Skip to main content
SpringerLink
Log in

Symbolic Timed Trace Equivalence

  • Chapter
  • First Online:
Book cover Foundations of Security, Protocols, and Equational Reasoning

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11565))

Abstract

Intruders can infer properties of a system by measuring the time it takes for the system to respond to some request of a given protocol, that is, by exploiting time side channels. These properties may help intruders distinguish whether a system is a honeypot or concrete system helping them avoid defense mechanisms, or track a user among others violating his privacy. Observational and trace equivalence are technical machineries used for verifying whether two systems are distinguishable. Automating the check for trace equivalence suffers the state-space explosion problem. Symbolic verification is used to mitigate this problem allowing for the verification of relatively large systems. This paper introduces a novel definition of timed trace equivalence based on symbolic time constraints. Protocol verification problems can then be reduced to problems solvable by off-the-shelf SMT solvers. We implemented such machinery in Maude and carry out a number of experiments demonstrating the feasibility of our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    And more generally, observational equivalence.

  2. 2.

    The accompanying implementation can be found at https://github.com/SRI-CSL/VCPublic/obseq.git.

  3. 3.

    \(\mathcal {S}\) always includes guessables–names, text, fresh nonces, .... Guessables are left implicit in our examples.

  4. 4.

    Strictly, \(\mathcal {DC}\) needs to satisfy some conditions in order for this membership relation to be well-defined. For example, the symbol dependency graph of \(\mathcal {DC}\) shall be acyclic. We assume that this relation is undefined whenever this is not the case.

  5. 5.

    Initially this was implemented using CVC4 [4]. Since Alpha 114 there is also the option to use Yices2.

References

  1. Abadi, M., Fournet, C.: Private authentication. Theor. Comput. Sci. 322(3), 427–476 (2004)

    Article  MathSciNet  Google Scholar 

  2. Agha, G., Mason, I.A., Smith, S.F., Talcott, C.L.: A foundation for actor computation. J. Funct. Program. 7, 1–72 (1997)

    Article  MathSciNet  Google Scholar 

  3. Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using the applied pi calculus. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, Edinburgh, United Kingdom, 17–19 July 2010, pp. 107–121 (2010)

    Google Scholar 

  4. Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_14

    Chapter  Google Scholar 

  5. Basin, D., Sebastian Mödersheim, L.V.: OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. (2004). https://doi.org/10.1007/s10207-004-0055-7

  6. Bella, G., Paulson, L.C.: Kerberos version IV: inductive analysis of the secrecy goals. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 361–375. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055875

    Chapter  Google Scholar 

  7. Benton, N., Hofmann, M., Nigam, V.: Effect-dependent transformations for concurrent programs. In: Proceedings of the 18th International Symposium on Principles and Practice of Declarative Programming, 5–7 September 2016, Edinburgh, United Kingdom, pp. 188–201 (2016)

    Google Scholar 

  8. Brands, S., Chaum, D.: Distance-bounding protocols (extended abstract). In: EUROCRYPT, pp. 344–359 (1993)

    Google Scholar 

  9. Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: CSFW, pp. 55–69 (1999)

    Google Scholar 

  10. Cheval, V., Cortier, V.: Timing attacks in security protocols: symbolic framework and proof techniques. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 280–299. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7_15

    Chapter  Google Scholar 

  11. Chothia, T., Smirnov, V.: A traceability attack against e-passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_5

    Chapter  Google Scholar 

  12. Clavel, M., et al.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71999-1

    Book  MATH  Google Scholar 

  13. Corin, R., Etalle, S., Hartel, P.H., Mader, A.: Timed model checking of security protocols. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, New York, NY, USA, pp. 23–32. ACM (2004)

    Google Scholar 

  14. Cortier, V., Delaune, S.: A method for proving observational equivalence. In: Proceedings of the 22nd IEEE Computer Security Foundations Symposium, CSF 2009, Port Jefferson, New York, USA, 8–10 July 2009, pp. 266–276 (2009)

    Google Scholar 

  15. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  16. Durán, F., Eker, S., Escobar, S., Martí-Oliet, N., Meseguer, J., Talcott, C.: Built-in variant generation and unification, and their applications in Maude 2.7. In: Olivetti, N., Tiwari, A. (eds.) IJCAR 2016. LNCS (LNAI), vol. 9706, pp. 183–192. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40229-1_13

    Chapter  Google Scholar 

  17. Biere, A., Bloem, R. (eds.): CAV 2014. LNCS, vol. 8559. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9

    Book  Google Scholar 

  18. Dutertre, B.: Solving exists/forall problems with yices. In: SMT (2015)

    Google Scholar 

  19. Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_1

    Chapter  MATH  Google Scholar 

  20. Evans, N., Schneider, S.: Analysing time dependent security properties in CSP using PVS. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 222–237. Springer, Heidelberg (2000). https://doi.org/10.1007/10722599_14

    Chapter  Google Scholar 

  21. Gazeau, I., Kremer, S.: Automated analysis of equivalence properties for security protocols using else branches. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 1–20. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_1

    Chapter  Google Scholar 

  22. González-Burgueño, A., Aparicio-Sánchez, D., Escobar, S., Meadows, C.A., Meseguer, J.: Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA. In: 22nd International Conference on Logic for Programming, Artificial Intelligence and Reasoning, pp. 400–417 (2018)

    Google Scholar 

  23. González-Burgueño, A., Santiago, S., Escobar, S., Meadows, C.A., Meseguer, J.: Analysis of the PKCS#11 API using the Maude-NPA tool. In: Proceedings of the Security Standardisation Research - Second International Conference, SSR 2015, Tokyo, Japan, 15–16 December 2015, pp. 86–106 (2015)

    Google Scholar 

  24. Gorrieri, R., Locatelli, E., Martinelli, F.: A simple language for real-time cryptographic protocol analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 114–128. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36575-3_9

    Chapter  Google Scholar 

  25. Gunter, C.A.: Semantics of Programming Languages - Structures and Techniques. Foundations of Computing. MIT Press, Cambridge (1993)

    Google Scholar 

  26. Ho, G., Boneh, D., Ballard, L., Provos, N.: Tick tock: building browser red pills from timing side channels. In: Bratus, S., Lindner, F.F.X. (eds.) 8th USENIX Workshop on Offensive Technologies, WOOT 2014 (2014)

    Google Scholar 

  27. Jakubowska, G., Penczek, W.: Modelling and checking timed authentication of security protocols. Fundam. Inf. 79(3–4), 363–378 (2007)

    MathSciNet  MATH  Google Scholar 

  28. Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L.: Towards timed models for cyber-physical security protocols (2014). Available in Nigam’s homepage

    Google Scholar 

  29. Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L., Perovic, R.: A rewriting framework for activities subject to regulations. In: 23rd International Conference on Rewriting Techniques and Applications (RTA 2012), Nagoya, Japan, 28 May–2 June 2012, pp. 305–322 (2012)

    Google Scholar 

  30. Mason, I.A., Talcott, C.L.: IOP: The interoperability platform & IMaude: an interactive extension of Maude. In: Fifth International Workshop on Rewriting Logic and Its Applications (WRLA 2004). Electronic Notes in Theoretical Computer Science. Elsevier (2004)

    Google Scholar 

  31. Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Program. 26(2), 113–131 (1996)

    Article  Google Scholar 

  32. Meadows, C.A.: Analysis of the internet key exchange protocol using the NRL protocol analyzer. In: 1999 IEEE Symposium on Security and Privacy, pp. 216–231 (1999)

    Google Scholar 

  33. Meadows, C.A.: A cost-based framework for analysis of denial of service networks. J. Comput. Secur. 9(1/2), 143–164 (2001)

    Article  Google Scholar 

  34. Meadows, C.A., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols: authentication logic analysis and collusion attacks. In: Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks, pp. 279–298 (2007)

    Google Scholar 

  35. Milner, R.: Communicating and Mobile Systems - The Pi-Calculus. Cambridge University Press, Cambridge (1999)

    MATH  Google Scholar 

  36. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). https://doi.org/10.1145/359657.359659

    Article  MATH  Google Scholar 

  37. Nigam, V., Talcott, C., Urquiza, A.A.: Symbolic timed observational equivalence (2018). https://arxiv.org/abs/1801.04066

  38. Nigam, V., Talcott, C., Aires Urquiza, A.: Towards the automated verification of cyber-physical security protocols: bounding the number of timed intruders. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 450–470. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_23

    Chapter  Google Scholar 

  39. Rocha, C.: Symbolic reachability analysis for rewrite theories. Ph.D. thesis, University of Illinois at Urbana-Champagne (2012)

    Google Scholar 

  40. Santiago, S., Escobar, S., Meadows, C., Meseguer, J.: A formal definition of protocol indistinguishability and its verification using Maude-NPA. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 162–177. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2_11

    Chapter  MATH  Google Scholar 

Download references

Acknowledgments

We thank the anonymous reviewer for careful reading and helpful suggestions for improvement. Nigam was partially supported by NRL grant N0017317-1-G002 and by CNPq grant 303909/2018-8. Talcott was partly supported by ONR grant N00014-15-1-2202 and NRL grant N0017317-1-G002.

Author information

Authors and Affiliations

  1. Federal University of Paraíba, João Pessoa, Brazil

    Vivek Nigam & Abraão Aires Urquiza

  2. fortiss GmbH, Munich, Germany

    Vivek Nigam

  3. SRI International, Menlo Park, USA

    Carolyn Talcott

Authors
  1. Vivek Nigam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carolyn Talcott
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abraão Aires Urquiza
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carolyn Talcott .

Editor information

Editors and Affiliations

  1. Worcester Polytechnic Institute, Worcester, MA, USA

    Joshua D. Guttman

  2. George Washington University, Washington, DC, USA

    Carl E. Landwehr

  3. University of Illinois, Urbana, IL, USA

    José Meseguer

  4. University of Hawai'i, Honolulu, HI, USA

    Dusko Pavlovic

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Nigam, V., Talcott, C., Urquiza, A.A. (2019). Symbolic Timed Trace Equivalence. In: Guttman, J., Landwehr, C., Meseguer, J., Pavlovic, D. (eds) Foundations of Security, Protocols, and Equational Reasoning. Lecture Notes in Computer Science(), vol 11565. Springer, Cham. https://doi.org/10.1007/978-3-030-19052-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-19052-1_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-19051-4

  • Online ISBN: 978-3-030-19052-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation