Skip to main content
SpringerLink
Log in

Formal Validation of OFEPSP+ with AVISPA

  • Conference paper
Foundations and Applications of Security Analysis (ARSPA-WITS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5511))

Abstract

Formal validation of security protocols is of utmost importance before they gain market or academic acceptance. In particular, the results obtained from the formal validation of the improved Optimistic Fair Exchange Protocol based on Signature Policies (OFEPSP+) are presented. OFEPSP+ ensures that no party gains an unfair advantage over the other during the protocol execution, while substantially reducing the probability of a successful attack on the protocol due to a compromise of the signature creation environment. We have used the Automated Validation of Internet Security Protocols and Applications (AVISPA) and the Security Protocol ANimator for AVISPA (SPAN), two powerful automated reasoning technique tools to formally specify and validate security protocols for the Internet.

The authors would like to thank the AVISPA project team, and specially Laurent Vigneron and Luca Viganò, for their useful comments on the preliminary versions of OFEPSP+ HLPSL specification. The authors wish also to thank the reviewers for their valuable remarks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alsaid, A., Mitchel, C.J.: Dynamic content attacks on digital signatures. Information Management & Computer Security 13(4), 328–336 (2005)

    Article  Google Scholar 

  2. AVISPA: Automated validation of internet security protocols and applications. FET Open Project IST-2001-39252 (2003), http://www.avispa-project.org/

  3. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Heam, P.-C., Kouchnarenko, O., Mantovani, J., Modersheim, S., von Oheimb, D., Rusinowitch, M., Santos Santiago, J., Turuani, M., Vigano, L., Vigneron, L.: The AVISPA Tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Armando, A., Compagna, L.: SATMC: A SAT-based model checker for security protocols. In: Alferes, J.J., Leite, J. (eds.) JELIA 2004. LNCS (LNAI), vol. 3229, pp. 730–733. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. AVISPA. Deliverable 2.1: The High-Level Protocol Specification Language (2003), http://www.avispa-project.org/publications.html

  6. Basin, D.A., Sebastian, M., Vigano, L.: Ofmc: A symbolic model checker for security protocols. Int. J. Inf. Sec. 4(3), 181–208 (2005)

    Article  Google Scholar 

  7. Boichut, Y., Heam, P.-C., Kouchnarenko, O., Oehl, F.: Improvements on the Genet and Klay Technique to Automatically Verify Security Protocols. In: Proc. of Automated Verification of Infinite States Systems (AVIS 2004). ENTCS, pp. 1–11 (2004)

    Google Scholar 

  8. Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Mantovani, J., Modersheim, S., Vigneron, L.: A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols. In: Proc. SAPS 2004. Austrian Computer Society (2004)

    Google Scholar 

  9. Dolev, D., Yao, A.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 2(29) (1983)

    Google Scholar 

  10. ETSI TR 102 041 v1.1.1. Signatures policies report. European Telecommunications Standards Institute (2002)

    Google Scholar 

  11. Girard, P., Giraud, J.-L.: Software attacks on smart cards. Information Security Technical Report 8(1), 55–66 (2003)

    Google Scholar 

  12. Glouche, Y., Genet, T., Heen, O., Courtay, O.: A Security Protocol Animator Tool for AVISPA. In: ARTIST2 Workshop on Security Specification and Verification of Embedded Systems, Pisa (2006)

    Google Scholar 

  13. Hernandez-Ardieta, J.L., Gonzalez-Tablas, A.I., Alvarez, B.R.: An Optimistic Fair Exchange Protocol based on Signature Policies. Computers & Security 27(7-8), 309–322 (2008)

    Article  Google Scholar 

  14. Jsang, A., Povey, D., Ho., A.: What You See is Not Always What You Sign. In: The Proceedings of the Australian UNIX User Group, Melbourne (2002)

    Google Scholar 

  15. Kain, K.: Electronic Documents and Digital Signatures. Master Thesis (2003)

    Google Scholar 

  16. Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of fair non-repudiation protocols. Computer Communications 25, 1601–1621 (2002)

    Article  Google Scholar 

  17. Spalka, A., Cremers, A.B., Langweg, H.: Trojan Horse Attacks on Software for Electronic Signatures. Informatica 26(2), 191–203 (2002)

    MATH  Google Scholar 

  18. Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University Carlos III of Madrid, Avda. de la Universidad 30, 28911, Leganes, Spain

    Jorge L. Hernandez-Ardieta, Ana I. Gonzalez-Tablas & Benjamin Ramos

Authors
  1. Jorge L. Hernandez-Ardieta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ana I. Gonzalez-Tablas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Benjamin Ramos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università di Pisa, Largo Bruno Pontecorvo, 3, 56127, Pisa, Italy

    Pierpaolo Degano

  2. Dipartimento di Informatica, Università di Verona, Strada Le Grazie 15, 37134, Verona, Italy

    Luca Viganò

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hernandez-Ardieta, J.L., Gonzalez-Tablas, A.I., Ramos, B. (2009). Formal Validation of OFEPSP+ with AVISPA. In: Degano, P., Viganò, L. (eds) Foundations and Applications of Security Analysis. ARSPA-WITS 2009. Lecture Notes in Computer Science, vol 5511. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03459-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03459-6_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03458-9

  • Online ISBN: 978-3-642-03459-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation