Abstract
We present a method based on abstract interpretation for verifying secrecy properties of cryptographic protocols. Our method allows to verify secrecy properties in a general model allowing an unbounded number of sessions, an unbounded number of principals and an unbounded size of messages. As abstract domain we use sets of so-called pattern terms, that is, terms with an interpreted constructor, Sup , where a term Sup (t) is meant for the set of terms that contain t as sub-term.We implemented a prototype and were able to verify well-known protocols such as for instance Needham-Schroeder-Lowe (0.02 sec), Yahalom (12.67 sec), Otway-Rees (0.02 sec), Skeme (0.06 sec) and Kao-Chow (0.07 sec).
This work has been partially supported by the RNTL project EVA.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
MartĂn Abadi. Secrecy by typing in security protocols. In Theoretical Aspects of Computer Software, volume 1281 of LNCS, p. 611–638, 1997.
MartĂn Abadi and Bruno Blanchet. Secrecy Types for Asymmetric Communication. In Foundations of Software Science and Computation Structures, volume 2030 of LNCS, p. 25–41, 2001.
Roberto M. Amadio and Denis Lugiez. On the reachability problem in cryptographic protocols. In International Conference on Concurrency Theory, volume 1877 of LNCS, p. 380–394, 2000.
D. Bolignano. An approach to the formal verification of cryptographic protocols. In ACM Conference on Computer and Communications Security, p. 106–118, 1996.
L. Bozga, Y. Lakhnech, and M. PĂ©rin. Abstract interpretation for secrecy using patterns. Technical report, Verimag, 2002.
J. Clark and J. Joacob. A survey on authentification protocol. Available at the url http://www.cs.york.ac.uk/~jac/papers/drareviewps.ps, 1997.
H. Comon, V. Cortier, and J. Mitchell. Tree automata with one memory, set constraints, and ping-pong protocols. In International Colloquium on Automata, Languages and Programming, volume 2076 of LNCS, 2001.
H. Comon, V. Shmatikov. Is it possible to decide whether a cryptographic protocol is secure or not? Journal of Telecommunications and Information Technology, 2002.
H. Comon-Lundh and V. Cortier. Security properties: Two agents are sufficient. Technical report, LSV, 2002.
D. Dolev, S. Even, and R. M. Karp. On the security of ping-pong protocols. In Advances in Cryptology, p. 177–186, 1982.
D. Dolev and A. C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198–208, 1983.
N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. Undecidability of bounded security protocols. In Workshop on Formal Methods and Security Protocols, 1999.
S. Even and O. Goldreich. On the security of multi-party ping pong protocols. Technical report, Israel Institute of Technology, 1983.
F.J.T. Fábrega, J.C. Herzog, and J.D. Guttman. Strand Spaces: Why is a Security Protocol Correct? In IEEE Conference on Security and Privacy, p. 160–171, 1998.
T. Genet and F. Klay. Rewriting for cryptographic protocol verification. In International Conference on Automated Deduction, volume 1831 of LNCS, 2000.
A. Gordon and A. Jeffrey. Authenticity by typing for security protocols. In IEEE Computer Security Foundations Workshop, p. 145–159, 2001.
Jean Goubault-Larrecq. A method for automatic cryptographic protocol verification. In International Workshop on Formal Methods for Parallel Programming: Theory and Applications, volume 1800 of LNCS, 2000.
G. Lowe. An attack on the Needham-Schroeder public-key authentification protocol. Information Processing Letters, 56(3):131–133, 1995.
G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of LNCS, p. 147–166, 1996.
C. Meadows. Invariant generation techniques in cryptographic protocol analysis. In Computer Security Foundations Workshop, 2000.
J. Millen and V. Shmatikov. Constraint solving for bounded-process cryptographic protocol analysis. In ACM Conference on Computer and Communications Security, p. 166–175, 2001.
David Monniaux. Abstracting Cryptographic Protocols with Tree Automata. In Static Analysis Symposium, volume 1694 of LNCS, p. 149–163, 1999.
R.M. Needham and M.D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.
M. Rusinowitch and M. Turuani. Protocol insecurity with finite number of sessions is NP-complete. In IEEE Computer Security Foundations Workshop, 2001.
J. Thayer, J. Herzog, and J. Guttman. Honest Ideals on Strand Spaces. In IEEE Computer Security Foundations Workshop, p. 66–78, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bozga, L., Lakhnech, Y., PĂ©rin, M. (2003). Pattern-Based Abstraction for Verifying Secrecy in Protocols. In: Garavel, H., Hatcliff, J. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2003. Lecture Notes in Computer Science, vol 2619. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36577-X_22
Download citation
DOI: https://doi.org/10.1007/3-540-36577-X_22
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00898-9
Online ISBN: 978-3-540-36577-8
eBook Packages: Springer Book Archive