Abstract
There are several automatic tools available for the symbolic analysis of security protocols. The models underlying these tools differ in many aspects. Some of the differences have already been formally related to each other in the literature, such as difference in protocol execution models or definitions of security properties. However, there is an important difference between analysis tools that has not been investigated in depth before: the explored state space. Some tools explore all possible behaviors, whereas others explore strict subsets, often by using so-called scenarios.
We identify several types of state space explored by protocol analysis tools, and relate them to each other. We find previously unreported differences between the various approaches. Using combinatorial results, we determine the requirements for emulating one type of state space by combinations of another type.
We apply our study of state space relations in a performance comparison of several well-known automatic tools for security protocol analysis. We model a set of protocols and their properties as homogeneously as possible for each tool. We analyze the performance of the tools over comparable state spaces. This work enables us to effectively compare these automatic tools, i.e., using the same protocol description and exploring the same state space. We also propose some explanations for our experimental results, leading to a better understanding of the tools.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Amadio, R., Charatonik, W.: On name generation and set-based analysis in the Dolev-Yao model. In: Brim, L., JanÄar, P., KÅetĆnskĆ½, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 499ā514. Springer, Heidelberg (2002)
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., HeĆ”m, P.-C., Kouchnarenko, O., Mantovani, J., Mƶdersheim, S., von Oheimb, D., Santiago, M.R.J., Turuani, M., ViganĆ², L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281ā285. Springer, Heidelberg (2005)
Armando, A., Basin, D.A., Bouallagui, M., Chevalier, Y., Compagna, L., Mƶdersheim, S., Rusinowitch, M., Turuani, M., ViganĆ², L., Vigneron, L.: The AVISS security protocol analysis tool. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 349ā353. Springer, Heidelberg (2002)
Armando, A., Compagna, L.: An optimized intruder model for SAT-based model-checking of security protocols. In: Armando, A., ViganĆ², L. (eds.) ENTCS, vol. 125, pp. 91ā108. Elsevier Science Publishers, Amsterdam (2005)
AVISPA Project. AVISPA protocol library, http://www.avispa-project.org/
Basin, D., Mƶdersheim, S., ViganĆ², L.: An On-The-Fly Model-Checker for Security Protocol Analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253ā270. Springer, Heidelberg (2003)
Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-based protocols secure against dictionary attacks. In: SP 1992, p. 72 (1992)
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proc. CSFW 2001, pp. 82ā96. IEEE Comp. Soc. Press, Los Alamitos (2001)
Bogart, K.P.: An obvious proof of Burnsideās Lemma. Am. Math. Monthly 98(12), 927ā928 (1991)
Boichut, Y., HĆ©am, P.-C., Kouchnarenko, O., Oehl, F.: Improvements on the Genet and Klay technique to automatically verify security protocols. In: Proc. AVIS 2004 (April 2004)
Boreale, M.: Symbolic trace analysis of cryptographic protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, p. 667. Springer, Heidelberg (2001)
Bozga, L., Lakhnech, Y., Perin, M.: HERMES: An Automatic Tool for Verification of Secrecy in Security Protocols. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 219ā222. Springer, Heidelberg (2003)
Burnside, W.: Theory of groups of finite order. Cambridge University Press, Cambridge (1897)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. In: Proc. 12th ACM Symposium on Operating System Principles (SOSP 1989), pp. 1ā13 (1989)
Cheminod, M., Bertolotti, I.C., Durante, L., Sisto, R., Valenzano, A.: Experimental comparison of automatic tools for the formal analysis of cryptographic protocols. In: DepCoS-RELCOMEX, pp. 153ā160. IEEE Computer Society Press, Los Alamitos (2007)
Clark, J., Jacob, J.: A survey of authentication protocol literature (1997)
Comon-Lundh, H., Cortier, V.: Security properties: two agents are sufficient. Science of Computer Programming 50(1-3), 51ā71 (2004)
Comtet, L.: Advanced Combinatorics. Reidel, Dordrecht (1974)
Corin, R., Etalle, S.: An improved constraint-based system for the verification of security protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 326ā341. Springer, Heidelberg (2002)
Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security 14(1), 1ā43 (2006)
Cremers, C.: Scyther - Semantics and Verification of Security Protocols. Ph.D. dissertation, Eindhoven University of Technology (2006)
Cremers, C.: The Scyther Tool: Verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414ā418. Springer, Heidelberg (2008)
Cremers, C.: Unbounded verification, falsification, and characterization of security protocols by pattern refinement. In: 15th ACM Conference on Computer and Communications Security (CCS 2008), pp. 119ā128. ACM, New York (2008)
Cremers, C., Lafourcade, P.: Protocol tool comparison test archive, http://people.inf.ethz.ch/cremersc/downloads/performancetest.tgz
Cremers, C., Mauw, S., de Vink, E.: Injective synchronisation: An extension of the authentication hierarchy. Theoretical Computer Science (2006)
Delaune, S., Kremer, S., Steel, G.: Formal analysis of pkcs#11. In: CSF 2008, pp. 331ā344 (2008)
Donovan, B., Norris, P., Lowe, G.: Analyzing a library of security protocols using Casper and FDR. In: Proceedings of the Workshop on Formal Methods and Security Protocols (1999)
Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of bounded security protocols. In: Proc. Workshop FMSP 1999 (1999)
Hoare, C.: Communicating Sequential Processes. Prentice Hall, Englewood Cliffs (1985)
Hussain, M., Seret, D.: A Comparative study of Security Protocols Validation Tools: HERMES vs. AVISPA. In: Proc. ICACT 2006, vol. 1, pp. 303ā308 (2006)
Jacquemard, F.: Security protocols open repository, http://www.lsv.ens-cachan.fr/spore/index.html
Kerber, A.: Applied finite group actions, 2nd edn. Algorithms and Combinatorics, vol. 19. Springer, Berlin (1999)
Lowe, G.: Breaking and fixing the needham-schroeder public-key protocol using fdr. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147ā166. Springer, Heidelberg (1996)
Lowe, G.: A hierarchy of authentication specifications. In: Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pp. 31ā44 (1997)
Lowe, G.: Casper: a compiler for the analysis of security protocols. J. Comput. Secur. 6(1-2), 53ā84 (1998)
Meadows, C.: Analyzing the needham-schroeder public-key protocol: A comparison of two approaches. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 351ā364. Springer, Heidelberg (1996)
Meadows, C.: Language generation and verification in the NRL protocol analyzer. In: Proc. CSFW 1996, pp. 48ā62. IEEE Comp. Soc. Press, Los Alamitos (1996)
Millen, J.: A necessarily parallel attack. In: Heintze, N., Clarke, E. (eds.) Workshop on Formal Methods and Security Protocols (1999)
Mitchell, J., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using Murphi. In: IEEE Symposium on Security and Privacy (May 1997)
Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communication of the ACM 21(12), 993ā999 (1978)
Paulson, L.C.: Inductive analysis of the internet protocol TLS. ACM Trans. Inf. Syst. Secur. 2(3), 332ā351 (1999)
Roscoe, A.W.: Model-checking CSP. Prentice Hall, Englewood Cliffs (1994)
Roscoe, A.W.: Modelling and verifying key-exchange protocols using CSP and FDR. In: IEEE Symposium on Foundations of Secure Systems (1995)
Song, D., Berezin, S., Perrig, A.: Athena: A novel approach to efficient automatic security protocol analysis. Journal of Computer Security 9(1/2), 47ā74 (2001)
Tsalapati, E.: Analysis of pkcs#11 using avispa tools. Masterās thesis, University of Edinburgh (2007)
Turuani, M.: The CL-Atse protocol analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277ā286. Springer, Heidelberg (2006)
ViganĆ², L.: Automated security protocol analysis with the AVISPA tool. ENTCS 155, 61ā86 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Cremers, C.J.F., Lafourcade, P., Nadeau, P. (2009). Comparing State Spaces in Automatic Security Protocol Analysis. In: Cortier, V., Kirchner, C., Okada, M., Sakurada, H. (eds) Formal to Practical Security. Lecture Notes in Computer Science, vol 5458. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02002-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-02002-5_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02001-8
Online ISBN: 978-3-642-02002-5
eBook Packages: Computer ScienceComputer Science (R0)