Abstract
Security protocols are used to exchange information in a Distributed system with the aim of providing security guarantees. We Present an approach to modeling security protocols using lazy data types in a higher-order functional programming language. Our approach supports the formalization of protocol models in a natural and high-level way, and the automated analysis of safety properties using infinite-state model checking, where the model is explicitly constructed in a demand-driven manner. We illustrate these ideas with an extended example: modeling and checking the Needham-Schroeder public-key authentication protocol.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
R. Anderson and R. Needham. Programming Satan’s computer. In Commputer Science Today, volume 1000 of LNCS, pages 426–441. Springer-Verlag, 1995.
Michael Burrows, Martin Abadi, and Roger Needham. A logic of authentication. ACM Transactions in Computer Systems, 8(1):18–36, 1990.
John Clark and Jeremy Jacob. A survey of authentication protocol literature: Version 1.0. Available at the URL http://www.cs.york.ac.uk/~jac/>.
G. Denker, J. Meseguer, and C. Talcott. Protocol specification and analysis in Maude. In N. Heintze and J. Wing, editors Proceedings of the Workshop on Formal Methods and Security Protocols, pages 939–944, Indianapolis, Indiana, June 1998.
D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29:198–208, 1983.
Dan P. Friedman and David S. Wise. Cons should not evaluate its arguments. In S. Michaelson and R. Milner, editors, Automata, Languages and Programming, pages 257–284. Edinburgh University Press, 1976.
Nevin Heintze, J.D. Tygar, Jeannette M. Wing, and Hao-Chi Wong. Model checking electronic commerce protocols. In Proceedings of the UNISEX 1996 Workshop on Electronic Commerce, 1996.
P. Hudak, S. Peyton Jones, and P. Wadler (Editors). Report on the programming language Haskell: A non-strict, purely functional language (version 1.2). ACM SIGPLAN Notices, 27(5), 1992
Richard Kemmerer, Catherine Meadows, and Jonathan Millen. Three systems for cryptographic protocol analysis. Journal of Cryptology, 7(2):79–130, 1994.
Gawin Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proceedings of TACAS’96, LNCS 1055. pages 147–166. Springer, Berlin, 1996.
Wenbo Mao. An augmentation of BAN-like logics. In Proceedings of the 8th IEEE Computer Security Foundations of Workshop, pages 44–56. IEEE Computer Society Press, 1995.
W. Marrerp. E. Clarke, and S. Jha. Model checking for security protocols. In Proceedings of the DIMACS Workshop on Design and Verification of Security Protocols. 1997.
Jonathan K. Millen, S.C. Clark, and S.B. Freedman. The Interrogator: Protocol security analysis. IEEE Transactions on Software Engineering, 13(2):274–288, 1987.
Roger M. Needham and Michael D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.
Lawrence C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85–125, 1998.
A.W. Roscoe. Modelling and verifying key-exchange protocols using CSP and FDR. In Proceedings of 1995 IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 1995.
Steve Schneider. Verifying authentication protocols in CSP. IEEE Transactions on Software Engineering, 24(9):741–758, 1998.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Basin, D. (1999). Lazy Infinite-State Analysis of Security Protocols. In: Secure Networking — CQRE [Secure] ’ 99. CQRE 1999. Lecture Notes in Computer Science, vol 1740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46701-7_3
Download citation
DOI: https://doi.org/10.1007/3-540-46701-7_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66800-8
Online ISBN: 978-3-540-46701-4
eBook Packages: Springer Book Archive