Skip to main content
SpringerLink
Log in

Lazy Infinite-State Analysis of Security Protocols

  • Conference paper
  • First Online:
Book cover Secure Networking — CQRE [Secure] ’ 99 (CQRE 1999)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1740))

Included in the following conference series:

Abstract

Security protocols are used to exchange information in a Distributed system with the aim of providing security guarantees. We Present an approach to modeling security protocols using lazy data types in a higher-order functional programming language. Our approach supports the formalization of protocol models in a natural and high-level way, and the automated analysis of safety properties using infinite-state model checking, where the model is explicitly constructed in a demand-driven manner. We illustrate these ideas with an extended example: modeling and checking the Needham-Schroeder public-key authentication protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  • R. Anderson and R. Needham. Programming Satan’s computer. In Commputer Science Today, volume 1000 of LNCS, pages 426–441. Springer-Verlag, 1995.

    Chapter  Google Scholar 

  • Michael Burrows, Martin Abadi, and Roger Needham. A logic of authentication. ACM Transactions in Computer Systems, 8(1):18–36, 1990.

    Article  Google Scholar 

  • John Clark and Jeremy Jacob. A survey of authentication protocol literature: Version 1.0. Available at the URL http://www.cs.york.ac.uk/~jac/>.

  • G. Denker, J. Meseguer, and C. Talcott. Protocol specification and analysis in Maude. In N. Heintze and J. Wing, editors Proceedings of the Workshop on Formal Methods and Security Protocols, pages 939–944, Indianapolis, Indiana, June 1998.

    Google Scholar 

  • D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29:198–208, 1983.

    Article  MATH  MathSciNet  Google Scholar 

  • Dan P. Friedman and David S. Wise. Cons should not evaluate its arguments. In S. Michaelson and R. Milner, editors, Automata, Languages and Programming, pages 257–284. Edinburgh University Press, 1976.

    Google Scholar 

  • Nevin Heintze, J.D. Tygar, Jeannette M. Wing, and Hao-Chi Wong. Model checking electronic commerce protocols. In Proceedings of the UNISEX 1996 Workshop on Electronic Commerce, 1996.

    Google Scholar 

  • P. Hudak, S. Peyton Jones, and P. Wadler (Editors). Report on the programming language Haskell: A non-strict, purely functional language (version 1.2). ACM SIGPLAN Notices, 27(5), 1992

    Google Scholar 

  • Richard Kemmerer, Catherine Meadows, and Jonathan Millen. Three systems for cryptographic protocol analysis. Journal of Cryptology, 7(2):79–130, 1994.

    Article  MATH  Google Scholar 

  • Gawin Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proceedings of TACAS’96, LNCS 1055. pages 147–166. Springer, Berlin, 1996.

    Google Scholar 

  • Wenbo Mao. An augmentation of BAN-like logics. In Proceedings of the 8th IEEE Computer Security Foundations of Workshop, pages 44–56. IEEE Computer Society Press, 1995.

    Google Scholar 

  • W. Marrerp. E. Clarke, and S. Jha. Model checking for security protocols. In Proceedings of the DIMACS Workshop on Design and Verification of Security Protocols. 1997.

    Google Scholar 

  • Jonathan K. Millen, S.C. Clark, and S.B. Freedman. The Interrogator: Protocol security analysis. IEEE Transactions on Software Engineering, 13(2):274–288, 1987.

    Article  Google Scholar 

  • Roger M. Needham and Michael D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.

    Article  MATH  Google Scholar 

  • Lawrence C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85–125, 1998.

    Google Scholar 

  • A.W. Roscoe. Modelling and verifying key-exchange protocols using CSP and FDR. In Proceedings of 1995 IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 1995.

    Google Scholar 

  • Steve Schneider. Verifying authentication protocols in CSP. IEEE Transactions on Software Engineering, 24(9):741–758, 1998.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Informatik, Universität Freiburg, Germany

    David Basin

Authors
  1. David Basin
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Basin, D. (1999). Lazy Infinite-State Analysis of Security Protocols. In: Secure Networking — CQRE [Secure] ’ 99. CQRE 1999. Lecture Notes in Computer Science, vol 1740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46701-7_3

Download citation

  • DOI: https://doi.org/10.1007/3-540-46701-7_3

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66800-8

  • Online ISBN: 978-3-540-46701-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation