Skip to main content
SpringerLink
Log in

Verification of Authentication Protocols for Epistemic Goals via SAT Compilation

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

This paper introduces a new methodology that uses knowledge structures, a specific form of Kripke semantics for epistemic logic, to analyze communication protocols over hostile networks. The paper particularly focuses on automatic verification of authentication protocols. Our approach is based on the actual definitions of a protocol, not on some difficult-to-establish justifications. The proposed methodology is different from many previous approaches to automatic verification of security protocols in that it is justification-oriented instead of falsification-oriented, i.e., finding bugs in a protocol. The main idea is based on observations: separating a principal executing a run of protocol from the role in the protocol, and inferring a principal’s knowledge from the local observations of the principal. And we show analytically and empirically that this model can be easily reduced to Satisfiability (SAT) problem and efficiently implemented by a modern SAT solver.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Hintikka J. Knowledge and Belief. Ithaca, NY: Cornell University Press, 1962.

    Google Scholar 

  2. Fagin R, Halpern J, Moses Y, Vardi M. Reasoning about Knowledge. Cambridge, MA: MIT Press, 1995.

    MATH  Google Scholar 

  3. Halpern J, Zuck L. A little knowledge goes a long way: Simple knowledge based derivations and correctness proofs for a family of protocols. Journal of the ACM, 1992, 39(3): 449–478.

    Article  MathSciNet  MATH  Google Scholar 

  4. Stulp F, Verbrugge R. A knowledge-based algorithm for the Internet protocol TCP. Bulletin of Economic Research, 2002, 54(1): 69–94.

    Article  Google Scholar 

  5. Burrows M, Abadi M, Needham R M. A logic of authentication. ACM Trans. Computer Systems, 1990, 8(1): 18–36.

    Article  Google Scholar 

  6. Li Gong, Roger Needham, Raphael Yahalom. Reasoning about beliefs in cryptographic protocols. In Proc. IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, California, 1990, IEEE Computer Society Press, pp.234–248.

  7. Abadi M, Tuttle M R. A semantics for a logic of authentication. In Proc. the 10th Annual ACM Symp. Principles of Distributed Computing, Montreal, Canada, 1991, pp.201–216.

  8. Boyd C, Mao M. On a limitation of BAN logic. In Proc. EUROCRYPT’93, Lofthus, Norway: Springer-Verlag, LNCS 765, 1993, pp.240–247.

  9. P van Oorschot. Extending cryptographic logics of belief to key agreement. In Proc. 1st ACM Conf. Computer and Communications Security, Fairfax, USA, Nov. 1993, pp.232–243.

  10. P F Syverson, P C van Oorschot. A unified cryptographic protocol logic. Technical Report 5540-227, CHACS, Naval Research Lab, 1996.

  11. Kaile Su, Guanfeng Lv, Yan Zhang. Reasoning about knowledge by variable forgetting. In Proc. the 9th Int. Conf. Principles of Knowledge Representation and Reasoning KR-2004, Whistler, Canada, June 2004, pp.576–586.

  12. Lowe G. A hierarchy of authentication specifications. In Proc. 10th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, Rockport, USA, 1997, pp.31–43.

  13. Kaile Su, Guanfeng Lv, Qingliang Chen. Knowledge structure approach to verification of authentication protocols. Science in China, Series E: Information Sciences, April 2005, 35(4): 337–351.

    Google Scholar 

  14. Needham R M, Schroeder M D. Using encryption for authentication in large networks of computers. Communication of the ACM, 1978, 21(12): 993–999.

    Article  MATH  Google Scholar 

  15. Gavin Lowe. Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. Tools and Algorithms for the Construction and Analysis of Systems, Margaria and Steffen (eds.), LNCS 1055, Passau, Germany: Springer Verlag, 1996, pp.147–166.

  16. Kripke S. A semantical analysis of modal logic. I: Normal modal propositional calculi. Z. Math. Logik Grundl. Math., 1963, 9: 67–96.

