Skip to main content
SpringerLink
Log in

Learning Assumptions for Verifying Cryptographic Protocols Compositionally

  • Conference paper
  • First Online:
Book cover Formal Aspects of Component Software (FACS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 13077))

Included in the following conference series:

  • 355 Accesses

Abstract

Automated analysis tools for cryptographic protocols can verify sophisticated designs, but lack compositionality. To address this limitation, we investigate the use of automata learning for verifying authentication protocols in an automatic and compositional way. We present Taglierino, a tool for synthesizing specifications for protocol components and checking them in isolation. The specifications can aid the design of protocol variants and speed up verification. Taglierino includes a domain-specific language for protocols, which are compiled to automata and analyzed with the LTSA model checker extended with automata learning. We demonstrate the tool on a series of case studies, including the Needham-Schroeder, Woo-Lam, and Kerberos protocols.

A. A. de Amorim—Work performed at Carnegie Mellon University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., Blanchet, B., Fournet, C.: The applied pi calculus: mobile values, new names, and secure communication. CoRR abs/1609.03003 (2016). http://arxiv.org/abs/1609.03003

  2. Abadi, M., Needham, R.: Prudent engineering practice for cryptographic protocols. IEEE Trans. Softw. Eng. 22(1), 6–15 (1996). https://doi.org/10.1109/32.481513

    Article  Google Scholar 

  3. Alur, R., Madhusudan, P., Nam, W.: Symbolic compositional verification by learning assumptions. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 548–562. Springer, Heidelberg (2005). https://doi.org/10.1007/11513988_52

    Chapter  MATH  Google Scholar 

  4. Anderson, R., Needham, R.: Programming Satan’s computer. In: van Leeuwen, J. (ed.) Computer Science Today. LNCS, vol. 1000, pp. 426–440. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0015258

    Chapter  Google Scholar 

  5. Andova, S., Cremers, C., Gjøsteen, K., Mauw, S., Mjølsnes, S.F., Radomirović, S.: A framework for compositional verification of security protocols. Inf. Comput. 206(2), 425–459 (2008). Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA 2006). https://doi.org/10.1016/j.ic.2007.07.002. http://www.sciencedirect.com/science/article/pii/S0890540107001228

  6. Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87–106 (1987). https://doi.org/10.1016/0890-5401(87)90052-6

    Article  MathSciNet  MATH  Google Scholar 

  7. Barthe, G., Grégoire, B., Béguelin, S.Z.: Formal certification of code-based cryptographic proofs. In: Shao, Z., Pierce, B.C. (eds.) Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009, Savannah, GA, USA, 21–23 January 2009, pp. 90–101. ACM (2009). https://doi.org/10.1145/1480881.1480894

  8. Barthe, G., Grégoire, B., Heraud, S., Béguelin, S.Z.: Computer-aided security proofs for the working cryptographer. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 71–90. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_5

    Chapter  Google Scholar 

  9. Barthe, G., Grégoire, B., Heraud, S., Zanella Béguelin, S.: Formal certification of ElGamal encryption. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 1–19. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01465-9_1

    Chapter  MATH  Google Scholar 

  10. Basin, D.A., Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R., Stettler, V.: A formal analysis of 5G authentication. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, 15–19 October 2018, pp. 1383–1396. ACM (2018). https://doi.org/10.1145/3243734.3243846

  11. Bellovin, S.M., Merritt, M.: Limitations of the Kerberos authentication system. SIGCOMM Comput. Commun. Rev. 20(5), 119–132 (1990). https://doi.org/10.1145/381906.381946

    Article  Google Scholar 

  12. Bhargavan, K., Blanchet, B., Kobeissi, N.: Verified models and reference implementations for the TLS 1.3 standard candidate. In: 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, 22–26 May 2017, pp. 483–502. IEEE Computer Society (2017). https://doi.org/10.1109/SP.2017.26

  13. Bhargavan, K., Fournet, C., Gordon, A.D.: Modular verification of security protocol code by typing. In: Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, 17–23 January 2010, pp. 445–456 (2010). https://doi.org/10.1145/1706299.1706350

  14. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001), Cape Breton, Nova Scotia, Canada, 11–13 June 2001, pp. 82–96. IEEE Computer Society (2001). https://doi.org/10.1109/CSFW.2001.930138

  15. Blanchet, B.: A computationally sound mechanized prover for security protocols. In: 2006 IEEE Symposium on Security and Privacy (S&P 2006), Berkeley, California, USA, 21–24 May 2006, pp. 140–154. IEEE Computer Society (2006). https://doi.org/10.1109/SP.2006.1

  16. Blanchet, B.: A computationally sound mechanized prover for security protocols. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, SP 2006, pp. 140–154. IEEE Computer Society (2006). https://doi.org/10.1109/SP.2006.1

  17. Blanchet, B.: Modeling and verifying security protocols with the applied Pi calculus and ProVerif. Found. Trends Priv. Secur. 1(1–2), 1–135 (2016). https://doi.org/10.1561/3300000004

    Article  Google Scholar 

  18. Blanchet, B.: Symbolic and computational mechanized verification of the ARINC823 avionic protocols. In: 30th IEEE Computer Security Foundations Symposium, CSF 2017, Santa Barbara, CA, USA, 21–25 August 2017, pp. 68–82. IEEE Computer Society (2017). https://doi.org/10.1109/CSF.2017.7

  19. Gheorghiu Bobaru, M., Păsăreanu, C.S., Giannakopoulou, D.: Automated assume-guarantee reasoning by abstraction refinement. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 135–148. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_14

    Chapter  Google Scholar 

  20. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990). https://doi.org/10.1145/77648.77649

    Article  MATH  Google Scholar 

  21. Chaki, S., Clarke, E., Sinha, N., Thati, P.: Automated assume-guarantee reasoning for simulation conformance. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 534–547. Springer, Heidelberg (2005). https://doi.org/10.1007/11513988_51

    Chapter  Google Scholar 

  22. Chen, Y.-F., Clarke, E.M., Farzan, A., Tsai, M.-H., Tsay, Y.-K., Wang, B.-Y.: Automated assume-guarantee reasoning through implicit learning. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 511–526. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_44

    Chapter  Google Scholar 

  23. Chen, Y.-F., Farzan, A., Clarke, E.M., Tsay, Y.-K., Wang, B.-Y.: Learning minimal separating DFA’s for compositional verification. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 31–45. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00768-2_3

    Chapter  Google Scholar 

  24. Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (1999)

    MATH  Google Scholar 

  25. Cobleigh, J.M., Giannakopoulou, D., PĂsĂreanu, C.S.: Learning assumptions for compositional verification. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 331–346. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36577-X_24

    Chapter  MATH  Google Scholar 

  26. Cremers, C.J.F.: The Scyther Tool: Verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_38

    Chapter  Google Scholar 

  27. Datta, A., Derek, A., Mitchell, J.C., Roy, A.: Protocol composition logic (PCL). Electron. Notes Theor. Comput. Sci. 172, 311–358 (2007). https://doi.org/10.1016/j.entcs.2007.02.012

    Article  MathSciNet  MATH  Google Scholar 

  28. Denning, D.E., Sacco, G.M.: Timestamps in key distribution protocols. Commun. ACM 24(8), 533–536 (1981). https://doi.org/10.1145/358722.358740

    Article  Google Scholar 

  29. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  30. Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R.: Verification of stateful cryptographic protocols with exclusive OR. J. Comput. Secur. 28(1), 1–34 (2020). https://doi.org/10.3233/JCS-191358

    Article  Google Scholar 

  31. Erbsen, A., Philipoom, J., Gross, J., Sloan, R., Chlipala, A.: Simple high-level code for cryptographic arithmetic - with proofs, without compromises. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, 19–23 May 2019, pp. 1202–1219. IEEE (2019). https://doi.org/10.1109/SP.2019.00005

  32. Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_1

    Chapter  MATH  Google Scholar 

  33. Fournet, C., Kohlweiss, M., Strub, P.Y.: Modular code-based cryptographic verification. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 341–350. Association for Computing Machinery, New York (2011). https://doi.org/10.1145/2046707.2046746

  34. Fromherz, A., Giannarakis, N., Hawblitzel, C., Parno, B., Rastogi, A., Swamy, N.: A verified, efficient embedding of a verifiable assembly language. Proc. ACM Program. Lang. 3(POPL), 63:1–63:30 (2019). https://doi.org/10.1145/3290376

  35. Gibson-Robinson, T., Armstrong, P., Boulgakov, A., Roscoe, A.W.: FDR3—a modern refinement checker for CSP. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 187–201. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_13

    Chapter  MATH  Google Scholar 

  36. Gordon, A.D., Jeffrey, A.: Authenticity by typing for security protocols. In: 2001 Proceedings of the 14th IEEE Computer Security Foundations Workshop, pp. 145–159 (2001)

    Google Scholar 

  37. Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, Paris, France, 26–28 April 2017, pp. 435–450. IEEE (2017). https://doi.org/10.1109/EuroSP.2017.38

  38. Kohl, J., Neuman, C., et al.: The Kerberos network authentication service (V5). Technical report, RFC 1510, September 1993

    Google Scholar 

  39. Liao, K., Hammer, M.A., Miller, A.: ILC: a calculus for composable, computational cryptography. In: McKinley, K.S., Fisher, K. (eds.) Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2019, Phoenix, AZ, USA, 22–26 June 2019, pp. 640–654. ACM (2019). https://doi.org/10.1145/3314221.3314607

  40. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61042-1_43

    Chapter  Google Scholar 

  41. Lowe, G.: A hierarchy of authentication specifications. In: Proceedings 10th Computer Security Foundations Workshop, pp. 31–43. IEEE (1997)

    Google Scholar 

  42. Magee, J., Kramer, J.: Concurrency: State Models and Java Programs. Wiley, Hoboken (1999)

    MATH  Google Scholar 

  43. McMillan, K.L.: Verification of an implementation of Tomasulo’s algorithm by compositional model checking. In: Hu, A.J., Vardi, M.Y. (eds.) CAV 1998. LNCS, vol. 1427, pp. 110–121. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0028738

    Chapter  Google Scholar 

  44. McMillan, K.L.: Circular compositional reasoning about liveness. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 342–346. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48153-2_30

    Chapter  Google Scholar 

  45. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48

    Chapter  Google Scholar 

  46. Misra, J., Chandy, K.M.: Proofs of networks of processes. IEEE Trans. Softw. Eng. 7(4), 417–426 (1981)

    Article  MathSciNet  Google Scholar 

  47. Moggi, E.: Computational lambda-calculus and monads. In: Proceedings of the Fourth Annual Symposium on Logic in Computer Science (LICS 1989), Pacific Grove, California, USA, 5–8 June 1989, pp. 14–23. IEEE Computer Society (1989). https://doi.org/10.1109/LICS.1989.39155

  48. Namjoshi, K.S., Trefler, R.J.: On the completeness of compositional reasoning. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 139–153. Springer, Heidelberg (2000). https://doi.org/10.1007/10722167_14

    Chapter  Google Scholar 

  49. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). https://doi.org/10.1145/359657.359659

    Article  MATH  Google Scholar 

  50. Panti, M., Spalazzi, L., Tacconi, S.: Using the NuSMV model checker to verify the Kerberos protocol (2002)

    Google Scholar 

  51. Pasareanu, C.S., Giannakopoulou, D., Bobaru, M.G., Cobleigh, J.M., Barringer, H.: Learning to divide and conquer: applying the L* algorithm to automate assume-guarantee reasoning. Formal Methods Syst. Des. 32(3), 175–205 (2008). https://doi.org/10.1007/s10703-008-0049-6

    Article  MATH  Google Scholar 

  52. Pnueli, A.: In transition from global to modular temporal reasoning about programs. In: Apt, K.R. (ed.) Logics and Models of Concurrent Systems. NATO ASI Series, vol. 13, pp. 123–144. Springer, Heidelberg (1985). https://doi.org/10.1007/978-3-642-82453-1_5

    Chapter  Google Scholar 

  53. Schmidt, B., Meier, S., Cremers, C.J.F., Basin, D.A.: Automated analysis of Diffie-Hellman protocols and advanced security properties. In: Chong, S. (ed.) 25th IEEE Computer Security Foundations Symposium, CSF 2012, Cambridge, MA, USA, 25–27 June 2012, pp. 78–94. IEEE Computer Society (2012). https://doi.org/10.1109/CSF.2012.25

  54. Whitefield, J., Chen, L., Sasse, R., Schneider, S., Treharne, H., Wesemeyer, S.: A symbolic analysis of ECC-based direct anonymous attestation. In: IEEE European Symposium on Security and Privacy, EuroS&P 2019, Stockholm, Sweden, 17–19 June 2019, pp. 127–141. IEEE (2019). https://doi.org/10.1109/EuroSP.2019.00019

  55. Woo, T.Y.C., Lam, S.S.: Authentication for distributed systems. Computer 25(1), 39–52 (1992)

    Article  Google Scholar 

  56. Woo, T.Y., Lam, S.S.: A semantic model for authentication protocols. In: Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 178–194. IEEE (1993)

    Google Scholar 

  57. Zhang, Z., de Amorim, A.A., Jia, L., Păsăreanu, C.: Automating compositional analysis of authentication protocols. In: 2020 Formal Methods in Computer Aided Design, FMCAD 2020 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Carnegie Mellon University, Pittsburgh, USA

    Zichao Zhang, Limin Jia & Corina Păsăreanu

  2. NASA Ames, Mountain View, USA

    Corina Păsăreanu

  3. Boston University, Boston, USA

    Arthur Azevedo de Amorim

Authors
  1. Zichao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arthur Azevedo de Amorim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Limin Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Corina Păsăreanu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Corina Păsăreanu .

Editor information

Editors and Affiliations

  1. Grenoble Alpes University, Saint-Martin-d'Hères, France

    Gwen Salaün

  2. Eindhoven University of Technology, Eindhoven, The Netherlands

    Anton Wijs

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, Z., de Amorim, A.A., Jia, L., Păsăreanu, C. (2021). Learning Assumptions for Verifying Cryptographic Protocols Compositionally. In: Salaün, G., Wijs, A. (eds) Formal Aspects of Component Software. FACS 2021. Lecture Notes in Computer Science(), vol 13077. Springer, Cham. https://doi.org/10.1007/978-3-030-90636-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90636-8_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90635-1

  • Online ISBN: 978-3-030-90636-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation