Abstract
In this paper we describe our experiences in specifying and verifying a complex cryptographic protocol actually used in industry that has been developed for the area of chipcard based biometric identification systems. The main emphasis was placed on authenticity, integrity and confidentiality properties. The formal analysis even led to several simplifying modifications of the protocol that facilitate the implementation, yet maintaining the protocol security properties we considered. The formal analysis is based on an inductive approach performed with the help of VSE (Verification Support Environment). The heuristic based proof automation techniques realized in VSE result in an average grade of automation of 80 percent. Thus, VSE provides substantial support for the specification and verification of cryptographic protocols.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Transactions on Information Theory 2(29) (1983)
Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6, 85–128 (1998)
The Verisoft Project, http://www.verisoft.de/
Lassmann, G., Schwan, M.: Vertrauenswüdige Chipkartenbasierte Biometrische Authentifikation. In: Dittmann, J (Hrsg.) (ed.) Sicherheit 2006, Sicherheit-Schutz und Zuverlässigkeit. GI-Edition Lectures Notes in Informatics, Gesellschaft für Informatik, Bonn (2006)
Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modeling and Analysis of Security Protocols. Addison Wesley, Reading (2000)
Denker, G., Millen, J., Rueß, H.: The CAPSL Integrated Protocol Environment protocol. SRI Technical Report SRI-CSL-2000-02 (October 2000)
Meadows, C.: The NRL Protocol Analyzer: An overview. Journal of Logic Programming 26(2), 113–131 (1996)
Lowe, G.: Casper: A compiler for the analysis of security protocols. Journal of Computer Security 6, 53–84 (1998)
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. Software—Concepts and Tools 17, 93–102 (1996)
Durante, A., Focardi, R., Gorrieri, R.: Cvs: A compiler for the analysis of cryptographic protocols. In: Proceedings of 12th IEEE Computer Security Foundations Workshop, pp. 203–212 (1999)
Weidenbach, C.: Towards an automatic analysis of security protocols. In: Ganzinger, H. (ed.) CADE 1999. LNCS (LNAI), vol. 1632, pp. 378–382. Springer, Heidelberg (1999)
Lowe, G., Roscoe, A.W.: Using CSP to detect errors in the TMN protocol. IEEE Transactions on Software Engineering 23(10), 659–669 (1997)
Marrero, W., Clarke, E., Jha, S.: A model checker for authentication protocols. In: Proceedings of the DIMACS Workshop on Design and Formal Verification of Security Protocols (1997)
Neuman, B.C., Stubblebine, S.G.: A note on the use of timestamps as nonces. ACM SIGOPS, Operating Systems Review 27(2), 10–14 (1993)
Mitchell, J.C., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using Murφ. In: IEEE Symposium on Security and Privacy (1997)
Basin, D.: Lazy Infinite-State Analysis of Security Protocols. In: Baumgart, R. (ed.) CQRE 1999. LNCS, vol. 1740, pp. 30–42. Springer, Heidelberg (1999)
Basin, D., Mödersheim, S., Viganò, L.: An On-The-Fly Model-Checker for Security Protocol Analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)
Thayer Fábrega, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7(2,3), 191–230 (1999)
Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. In: Proceedings of the Fourth ACM Conference on Computer and Communications Security (1997)
Boreale, M.: Symbolic trace analysis of cryptographic protocols. In: Harper, R. (ed.) TIC 2000. LNCS, vol. 2071, pp. 667–681. Springer, Heidelberg (2001)
Donovan, R., Norris, M., Lowe, G.: Analyzing a library of security protocols using Casper and FDR. In: Proceedings of the FLoC Workshop on Formal Methods and Security Protocols (Trento, Italy) (1999)
Song, D.X., Berezin, S., Perrig, A.: Athena: a novel approach to efficient automatic security protocol analysis. Journal of Computer Security 9(1,2), 47–74 (2001)
Hutter, D., Langenstein, B., Sengler, C., Siekmann, J.H., Stephan, W., Wolpers, A.: Deduction in the Verification Support Environment (VSE). In: Gaudel, M.-C., Woodcock, J. (eds.) Proceedings Formal Methods Europe 1996: Industrial Benefits and Advances in Formal Methods. Springer, Heidelberg (1996)
Hutter, D., Langenstein, B., Sengler, C., Siekmann, J.H., Stephan, W., Wolpers, A.: Verification support environment (vse). High Integrity Systems 1(6), 523–530 (1996)
Hutter, D., Mantel, H., Rock, G., Stephan, W., Wolpers, A., Balser, M., Reif, W., Schellhorn, G., Stenzel, K.: VSE: Controlling the complexity in formal software developments. In: Hutter, D., Traverso, P. (eds.) FM-Trends 1998. LNCS, vol. 1641. Springer, Heidelberg (1999)
Hutter, D., Rock, G., Siekmann, J.H., Stephan, W., Vogt, R.: Formal Software Development in the Verification Support Environment (VSE). In: Manaris, B., Etheredge, J. (eds.) FLAIRS 2000: Proceedings of the Thirteenth International Florida Artificial Intelligence Research Society Conference, pp. 367–376. AAAI Press, Menlo Park (2000)
Rock, G., Stephan, W., Wolpers, A.: Modular Reasoning about Structured TLA Specifications. In: Berghammer, R., Lakhnech, Y. (eds.) Tool Support for System Specification, Development and Verification. Advances in Computing Science, pp. 217–229. Springer, Wien (1999)
Rock, G., Stephan, W., Wolpers, A.: Assumption–Commitment Specifications and Safety-Critical Systems. In: König, H., Langendörfer, P. (eds.) FBT 1998. Formale Beschreibungstechniken für verteilte Systeme, 8, GI/ITG-Fachgespräch, pp. 125–135. Shaker Verlag, Aachen (1998)
Stephan, W., Langenstein, B., Nonnengart, A., Rock, G.: Verification Support Environment. In: Hutter, D., Stephan, W. (eds.) Mechanizing Mathematical Reasoning. LNCS (LNAI), vol. 2605, pp. 476–493. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cheikhrouhou, L., Rock, G., Stephan, W., Schwan, M., Lassmann, G. (2006). Verifying a Chipcard-Based Biometric Identification Protocol in VSE. In: Górski, J. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2006. Lecture Notes in Computer Science, vol 4166. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11875567_4
Download citation
DOI: https://doi.org/10.1007/11875567_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-45762-6
Online ISBN: 978-3-540-45763-3
eBook Packages: Computer ScienceComputer Science (R0)