Abstract
Formal validation of security protocols is of utmost importance before they gain market or academic acceptance. In particular, the results obtained from the formal validation of the improved Optimistic Fair Exchange Protocol based on Signature Policies (OFEPSP+) are presented. OFEPSP+ ensures that no party gains an unfair advantage over the other during the protocol execution, while substantially reducing the probability of a successful attack on the protocol due to a compromise of the signature creation environment. We have used the Automated Validation of Internet Security Protocols and Applications (AVISPA) and the Security Protocol ANimator for AVISPA (SPAN), two powerful automated reasoning technique tools to formally specify and validate security protocols for the Internet.
The authors would like to thank the AVISPA project team, and specially Laurent Vigneron and Luca Viganò, for their useful comments on the preliminary versions of OFEPSP+ HLPSL specification. The authors wish also to thank the reviewers for their valuable remarks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alsaid, A., Mitchel, C.J.: Dynamic content attacks on digital signatures. Information Management & Computer Security 13(4), 328–336 (2005)
AVISPA: Automated validation of internet security protocols and applications. FET Open Project IST-2001-39252 (2003), http://www.avispa-project.org/
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Heam, P.-C., Kouchnarenko, O., Mantovani, J., Modersheim, S., von Oheimb, D., Rusinowitch, M., Santos Santiago, J., Turuani, M., Vigano, L., Vigneron, L.: The AVISPA Tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Armando, A., Compagna, L.: SATMC: A SAT-based model checker for security protocols. In: Alferes, J.J., Leite, J. (eds.) JELIA 2004. LNCS (LNAI), vol. 3229, pp. 730–733. Springer, Heidelberg (2004)
AVISPA. Deliverable 2.1: The High-Level Protocol Specification Language (2003), http://www.avispa-project.org/publications.html
Basin, D.A., Sebastian, M., Vigano, L.: Ofmc: A symbolic model checker for security protocols. Int. J. Inf. Sec. 4(3), 181–208 (2005)
Boichut, Y., Heam, P.-C., Kouchnarenko, O., Oehl, F.: Improvements on the Genet and Klay Technique to Automatically Verify Security Protocols. In: Proc. of Automated Verification of Infinite States Systems (AVIS 2004). ENTCS, pp. 1–11 (2004)
Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Mantovani, J., Modersheim, S., Vigneron, L.: A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols. In: Proc. SAPS 2004. Austrian Computer Society (2004)
Dolev, D., Yao, A.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 2(29) (1983)
ETSI TR 102 041 v1.1.1. Signatures policies report. European Telecommunications Standards Institute (2002)
Girard, P., Giraud, J.-L.: Software attacks on smart cards. Information Security Technical Report 8(1), 55–66 (2003)
Glouche, Y., Genet, T., Heen, O., Courtay, O.: A Security Protocol Animator Tool for AVISPA. In: ARTIST2 Workshop on Security Specification and Verification of Embedded Systems, Pisa (2006)
Hernandez-Ardieta, J.L., Gonzalez-Tablas, A.I., Alvarez, B.R.: An Optimistic Fair Exchange Protocol based on Signature Policies. Computers & Security 27(7-8), 309–322 (2008)
Jsang, A., Povey, D., Ho., A.: What You See is Not Always What You Sign. In: The Proceedings of the Australian UNIX User Group, Melbourne (2002)
Kain, K.: Electronic Documents and Digital Signatures. Master Thesis (2003)
Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of fair non-repudiation protocols. Computer Communications 25, 1601–1621 (2002)
Spalka, A., Cremers, A.B., Langweg, H.: Trojan Horse Attacks on Software for Electronic Signatures. Informatica 26(2), 191–203 (2002)
Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hernandez-Ardieta, J.L., Gonzalez-Tablas, A.I., Ramos, B. (2009). Formal Validation of OFEPSP+ with AVISPA. In: Degano, P., Viganò, L. (eds) Foundations and Applications of Security Analysis. ARSPA-WITS 2009. Lecture Notes in Computer Science, vol 5511. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03459-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-03459-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03458-9
Online ISBN: 978-3-642-03459-6
eBook Packages: Computer ScienceComputer Science (R0)