Skip to main content

Advertisement

Springer Nature Link
Log in

SeVe: automatic tool for verification of security protocols

  • Research Article
  • Published:
Frontiers of Computer Science Aims and scope Submit manuscript

Abstract

Security protocols play more and more important roles with wide use in many applications nowadays. Currently, there are many tools for specifying and verifying security protocols such as Casper/FDR, ProVerif, or AVISPA. In these tools, the intruder’s ability, which either needs to be specified explicitly or set by default, is not flexible in some circumstances. Moreover, whereas most of the existing tools focus on secrecy and authentication properties, few supports privacy properties like anonymity, receipt freeness, and coercion resistance, which are crucial in many applications such as in electronic voting systems or anonymous online transactions.

In this paper, we introduce a framework for specifying security protocols in the labeled transition system (LTS) semantics model, which embeds the knowledge of the participants and parameterizes the ability of an attacker. Using this model, we give the formal definitions for three types of privacy properties based on trace equivalence and knowledge reasoning. The formal definitions for some other security properties, such as secrecy and authentication, are introduced under this framework, and the verification algorithms are also given. The results of this paper are embodied in the implementation of a SeVe module in a process analysis toolkit (PAT) model checker, which supports specifying, simulating, and verifying security protocols. The experimental results show that a SeVe module is capable of verifying many types of security protocols and complements the state-of-the-art security verifiers in several aspects. Moreover, it also proves the ability in building an automatic verifier for security protocols related to privacy type, which are mostly verified by hand now.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Burrows M, Abadi M, Needham R. A logic of authentication. ACM Transactions on Computer Systems, 1990, 8(1): 18–36

    Article  Google Scholar 

  2. Syverson P F, van Oorschot P C. On unifying some cryptographic protocol logics. In: Proceedings of 1994 IEEE Symposium on Security and Privacy. 1994, 14–28

  3. Paulson L C. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 1998, 6(1–2): 85–128

    Google Scholar 

  4. Bella G, Paulson L C. Kerberos version IV: inductive analysis of the secrecy goals. In: Proceedings of 5th European Symposium on Research in Computer Security. 1999, 361–375

  5. Mitchell J C, Mitchell M, Stern U. Automated analysis of cryptographic protocols using Murphi. In: Proceedings of 1997 IEEE Symposium on Security and Privacy. 1997, 141–151

  6. Lowe G. Casper: a compiler for the analysis of security protocols. Journal of Computer Security, 1998, 6(1–2): 53–84

    Google Scholar 

  7. Blanchet B. Automatic verification of correspondences for security protocols. Journal of Computer Security, 2009, 17(4): 363–434

    Google Scholar 

  8. Armando A, Basin D A, Boichut Y, Chevalier Y, Compagna L, Cuéllar J, Drielsma P H, Héam P, Kouchnarenko O, Mantovani J, Mödersheim S, von Oheimb D, Rusinowitch M, Santiago J, Turuani M, Viganò L, Vigneron L. The AVISPA tool for the automated validation of Internet security protocols and applications. In: Proceedings of 17th International Conference on Computer Aided Verification. 2005, 281–285

  9. Delaune S, Kremer S, Ryan M. Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security, 2009, 17(4): 435–487

    Google Scholar 

  10. Mauw S, Verschuren J, de Vink E P. A formalization of anonymity and onion routing. In: Proceedings of 9th European Symposium on Research Computer Security. 2004, 109–124

  11. Halpern J Y, O’Neil K R. Anonymity and information hiding in multiagent systems. Journal of Computer Security, 2005, 13(3): 483–512

    Google Scholar 

  12. Jonker H J, de Vink E P. Formalising receipt-freeness. In: Proceedings of 9th International Conference on Information Security. 2006, 476–488

  13. Hoare C A R. Communicating Sequential Processes. Upper Saddle River: Prentice-Hall, 1985

    MATH  Google Scholar 

  14. Schneider S. Verifying authentication protocols in CSP. IEEE Transactions on Software Engineering, 1998, 24(9): 741–758

    Article  Google Scholar 

  15. Shahriari H R, Jalili R. Using CSP to model and analyze transmission control protocol vulnerabilities within the broadcast network. In: Proceedings of 2004 International Networking and Communication Conference. 2004, 42–47

  16. Schneider S, Delicata R. Verifying security protocols: an application of CSP. In: Proceedings of Symposium on the Occasion of 25 Years of CSP. 2004, 246–263

  17. Basin D A, Mödersheim S, Viganò L. An on-the-fly model-checker for security protocol analysis. In: Proceedings of 8th European Symposium on Research in Computer Security. 2003, 253–270

  18. Turuani M. The CL-Atse protocol analyser. In: Proceedings of 17th International Conference Term Rewriting and Applications. 2006, 277–286

  19. AVISPA project. HLPSL tutorial. http://www.avispa-project.org/package/tutorial.pdf

  20. Abadi M, Fournet C. Mobile values, new names, and secure Communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 2001, 104–115

  21. Schneider S, Sidiropoulos A. CSP and anonymity. In: Proceedings of 4th European Symposium on Research in Computer Security. 1996, 198–218

  22. Fournet C, Abadi M. Hiding names: private authentication in the applied Pi calculus. In: Proceedings of 2002 International Symposium on Software Security. 2002, 317–338

  23. Kremer S, Ryan M. Analysis of an electronic voting protocol in the applied Pi calculus. In: Proceedings of 14th European Symposium on Programming. 2005, 186–200

  24. Backes M, Hritcu C, Maffei M. Automated verification of remote electronic voting protocols in the applied Pi-calculus. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium. 2008, 195–209

  25. Dong N, Jonker H L, Pang J. Analysis of a receipt-free auction protocol in the applied Pi calculus. In: Proceedings of 7th International Workshop on Formal Aspects of Security and Trust. 2010, 223–238

  26. Pang J, Zhang C. How to work with honest but curious judges? (preliminary report). In: Proceedings of 7th International Workshop on Security Issues in Concurrency. 2009, 31–45

  27. Dolev D, Yao A. On the security of public key protocols. IEEE Transactions on Information Theory, 1983, 29(2): 198–208

    Article  MathSciNet  MATH  Google Scholar 

  28. Ryan P, Schneider S. The Modelling and Analysis of Security Protocols: The CSP Approach. New York: Addison-Wesley,2000

    Google Scholar 

  29. Liu Y, Chen W, Liu Y, Sun J. Model checking lineariability via refinement. In: Proceedings of 2nd World Congress on Formal Methods. 2009, 321–337

  30. Roscoe A W. Model-checking CSP. In: Roscoe A W, eds. A Classical Mind: Essays in Honour of C. A. R. Hoare. Hertfordshire: Prentice Hall International (UK) Ltd, 1994, 353–378

    Google Scholar 

  31. Sun J, Liu Y, Dong J S, Wang H. Specifying and verifying eventbased Fairness enhanced systems. In: Proceedings of 10th International Conference on Formal Engineering Methods and Software Engineering. 2008, 5–24

  32. Sun J, Liu Y, Dong J S, Pang J. PAT: towards flexible verification under Fairness. In: Proceedings of 21st International Conference on Computer Aided Verification. 2009, 709–714

  33. Mahony B, Dong J S. Blending object-Z and timed CSP: an introduction to TCOZ. In: Proceedings of 20th International Conference on Software Engineering. 1998, 95–104

  34. Mahony B, Dong J S. Timed communicating object Z. IEEE Transactions on Software Engineering, 2000, 26(2): 150–177

    Article  Google Scholar 

  35. Liu S, Offutt A J, Ho-Stuart C, Sun Y, Ohba M. SOFL: a formal engineering methodology for industrial applications. IEEE Transactions on Software Engineering, 1998, 24(1): 24–45

    Article  Google Scholar 

  36. Dong J S, Liu S. An object semantic model of SOFL. In: Proceedings of 1st International Conference on Integrated Formal Methods. 1999, 189–208

  37. Needham R M, Schroeder M D. Using encryption for authentication in large networks of computers. Communications of the ACM, 1978, 21(12): 993–999

    Article  MATH  Google Scholar 

  38. Fujioka A, Okamoto T, Ohta K. A practical secret voting scheme for large scale elections. In: Proceedings of 1992 Workshop on the Theory and Application of Cryptographic Techniques. 1992, 244–251

  39. Zhou J, Gollmann D. A fair non-repudiation protocol. In: Proceedings of 15th IEEE Symposium on Security and Privacy. 1996, 55–61

  40. Abadi M, Blanchet B. Computer-assisted verification of a protocol for certified email. In: Proceedings of 10th International Symposium on Static Analysis. 2005, 316–335

  41. Okamoto T. An electronic voting scheme. In: Proceedings of IFIP World Conference on IT Tools. 1996, 21–30

  42. Lee B, Boyd C, Dawson E, Kim K, Yang J, Yoo S. Providing receiptfreeness in mixnet-based voting protocols. In: Proceedings of 6th International Conference on Information Security and Cryptology. 2003, 245–258

  43. Luu A T. Formal modeling and verifying privacy types properties of security protocols. Technical report, National University of Singapore, 2010, http://www.comp.nus.edu.sg/~pat/fm/security/

Download references

Author information

Authors and Affiliations

  1. School of Computing, National University of Singapore, Singapore, 119077, Singapore

    Anh Tuan Luu, Yang Liu & Jin Song Dong

  2. School of Computing, Singapore University of Technology and Design, Singapore, 138682, Singapore

    Jun Sun

  3. Department of Computer Science, Tianjin University, Tianjin, 300222, China

    Xiaohong Li

  4. Department of Computer Science, HoChiMinhCity University of Technology, HoChiMinh City, 162903, Vietnam

    Thanh Tho Quan

Authors
  1. Anh Tuan Luu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jin Song Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiaohong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Thanh Tho Quan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anh Tuan Luu.

Additional information

Mr. Anh Tuan LUU received his MSc in Computer Science from the National University of Singapore. Since 2011, he has been a research associate in Centre for Advanced Information Systems at Nanyang Technological University, Singapore. His research interests include formal methods, security protocol verification, semantic web, and bioinformation retrieval.

Dr. Jun SUN received Bachelor and PhD degrees in Computing Science from National University of Singapore (NUS) in 2002 and 2006. In June 2007, he received the LEEKUAN YEWpostdoctoral fellowship in the Computer Science Department at the National University of Singapore. In Septemper 2010, he joined Singapore University of Technology and Design as an Assistant Professor. He is a visiting scientist at MIT (2011–2012). Jun’s research is in areas of software engineering and formal methods, in particular, formal specification and verification. He is the co-founder of the PAT model checker.

Dr. Yang LIU graduated in 2005 with a Bachelor of Computing in the National University of Singapore (NUS). In 2010, he obtained his PhD and continued with his post doctoral work in NUS. Dr. Liu specializes in software verification using model checking techniques. This work led to the development of a state-of-the-art model checker, Process Analysis Toolkit. In 2011, Dr. Liu is awarded the Temasek Research Fellowship at NUS as the Principal Investigator in the area of Cyber Security. He continnes to pursue research in the verification of security related software using formal methods such as model checking and theorem proving.

Dr. Jin Song DONG received Bachelor and PhD degree in Computing from University of Queensland in 1992 and 1996. From 1995–1998, he was a Research Scientist at the Commonwealth Scientific and Industrial Research Organisation in Australia. Since 1998 he has been in the School of Computing at the National University of Singapore (NUS) where he is currently Associate Professor. He is co-founder of the PAT model checking system. He is a steering committee member of the International Conference on Formal Engineering Methods (ICFEM) and the Asia Pacific Software engineering Conference (APSEC) series. He was a Chair for many conferences and also on the editorial board of Formal Aspects of Computing and Innovations in Systems and Software Engineering, A NASA Journal.

Dr. Xiaohong LI received master of engineering degree from Tianjin University, China in 1999, and she received her Ph D in Engineering, major of Computer Science and Applications, from the Department of Computer Science, Tianjin University in Aug., 2005. Since Feb., 2001, she has been working as teacher and researcher in the Department of Computer Science, Tianjin University. Dr. Li is specialized in agentoriented software engineering, repaid development base on multiagent system, agent architecture research, agent security, and ambient intelligence.

Dr. Thanh Tho QUAN is a lecturer in the Faculty of Computer Science and Engineering, Hochiminh City University of Technology (HCMUT), Vietnam. He received his BEng degree in Information Technology from HCMUT in 1998 and received his PhD in 2006 from Nanyang Technological University, Singapore. His current research interests include formal methods, program analysis/verification, the Semantic Web, machine learning/data mining and intelligent systems.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Luu, A.T., Sun, J., Liu, Y. et al. SeVe: automatic tool for verification of security protocols. Front. Comput. Sci. 6, 57–75 (2012). https://doi.org/10.1007/s11704-012-2903-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-012-2903-3

Keywords

Search

Navigation