Abstract
In this paper, we consider how one can analyse a stream authentication protocol using model checking techniques. In particular, we will be focusing on the Timed Efficient Stream Loss-tolerant Authentication Protocol, TESLA. This protocol differs from the standard class of authentication protocols previously analysed using model checking techniques in the following interesting way: an unbounded stream of messages is broadcast by a sender, making use of an unbounded stream of keys; the authentication of the n-th message in the stream is achieved on receipt of the n+1-th message. We show that, despite the infinite nature of the protocol, it is possible to build a finite model that correctly captures its behaviour.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Anderson R, Bergadano F, Crispo B, Lee J-H, Manifavas C, Needham R (1998) A new family of authentication protocols. Oper Sys Rev 32(4):9–20
Archer M (2002) Proving correctness of the basic TESLA multicast stream authentication protocol with TAME. In: Proc. workshop on issues in the theory of security
Broadfoot (Hopcroft) P, Lowe G, Roscoe B (2000) Automating data independence. In: Proc. 6th European symposium on research in computer security, LNCS, vol 1895. Springer, pp 175–190
Dolev D, Yao AC (1983) On the security of public-key protocols. Commun ACM 29(8):198–208, August 1983
Formal Systems (Europe) Ltd. (2000) Failures – Divergence Refinement – FDR2 User Manual. http://www.fsel.com/fdr2_manual.html
Hui ML, Lowe G (2001) Fault-preserving simplifying transformations for security protocols. J Comput Sci 9(1–2):3–46
Hoare CAR (1985) Communicating sequential processes. Prentice-Hall, Englewood Cliffs, NJ
Heather JA, Schneider SA (2002) Equal to the task? In: Proc. 7th European symposium on research in computer security, LNCS, vol 2502. Springer, Berlin Heidelberg New York, pp 162–177
Hui ML (2001) A CSP approach to the analysis of security protocols. PhD thesis, University of Leicester, Leicester, UK
Lazić R (1999) Theorems for mechanical verification of data-independent CSP. D.Phil, Oxford University, Oxford, UK
Lowe G (1996) Breaking and fixing the Needham–Schroeder public-key protocol using FDR. In: Proc. TACAS. LNCS, vol 1055. Springer, Berlin Heidelberg New York, pp 147–166. Also in: Software – concepts and tools, 1996, 17:93–102
Lowe G (1998) Casper: A compiler for the analysis of security protocols. J Comput Secur 6:53–84
Lowe G, Roscoe B (1997) Using CSP to detect errors in the TMN protocol. IEEE Trans Softw Eng 23(10):659–669
Perrig A, Canetti R, Tygar JD, Song DX (2000) Efficient authentication and signing of multicast streams over lossy channels. In: Proc. IEEE symposium on security and privacy, May 2000, pp 56–73
Roscoe AW, Goldsmith MH (1997) The perfect ‘spy’ for model-checking crypto-protocols. In: Proc. DIMACS workshop on the design and formal verification of cryptographic protocols
Roscoe AW, Broadfoot (Hopcroft) PJ (1999) Proving security protocols with model checkers by data independence techniques. J Comput Secur 7(2–3):147–190
Roscoe AW (1997) The theory and practice of concurrency. Prentice-Hall, Englewood Cliffs, NJ
Roscoe AW (1998) Proving security protocols with model checkers by data independence techniques. In: Proc. 11th IEEE Computer Security Foundations workshop, pp 84–95
Ryan P, Schneider S, Goldsmith M, Lowe G, Roscoe B (2001) Modelling and analysis of security protocols. Pearson Education , Great Britain
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hopcroft, P., Lowe, G. Analysing a stream authentication protocol using model checking. IJIS 3, 2–13 (2004). https://doi.org/10.1007/s10207-004-0040-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-004-0040-1