Skip to main content
Springer Nature Link
Log in

A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space

  • Conference paper
  • First Online:
Theoretical Aspects of Software Engineering (TASE 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14777))

Included in the following conference series:

  • 471 Accesses

Abstract

Security protocols are essential to ensure privacy, integrity, and authentication. However, to guarantee the security objectives of a protocol, formal tools are necessary. Currently, existing formal tools employ specific input languages to model protocols. Typically, protocols are presented in strand space specification format in textbooks, which depict the messages shared among trusted communication participants during a correct protocol operation. Strand space specifications prioritize conciseness and readability over formal preciseness, and their formal semantics are only considered and clarified in specific contexts. Therefore, a gap exists between strand space specifications and the modelling languages of formal tools. To address this issue, we propose a verified security scheme with the operational semantics of strand space. We successfully tested our framework on several typical protocol benchmarks using the model checker Murphi and identified potential attacks on them. In summary, our framework offers an innovative and comprehensible scheme for model checking security protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Basin, D., Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R., Stettler, V.: A formal analysis of 5g authentication. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1383–1396 (2018)

    Google Scholar 

  2. Vanhoef, M., Piessens, F.: Key reinstallation attacks: Forcing nonce reuse in wpa2. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1313–1328 (2017)

    Google Scholar 

  3. Cremers, C., Horvat, M., Scott, S., van der Merwe, T.: Automated analysis and verification of TLS 1.3: 0-RTT, resumption and delayed authentication. IEEE Symp. Secur. Priv. (SP) 2016, 470–485 (2016)

    Google Scholar 

  4. Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  5. Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: why is a security protocol correct? In: Proceedings of 19th IEEE Symposium on Security and Privacy, pp. 96–109. IEEE CS (1998)

    Google Scholar 

  6. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)

    Article  MATH  Google Scholar 

  7. Otway, D., Rees, O.: Efficient and timely mutual authentication. ACM SIGOPS Oper. Syst. Rev. 21(1), 8–10 (1987)

    Article  MATH  Google Scholar 

  8. Merkle, R.C.: Secure communications over insecure channels. Commun. ACM 21(4), 294–299 (1978)

    Article  MATH  Google Scholar 

  9. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  10. Guttman, J.D., Thayer, F.J.: Authentication tests. In: Proceedings of 12th IEEE Symposium on Security and Privacy, pp. 96–109. IEEE CS (2001)

    Google Scholar 

  11. Guttman, J.D., Javier Thayer, F.: Authentication tests and the structure of bundles. Theor. Comput. Sci. 283(2), 333–380 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  12. Li, Y., Pang, J.: An inductive approach to strand spaces. Formal Aspects Comput. 25(4), 465–501 (2013). https://doi.org/10.1007/s00165-011-0187-2

    Article  MathSciNet  MATH  Google Scholar 

  13. Song, D.X.: Athena: a new efficient automated checker for security protocol analysis. In: Proceedings of 12th IEEE Computer Security Foundations Workshop, pp. 192–202. IEEE CS (1999)

    Google Scholar 

  14. Perrig, A., Song, D.X. Looking for diamonds in the desert: extending automatic protocol generation to three-party authentication and key agreement protocols. In Proceedings of 13th IEEE Computer Security Foundations Workshop, pp. 64–76. IEEE CS (2000)

    Google Scholar 

  15. Cervesato, I., Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: A comparison between strand spaces and multiset rewriting for security protocol analysis. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 356–383. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36532-X_22

    Chapter  MATH  Google Scholar 

  16. Caleiro, C., Viganó, L., Basin, D.: Relating strand spaces and distributed temporal logic for security protocol analysis. Logic J. IGPL 13(6), 637–663 (2005). https://doi.org/10.1093/jigpal/jzi048

    Article  MathSciNet  MATH  Google Scholar 

  17. Yang, F., Escobar, S., Meadows, C., Meseguer, J., Santiago, S.: Strand spaces with choice via a process algebra semantics. In: Proceedings of the 18th International Symposium on Principles and Practice of Declarative Programming, ser. PPDP 2016. New York, NY, USA, Association for Computing Machinery, pp. 76–89 (2016). https://doi.org/10.1145/2967973.2968609

  18. Halpern, J.Y., Pucella, R.: On the relationship between strand spaces and multi-agent systems. ACM Trans. Inf. Syst. Secur. 6(1), 43–70 (2003). https://doi.org/10.1145/605434.605436

    Article  MATH  Google Scholar 

  19. Mödersheim, S.: Algebraic properties in alice and bob notation. In: 2009 International Conference on Availability, Reliability and Security, pp. 433–440. IEEE (2009)