    MathSciNet  MATH  Google Scholar 

  17. Fangzhen Lin. On strongest necessary and weakest sufficient conditions. In Proc. Seventh Int. Conf. Principles of Knowledge Representation and Reasoning, Breckenridge, Colorado, USA, April 11–15, 2000, pp.167–175.

  18. Dolev D, Yao A C. On the security of public-key protocols. IEEE Trans. Information Theory, Aug. 1983, 29(8): 198–208.

    Article  MathSciNet  MATH  Google Scholar 

  19. Durgin N, Lincoln P, Mitchell J, Scedrov A. Undecidability of bounded security protocols. In Proc. Workshop on Formal Methods and Security Protocols (FMSP’99), Trento, Italy, 1999, http://citeseer.nj.nec.com/durgin99undecidability.html.

  20. Iliano Cervesato, Catherine Meadows, Dusko Pavlovic. An encapsulated authentication logic for reasoning about key distribution protocol. In Eighteenth Computer Security Foundations Workshop — CSFW-18, IEEE Computer Society Press, Aix-en-Provence, France, 20–22 June, 2005, pp.48–61.

  21. Nancy A Durgin, John C Mitchell, Dusko Pavlovic. A compositional logic for proving security properties of protocols. Journal of Computer Security, 2003, 11(4): 677–722.

    Google Scholar 

  22. F Javier Thayer, Jonathan C Herzog, Joshua D Guttman. Strand spaces. Technical Report, The MITRE Corporation, Nov. 1997.

  23. John V Franco, Michal Kouril, John S Schlipf et al. SBSAT: A state-based, BDD-based satisfiability solver. In Proc. the Theory and Applications of Satisfiability Testing, 6th Int. Conf., SAT 2003., Santa Margherita Ligure, Italy, Springer, LNCS 2919, 2003, pp.398–410.

  24. Pierre Bieber. A logic of communication in hostile environment. In Proc. the 3rd IEEE Computer Security Foundations Workshop, Franconia, USA, IEEE Computer Society Press, June 1990, pp.14–22.

  25. Clarke E, Jha S Marrero. A machine checkable logic of knowledge for specifying security properties of electronic commerce protocols. In Proc. 13th IEEE Annual Symposium on Logic in Computer Science LICS98 Workshop on Formal Methods and Security Protocols, Indianapolis, Indiana, June 21–24, 1998, http://citeseer.ist.psu.edu/clarke98machine.html.

  26. Paul Syverson. Towards a strand semantics for authentication logic. Electronic Notes in Theoretical Computer Science, 1999, http://www.elsevier.nl/locate/entcs/volume20.html.

  27. Joseph Y Halpern, Riccardo Pucella. On the relationship between strand spaces and multi-agent systems. ACM Trans. Inf. Syst. Secur., 2003, 6(1): 43–70.

    Article  Google Scholar 

  28. Anupam Datta, Ante Derek, John C Mitchell, Dusko Pavlovic. A derivation system for security protocols and its logical formalization. In 16th IEEE Computer Security Foundations Workshop CSFW-16 2003, Pacific Grove, CA, USA, IEEE Computer Society, June 30–July 2, 2003, pp.109–125.

  29. Li Mengjun, Li Zhoujun, Chen Huowang. A survey of security protocol verification based on process algebra. Chinese J. Computer Research and Development, July 2004, 41(7): 1097–1103.

    Google Scholar 

  30. Abadi M, Gordon A. A calculus for cryptographic protocols: The spi calculus. In Proc. 4th ACM Conf. Computer and Communication Security, Zurich, Switzerland, April 1997, pp.36–47.

  31. Huai Jinpeng, Li Xianxian. Algebra model and security analysis for cryptographic protocols. Science in China, Series F: Information Sciences, Feb. 2004, 47(2): 199–220.

    Article  MATH  Google Scholar 

  32. Xue Rui, Feng Deng-Guo. New semantic model for authentication protocols in ASMs. J. Comput. Sci. & Tech., 2004, 19(4): 555–563.

    Article  MathSciNet  Google Scholar 

  33. Clarke E M, Jha S, Marrero W. Verifying security protocols with Brutus. ACM Trans. Software Engineering and Methodology, October 2000, 9(4): 443–487.

    Article  Google Scholar 

  34. Song D, Berezin S, Perrig A. Athena: A novel approach to efficient automatic security protocol analysis. Journal of Computer Security, 2001, 9(1, 2): 47–74.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Sun Yat-Sen University, Guangzhou, 510275, P.R. China

    Kai-Le Su, Qing-Liang Chen & Wei-Ya Yue

  2. Institute for Integrated and Intelligent Systems, Griffith University, Brisbane, Qld, 4111, Australia

    Kai-Le Su & Abdul Sattar

  3. College of Computer Science and Technology, Beijing University of Technology, Beijing, 100022, P.R. China

    Guan-Feng Lv

  4. Department of Computer Science, Brandenburg University of Technology, Cottbus, 03046, Germany

    Qing-Liang Chen & Xi-Zhong Zheng

Authors
  1. Kai-Le Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qing-Liang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abdul Sattar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei-Ya Yue
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guan-Feng Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xi-Zhong Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qing-Liang Chen.

Additional information

This work is supported by the National Grand Fundamental Research 973 Program of China under Grant No 2005CB321902, the National Natural Science Foundation of China under Grant Nos. 60496327, 10410638 and 60473004, German Research Foundation under Grant No. 446 CHV113/240/0-1, Guangdong Provincial Natural Science Foundation under Grant No. 04205407, and KAISI Fund in Sun Yat-Sen University.

Kai-Le Su is a professor in Dept. Computer Science, and director of Formal Verification and Multi-Agent System Lab in Sun Yat-Sen University, Guangzhou. Dr. Su got his Ph.D. degree in mathematics from Nanjing University in 1995. His research interests are mathematical logic and its applications to artificial intelligence, especially in model checking multi-agent systems, knowledge representation and reasoning, logic programming and symbolic algorithms.

Qing-Liang Chen got his Bachelor’s degree from Sun Yat-Sen University in 2002. He is currently a Ph.D. candidate in Dept. Computer Science, Sun Yat-Sen University. His research interests include theoretic and algorithmic issues in formal verification and automated reasoning.

Abdul Sattar is a professor in School of Computing and Information Technology at the Nathan campus of Griffith University, Brisbane, Australia, and director of Institute for Integrated and Intelligent Systems. He got his Ph.D. degree from Univ. Alberta, Canada in 1992. His research interests include knowledge representation, hypothetical reasoning, default logics, belief revision and logic programming, etc. He is a member of American Association of Artificial Intelligence (AAAI) and member of Association of Computing Machines (ACM).

Wei-Ya Yue got his Bachelor’s degree from Sun Yat-Sen University in 2004. He is currently a Master candidate in Department of Computer Science, Sun Yat-Sen University. His research interests include automated reasoning by symbolic algorithms.

Guan-Feng Lv was born in 1973, and got his Ph.D. degree from Department of Computer Science in Sun Yat-Sen University in 2005. He is now an assistant professor in College of Computer Science and Technology, Beijing University of Technology. His research interests include intelligent algorithms and systems.

Xi-Zhong Zheng is currently a Privat.Docent in Department of Computer Science, Brandenburg University of Technology Cottbus (BTU Cottbus), Cottbus, Germany. He got his Ph.D. degree in mathematics from Nanjing University in China in 1987 and Ph.D. degree in computer science from FernUniversitaet Hagen in Germany in 1998. His research interests include mathematical logic and its application to theoretical computer science, especially in structural complexity, computability and complexity in analysis.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Su, KL., Chen, QL., Sattar, A. et al. Verification of Authentication Protocols for Epistemic Goals via SAT Compilation. J Comput Sci Technol 21, 932–943 (2006). https://doi.org/10.1007/s11390-006-0932-9

Download citation

  • Received:

  • Revised:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-006-0932-9

Keywords

Search

Navigation