Abstract
Security protocols are notoriously difficult to debug. One approach to the automatic verification of security protocols with a bounded set of agents uses logic programming with analysis and synthesis rules to describe how the attacker gains information and constructs new messages.
We propose a generic approach to verifying security protocols in Spin. The dynamic process creation mechanism of Spin is used to nondeterministically create different combinations of role instantiations. We incorporate the synthesis and analysis features of the logic programming approach to describe how the intruder learns information and replays it back into the system. We formulate a generic “loss of secrecy” property that is flagged whenever the intruder learns private information from an intercepted message. We also describe a simplification of the Dolev-Yao attacker model that suffices to analyze secrecy properties.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Amadio, R.M., Lugiez, D., Vanackère, V.: On the symbolic reduction of processes with cryptographic functions. Theoretical Computer Science 290(1), 695–740 (2002)
Anderson, R., Needham, R.M.: Programming Satan’s computer. In: van Leeuwen, J. (ed.) Computer Science Today. LNCS, vol. 1000, pp. 426–441. Springer, Heidelberg (1995)
Abadi, M., Needham, R.M.: Prudent engineering practices for cryptographic protocols. IEEE Transactions on Software Engineering 22, 6–15 (1996)
Abadi, M., Tuttle, M.: A Semantics fo a Logic of Authentication. In: Proceedings of the 10th ACM Annual Symposium on Principles of Distributed Computing, August 1991, pp. 201–216 (1991)
Burrows, M., Abadi, M., Needham, R.M.: A logic of authentication. ACM Transactions on Computer Systems 8(1), 18–36 (1990)
Bolignano, D.: Towards a mechanization of cryptographic protocol verification. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 131–142. Springer, Heidelberg (1997)
Blanchet, B., Podelski, A.: Verification of Cryptographic Protocols: Tagging Enforces Termination. In: Gordon, A.D. (ed.) FOSSACS 2003. LNCS, vol. 2620, pp. 136–152. Springer, Heidelberg (2003)
Clark, J., Jacob, J.: A survey of authentication protocol literature (1997), Electronic version available at http://www.cs.york.ac.uk/~jac
Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: The undecidability of bounded security protocols. In: Proceedings of the Workshop on Formal Methods and Security Protocols, FMSP 1999 (1999)
Denker, G., Millen, J., Ruess, H.: The CAPSL Integrated Protocol Environment. Technical Report SRI-CSL-2000-02, SRI (October 2000), Available at http://www.csl.sri.com/users/millen/capsl
Debbabi, M., Mejri, M., Tawbi, N., Yahmadi, I.: Formal automatic verification of authentication protocols. In: Proceedings of the First IEEE International Conference on Formal Engineering Methods (ICFEM 1997). IEEE Press, Los Alamitos (1997)
Dolev, D., Yao, A.: On the Security of public-key protocols. IEEE Transactions on Information Theory 29, 198–208 (1983)
Gong, L., Needham, R., Yahalom, R.: Reasoning About Belief in Cryptographic Protocols. In: Cooper, D., Lunt, T. (eds.) Proceedings 1990 IEEE Symposium on Research in Security and Privacy, pp. 234–248. IEEE Computer Society, Los Alamitos (1990)
Khan, A.S., Mukund, M., Suresh, S.P.: Generic verification of security protocols. Technical report, CMI (May 2005), Electronic version available at http://www.cmi.ac.in/~spsuresh
Lowe, G.: Breaking and fixing the Needham-Schroeder public key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)
Lowe, G.: Casper: A compiler for the analysis of security protocols. Journal of computer security 6, 53–84 (1998)
Lowe, G., Roscoe, B.: Using CSP to detect errors in the TMN protocol. IEEE Transactions of Software Engineering 23(10), 659–669 (1997)
Mitchell, J.C., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using Murϕ. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 141–153 (1997)
Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: ACM Conference on Computer and Communications Security, pp. 166–175 (2001)
Maggi, P., Sisto, R.: Using SPIN to Verify Security Protocols. In: Bošnački, D., Leue, S. (eds.) SPIN 2002. LNCS, vol. 2318, pp. 187–204. Springer, Heidelberg (2002)
Needham, R.M., Schroeder, M.D.: Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM 21(12), 993–999 (1978)
Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of computer security 6, 85–128 (1998)
Ramanujam, R., Suresh, S.P.: Decidability of context-explicit security protocols. Journal of Computer Security 13(1), 135–165 (2005)
Syverson, P.F., Cervesato, I.: The logic of authentication protocols. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 63–106. Springer, Heidelberg (2001)
Schneider, S.: Security properties and CSP. In: Proceedings of the IEEE Computer Society Symposium on Security and Privacy (1996)
Schneider, S.: Verifying authentication protocols with CSP. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (1997)
Suresh, S.P.: Foundations of Security Protocol Analysis. PhD thesis, The Institute of Mathematical Sciences, Chennai, India, Madras University (November 2003), Available at http://www.cmi.ac.in/~spsuresh
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Khan, A.S., Mukund, M., Suresh, S.P. (2005). Generic Verification of Security Protocols. In: Godefroid, P. (eds) Model Checking Software. SPIN 2005. Lecture Notes in Computer Science, vol 3639. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11537328_18
Download citation
DOI: https://doi.org/10.1007/11537328_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28195-5
Online ISBN: 978-3-540-31899-6
eBook Packages: Computer ScienceComputer Science (R0)