Skip to main content
Log in

The principle of guarantee availability for security protocol analysis

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Conformity to prudent design principles is an established approach to protocol correctness although it is not free of limitations. We term goal availability a design principle that is often implicitly followed, prescribing protocols to aim at principal-centric goals. Adherence to a design principle is normally established through protocol analysis that is an evaluation of whether a protocol achieves its goals. However, the literature shows that there exists no clear guidance on how to conduct and interpret such an analysis, a process that is only left to the analyzer’s skill and experience. Goal availability has the desirable feature that its supporting protocol analysis can be precisely guided by what becomes a principle of realistic analysis, which we call guarantee availability. It prescribes that the outcome of the analysis, which is the set of guarantees confirming the protocol goals, be practically applicable by the protocol participants. In consequence, the guarantees must be based on assumptions that the principals have the capacity to verify. Our focus then turns entirely to protocol analysis, because an analysis conforming to guarantee availability signifies that the analyzed protocol conforms to goal availability. Existing analysis of (both classical and deployed) protocols has been reconsidered with the aim of studying their conformity to guarantee availability. Some experiments clarify the relationships between goal availability and the existing design principles, with particular reference to explicitness. Other experiments demonstrate that boosting an analysis with guarantee availability generally makes it deeper, unveiling additional protocol niceties that depending on the analyzer’s skills may remain overseen otherwise. In particular, an established claim about a protocol (made using a well-known formal method) can be subverted.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M., Gordon, A.: Reasoning about cryptographic protocols in the spi calculus. In: Mazurkiewicz, A.W., Winkowski, J. (eds.) Proceedings of the 8th International Conference on Concurrency Theory (CONCUR’97), LNCS 1243, pp. 59–73. Springer (1997)

  2. Abadi M., Needham R.M.: Prudent engineering practice for cryptographic protocols. IEEE Trans. Softw. Eng. 22(1), 6–15 (1996)

    Article  Google Scholar 

  3. Abdalla M., Fouque P.A., Pointcheval D.: Password-based authenticated key exchange in the three-party setting. IEE Proc. Inf. Secur. 153(1), 27–39 (2006)

    Article  Google Scholar 

  4. Anderson, R., Needham, R.M.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) Proceedings of Advances in Cryptography (CRYPTO’95), LNCS 963, pp. 236–247. Springer (1995)

  5. Bella, G.: Availability of protocol goals. In: Panda, B. (ed.) Proceedings of the 18th ACM Symposium on Applied Computing (ACM SAC’03), pp. 312–317. ACM Press (2003a)

  6. Bella G.: Inductive verification of smartcard protocols. J. Comput. Secur. 11(1), 87–132 (2003b)

    Google Scholar 

  7. Bella G.: Formal Correctness of Security Protocols. Information Security and Cryptography. Springer, Berlin (2007)

    Book  Google Scholar 

  8. Bella, G., Paulson, L.C.: Kerberos Version IV: inductive analysis of the secrecy goals. In: Quisquater, J.J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) Proceedings of the 5th European Symposium on Research in Computer Security (ESORICS’98), LNCS 1485, pp. 361–375. Springer (1998)

  9. Bella G., Paulson L.C.: Accountability protocols: formalized and verified. ACM Trans. Inf. Syst. Secur. 9(2), 1–24 (2006)

    Article  Google Scholar 

  10. Bella G., Massacci F., Paulson L.C.: Verifying the SET registration protocols. IEEE J. Sel. Areas Commun. 21(1), 77–87 (2003)

    Article  Google Scholar 

  11. Bellare, M., Rogaway, P.: Provably secure session key distribution—the three party case. In: Proceedings of the 27th ACM SIGACT Symposium on Theory of Computing (STOC’95), pp. 57–66. ACM Press (1995)

  12. Brackin, S.: A HOL extension of GNY for automatically cryptographic protocols. In: Proceedings of the 9th IEEE Computer Security Foundations Workshop (CSFW’96), pp. 62–76. IEEE Press (1996)

  13. Burrows M., Abadi M., Needham R.M.: A logic of authentication. Proc. R. Soc. Lond. 426, 233–271 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  14. Denning D.E., Sacco G.M.: Timestamps in key distribution protocols. Commun. ACM 24(8), 533–536 (1981)

    Article  Google Scholar 

  15. Dolev D., Yao A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  16. Gollmann, D.: On the verification of cryptographic protocols—a tale of two committees. In: Schneider, S., Ryan, P.Y.A. (eds.) Proceedings of the Workshop on Secure Architectures and Information Flow, ENTCS 32, pp. 42–58. Elsevier (2000)

  17. Gong, L., Syverson. P.: Fail-stop protocols: an approach to designing secure protocols. In: Iyer, R.K., Morganti, M., Fuchs, W.K., Gligor, V. (eds.) Proceedings of the 5th International Working Conference on Dependable Computing for Critical Applications (DCCA’95), pp. 79–100. IEEE Press (1998)

  18. Heather, J., Schneider, S.: Towards automatic verification of authentication protocols on an unbounded network. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW’00), pp. 132–143. IEEE Press (2000)

  19. Jerdonek, R., Honeyman, P., Coffman, K., Rees, J., Wheeler, K.: Implementation of a provably secure, smartcard-based key distribution protocol. In: Quisquater, J.J., Schneier, B. (eds.) Proceedings of the 3rd Smartcard Research and Advanced Application Conference (CARDIS’98), pp. 229–235. (1998)

  20. Lowe G.: Breaking and fixing the Needham–Schroeder public-key protocol using CSP and FDR. In: Margaria, T., Steffen, B. (eds) Proceedings of the 2nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’96), LNCS 1055, pp. 147–166. Springer, Berlin (1996)

    Google Scholar 

  21. Lowe G., Roscoe A.W.: Using CSP to detect errors in the TMN protocol. IEEE Trans. Softw. Eng. 3(10), 659–669 (1997)

    Article  Google Scholar 

  22. Meadows, C.: Invariant generation techniques in cryptographic protocol analysis. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW’00), pp. 159–169. IEEE Press (2000)

  23. Meadows C.A.: The NRL protocol analyzer: an overview. J. Log. Program. 26(2), 113–131 (1996)

    Article  MATH  Google Scholar 

  24. Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL: A Proof Assistant for Higher-Order Logic. Springer, LNCS Tutorial 2283 (2002)

  25. Paulson, L.C.: Proving properties of security protocols by induction. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW’97), pp. 70–83. IEEE Press (1997)

  26. Paulson L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6, 85–128 (1998)

    Google Scholar 

  27. Paulson L.C.: Inductive analysis of the internet protocol TLS. ACM Trans. Comput. Syst. Secur. 2(3), 332–351 (1999)

    Article  Google Scholar 

  28. Ryan, P.Y.A., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, A.W.: Modelling and Analysis of Security Protocols. Addison-Wesley (2001)

  29. Schneider, S.: Verifying authentication protocols with CSP. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW’97), pp. 3–17. IEEE Press (1997)

  30. Shoup, V., Rubin, A.: Session key distribution using smartcards. In: Maurer, U. (ed.) Advances in Cryptology (Eurocrypt’96), LNCS 1070, pp. 321–331. Springer (1996)

  31. Song, B., Kim, K.: Two-pass authenticated key agreement protocol with key confirmation. In: Roy, B.K., Okamoto, E. (eds.) Proceeings of 1st International Conference in Cryptology in India, Indocrypt 2000, LNCS 1977, pp. 237–249. Springer (2000)

  32. Syverson, P.F.: Limitations on design principles for public key protocols. In: Proceedings of the 15th IEEE Symposium on Security and Privacy (SSP’96), pp. 62–72. IEEE Press (1996)

  33. Thayer F.J., Herzog J.C., Guttman J.D.: Strand spaces: proving security protocols correct. J. Comput. Secur. 7, 191–220 (1999)

    Google Scholar 

  34. URL (2009a) Isabelle download page. http://www.cl.cam.ac.uk/Research/HVG/Isabelle/download.html

  35. URL (2009b) Old Isabelle releases. http://www.cl.cam.ac.uk/Research/HVG/Isabelle/download_past.html

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Giampaolo Bella.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bella, G. The principle of guarantee availability for security protocol analysis. Int. J. Inf. Secur. 9, 83–97 (2010). https://doi.org/10.1007/s10207-009-0097-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-009-0097-y

Keywords

Navigation