    Google Scholar 

  20. Bugliesi, M., Calzavara, S., Mödersheim, S., Modesti, P.: Security protocol specification and verification with ANBX. J. Inf. Secur. Appl. 30, 46–63 (2016)

    MATH  Google Scholar 

  21. Almousa, O., Mödersheim, S., Viganò, L.: Alice and bob: reconciling formal models and implementation. In: Bodei, C., Ferrari, G.-L., Priami, C. (eds.) Programming Languages with Applications to Biology and Security. LNCS, vol. 9465, pp. 66–85. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25527-9_7

    Chapter  MATH  Google Scholar 

  22. Herzog, J.C.: The diffie-hellman key-agreement scheme in the strand-space model. In: 16th IEEE Computer Security Foundations Workshop, Proceedings. IEEE vol. 2003, pp. 234–247 (2003)

    Google Scholar 

  23. Keller, M., Basin, P.D.D.: Converting alice &bob protocol specifications to tamarin, Ph.D. dissertation, Bachelor’s thesis, ETH Zurich 2014. https://infsec.ethz.ch/research/software/anb.html (2014)

  24. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48

    Chapter  Google Scholar 

  25. Xiong, Y., Su, C., Huang, W., Miao, F., Wang, W., Ouyang, H.: Smartverif: push the limit of automation capability of verifying security protocols by dynamic strategies. In: 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, pp. 253–270, August 2020. https://www.usenix.org/conference/usenixsecurity20/presentation/xiong

  26. Blanchet, B.: Proverif automatic cryptographic protocol verifier user manual. CNRS, Departement dInformatique, Ecole Normale Superieure, Paris (2005)

    Google Scholar 

  27. Zhang, J., Yang, L., Cao, W., Wang, Q.: Formal analysis of 5g EAP-TLS authentication protocol using proverif. IEEE Access 8(23) 674–23 688 (2020)

    Google Scholar 

  28. Dill, D.L., Park, S., Nowatzyk, A.G.: Formal specification of abstract memory models. In: Proceedings of the 1993 Symposium on Research on Integrated Systems, pp. 38–52 (1993)

    Google Scholar 

  29. Gibson-Robinson, T., Lowe, G.: Symmetry reduction in CSP model checking. Int. J. Softw. Tools Technol. Transfer 21, 567–605 (2019)

    Article  MATH  Google Scholar 

  30. Li, Y., Pang, J.: An inductive approach to strand spaces. Formal Aspects Comput. 25, 465–501 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  31. Zhao, Y., Jiang, H., Lv, J., Tan, S., Li, Y.: Anb2murphi: a translator for converting alicebob specifications to murphi. In: The 33rd International Conference on Software Engineering and Knowledge Engineering, SEKE 2021, KSIR Virtual Conference Center, USA, July 1 - July 10, 2021, S. Chang, Ed. KSI Research Inc., pp. 108–113 (2021). https://doi.org/10.18293/SEKE2021-028

  32. 3GPP.2018, Security architecture and procedures for 5g system, TS 33.501,v15.1.0

    Google Scholar 

  33. Bella, G.: Verified security protocol modelling and implementation with ANBX, Ph.D. dissertation, Teeside University (2011)

    Google Scholar 

Download references

Acknowledgements

Yongjian Li is supported by the Strategic Priority Research Program of the Chinese Academy of Sciences, Grant No. XDA0320000 and XDA0320300. Yongxin Zhao is supported by National Natural Science Foundation of China Projects (No. 92370201), the “Digital Silk Road” Shanghai International Joint Lab of Trustworthy Intelligent Software (Grant No. 22510750100), and Shanghai Trusted Industry Internet Software Collaborative Innovation Center.

Author information

Authors and Affiliations

  1. Key Laboratory of System Software (Chinese Academy of Sciences) and State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Yongjian Li

  2. Max Planck Institute for Informatics, University of Kaiserslautern, Kaiserslautern, Germany

    Hongjian Jiang

  3. Shanghai Key Laboratory of Trustworthy Computing, East China Normal University, Shanghai, China

    Yongxin Zhao

Authors
  1. Yongjian Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hongjian Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yongxin Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yongxin Zhao .

Editor information

Editors and Affiliations

  1. National University of Singapore, Singapore, Singapore

    Wei-Ngan Chin

  2. Shenzhen University, Guangdong, China

    Zhiwu Xu

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, Y., Jiang, H., Zhao, Y. (2024). A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space. In: Chin, WN., Xu, Z. (eds) Theoretical Aspects of Software Engineering. TASE 2024. Lecture Notes in Computer Science, vol 14777. Springer, Cham. https://doi.org/10.1007/978-3-031-64626-3_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-64626-3_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-64625-6

  • Online ISBN: 978-3-031-64626-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics