Abstract
Symbolic verification of security protocols typically relies on an attacker model called the Dolev-Yao model, which does not model adequately various algebraic properties of cryptographic operators used in many real-world protocols. In this work we describe an integration of a state-of-the-art protocol verifier ProVerif, with automated first order theorem provers (ATP). The integration allows one to model directly algebraic properties of cryptographic operators as a first-order equational theory and the specified protocol can be exported to a first-order logic specification in the standard TPTP format for ATP. An attack on a protocol corresponds to a refutation using the encoded first order clauses. We implement a tool that analyses this refutation and extracts an attack trace from it, and visualises the deduction steps performed by the attacker. We show that the combination of ProVerif and ATP can find attacks that cannot be found by ProVerif when algebraic properties are taken into account in the protocol verification.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Some examples which Proverif-ATP can handle but which Tamarin fails are available via https://github.com/darrenldl/ProVerif-ATP/tree/master/related-work/.
- 2.
- 3.
References
Abadi, M., Blanchet, B.: Analyzing security protocols with secrecy types and logic programs. J. ACM 52(1), 102–146 (2005). https://doi.org/10.1145/1044731.1044735
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2001, pp. 104–115. ACM, New York (2001). https://doi.org/10.1145/360204.360213
Basin, D., Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R., Stettler, V.: A formal analysis of 5G authentication. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1383–1396. ACM, New York (2018). https://doi.org/10.1145/3243734.3243846
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of 14th IEEE Computer Security Foundations Workshop, 2001. pp. 82–96, June 2001. https://doi.org/10.1109/CSFW.2001.930138
Blanchet, B.: Modeling and verifying security protocols with the applied pi calculus and proVerif. Found. Trends® Priv. Secur. 1(1–2), 1–135 (2016). https://doi.org/10.1561/3300000004
Blanchet, B., Smyth, B., Cheval, V., Sylvestre, M.: ProVerif 2.00: automatic cryptographic protocol verifier, user manual and tutorial. Technical report (2018)
Chien, H.-Y., Huang, C.-W.: A lightweight RFID protocol using substring. In: Kuo, T.-W., Sha, E., Guo, M., Yang, L.T., Shao, Z. (eds.) EUC 2007. LNCS, vol. 4808, pp. 422–431. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77092-3_37
Comon-Lundh, H., Delaune, S.: The finite variant property: how to get rid of some algebraic properties. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 294–307. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-32033-3_22
Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. J. Comput. Secur. 14(1), 1–43 (2006). https://doi.org/10.3233/jcs-2006-14101
van Deursen, T., Radomirovic, S.: Attacks on RFID protocols. IACR Cryptology ePrint Archive 2008, 310 (2008). http://eprint.iacr.org/2008/310
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. Technical report, August 2008. https://doi.org/10.17487/rfc5246
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transact. Inf. Theory 29(2), 198–208 (1983). https://doi.org/10.1109/TIT.1983.1056650
Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R.: Automated unbounded verification of stateful cryptographic protocols with exclusive or. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 359–373, July 2018. https://doi.org/10.1109/CSF.2018.00033
Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_1
Escobar, S., Meadows, C.A., Meseguer, J.: Maude-NPA, Version 3.1. Technical report (2017)
Kovács, L., Voronkov, A.: First-order theorem proving and Vampire. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 1–35. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_1
Lowe, G.: A hierarchy of authentication specifications. In: Proceedings 10th Computer Security Foundations Workshop, pp. 31–43, June 1997. https://doi.org/10.1109/CSFW.1997.596782
Lowe, G.: Breaking and fixing the Needham-Schroeder Public-Key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61042-1_43
Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48
Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). https://doi.org/10.1145/359657.359659
Reger, G.: Better proof output for vampire. In: Kovacs, L., Voronkov, A. (eds.) Proceedings of the 3rd Vampire Workshop, Vampire 2016. EPiC Series in Computing, vol. 44, pp. 46–60. EasyChair (2017). https://doi.org/10.29007/5dmz, https://easychair.org/publications/paper/1DlL
Ryan, P., Schneider, S.: An attack on a recursive authentication protocol a cautionary tale. Inf. Process. Lett. 65(1), 7–10 (1998). https://doi.org/10.1016/S0020-0190(97)00180-4,. http://www.sciencedirect.com/science/article/pii/S0020019097001804
Steel, G.: Deduction with XOR constraints in security API modelling. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 322–336. Springer, Heidelberg (2005). https://doi.org/10.1007/11532231_24
Sutcliffe, G.: The TPTP problem library and associated infrastructure. J. Autom. Reasoning 59(4), 483–502 (2017). https://doi.org/10.1007/s10817-017-9407-7
Viganò, L.: Automated security protocol analysis with the AVISPA tool. Electron. Notes Theor. Comput. Sci. 155, 61–86 (2006). https://doi.org/10.1016/j.entcs.2005.11.052. http://www.sciencedirect.com/science/article/pii/S1571066106001897 proceedings of the 21st Annual Conference on Mathematical Foundations of Programming Semantics (MFPS XXI)
Voronkov, A.: AVATAR: the architecture for first-order theorem provers. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 696–710. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9_46
Weidenbach, C., Dimova, D., Fietzke, A., Kumar, R., Suda, M., Wischnewski, P.: SPASS Version 3.5. In: Schmidt, R.A. (ed.) CADE 2009. LNCS (LNAI), vol. 5663, pp. 140–145. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02959-2_10
Woo, T.Y.C., Lam, S.S.: Authentication for distributed systems. Computer 25(1), 39–52 (1992). https://doi.org/10.1109/2.108052
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, D.L., Tiu, A. (2019). Combining ProVerif and Automated Theorem Provers for Security Protocol Verification. In: Fontaine, P. (eds) Automated Deduction – CADE 27. CADE 2019. Lecture Notes in Computer Science(), vol 11716. Springer, Cham. https://doi.org/10.1007/978-3-030-29436-6_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-29436-6_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29435-9
Online ISBN: 978-3-030-29436-6
eBook Packages: Computer ScienceComputer Science (R0)