Aaron D. Jaggard, and Andre Scedrov. A Formal Analysis of Some Properties of Kerberos 5 Using MSR. In Fifteenth Computer Security Foundations Workshop-CSFW-15, pages 175–190, Cape Breton, NS, Canada, June 2002. IEEE Computer Society Press.

    Google Scholar 

  2. Iliano Cervesato, Nancy Durgin, Max I. Kanovich, and Andre Scedrov. Interpreting Strands in Linear Logic. In H. Veith, N. Heintze, and E. Clark, editors, 2000 Workshop on Formal Methods and Computer Security-FMCS’00, Chicago, IL, July 2000.

    Google Scholar 

  3. [CDL+ 99] Iliano Cervesato, Nancy A. Durgin, Patrick D. Lincoln, John C. Mitchell, and Andre Scedrov. A meta-notation for protocol analysis. In P. Syverson, editor, Proceedings of the 12th IEEE Computer Security Foundations Workshop-CSFW’99, pages 55–69, Mordano, Italy, June 1999. IEEE Computer Society Press.

    Google Scholar 

  4. Iliano Cervesato, Nancy A. Durgin, Patrick D. Lincoln, John C. Mitchell, and Andre Scedrov. Relating strands and multiset rewriting for security protocol analysis. In P. Syverson, editor, 13th IEEE Computer Security Foundations Workshop-CSFW’00, pages 35–51, Cambrige, UK, 3-5 July 2000. IEEE Computer Society Press.

    Google Scholar 

  5. Iliano Cervesato. Typed MSR: Syntax and Examples. In V.I. Gorodetski, V.A. Skormin, and L.J. Popyack, editors, First International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security-MMM’01, pages 159–177, St. Petersburg, Russia, May 2001. Springer-Verlag LNCS 2052.

    Google Scholar 

  6. Nancy Durgin, Patrick Lincoln, John Mitchell, and Andre Scedrov. Undecidability of bounded security protocols. In N. Heintze and E. Clarke, editors, Proceedings of the Workshop on Formal Methods and Security Protocols-FMSP, Trento, Italy, July 1999. Extended version at ftp://ftp.cis.upenn.edu/pub/papers/scedrov/msr-long.ps.

  7. Grit Denker and Jonathan K. Millen. CAPSL Intermediate Language. In N. Heintze and E. Clarke, editors, Proceedings of the Workshop on Formal Methods and Security Protocols-FMSP, Trento, Italy, July 1999.

    Google Scholar 

  8. Danny Dolev and Andrew C. Yao. On the security of public-key protocols. IEEE Transactions on Information Theory, 2(29):198–208, 1983.

    Article  MathSciNet  Google Scholar 

  9. F. Javier Thayer Fábrega, Jonathan C. Herzog, and Joshua D. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 160–171, Oakland, CA, May 1998. IEEE Computer Society Press.

    Google Scholar 

  10. F. Javier Thayer Fábrega, Jonathan C. Herzog, and Joshua D. Guttman. Mixed strand spaces. In P. Syverson, editor, Proceedings of the 12th IEEE Computer Security Foundations Workshop-CSFW’99, pages 72–82, Mordano, Italy, June 1999. IEEE Computer Society Press.

    Google Scholar 

  11. A. Maneki. Honest functions and their application to the analysis of cryptographic protocols. In P. Syverson, editor, Proceedings of the 12th IEEE Computer Security Foundations Workshop-CSFW’99, pages 83–89, Mordano, Italy, June 1999. IEEE Computer Society Press.

    Google Scholar 

  12. R.M. Needham and M.D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.

    Article  MATH  Google Scholar 

  13. Dawn Song. Athena: a new efficient automatic checker for security protocol analysis. In Proceedings of the Twelth IEEE Computer Security Foundations Workshop, pages 192–202, Mordano, Italy, June 1999. IEEE Computer Society Press.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Advanced Engineering and Sciences Division, ITT Industries, Inc., 2560 Huntington Avenue, 22303-1410, Alexandria, VA, USA

    I. Cervesato

  2. Computer Science Department, Stanford University, 94305-9045, Stanford, CA, USA

    N. Durgin & J. Mitchell

  3. Computer Science Laboratory, SRI International, 333 Ravenswood Avenue, Menlo Park, 94025-3493, CA, USA

    P. Lincoln

  4. Mathematics Department, University of Pennsylvania, 209 South 33rd Street, 19104-6395, Philadelphia, PA, USA

    A. Scedrov

Authors
  1. I. Cervesato
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. N. Durgin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. P. Lincoln
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. J. Mitchell
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. A. Scedrov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Keio University, 2-15-45 Mita, Minatoku, 108-8345, Tokyo, Japan

    Mitsuhiro Okada

  2. University of Pennsylvania, 200 South 33rd St., 19104, Philadelphia, PA, USA

    Benjamin C. Pierce

  3. University of Pennsylvania, 209 South 33rd St., 19104-6395, Philadelphia, PA, USA

    Andre Scedrov

  4. Keio University, 5322 Endoh, 252-8520, Fujisawa, Japan

    Hideyuki Tokuda

  5. University of Tokyo, 7-3-1 Hongo, Bunkyo-ku, 113, Tokyo, Japan

    Akinori Yonezawa

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cervesato, I., Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A. (2003). A Comparison between Strand Spaces and Multiset Rewriting for Security Protocol Analysis. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds) Software Security — Theories and Systems. ISSS 2002. Lecture Notes in Computer Science, vol 2609. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36532-X_22

Download citation

  • DOI: https://doi.org/10.1007/3-540-36532-X_22

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00708-1

  • Online ISBN: 978-3-540-36532-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation