research-article

Unbounded verification, falsification, and characterization of security protocols by pattern refinement

Author:

Cas J.F. CremersAuthors Info & Claims

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

Pages 119 - 128

https://doi.org/10.1145/1455770.1455787

Published: 27 October 2008 Publication History

Abstract

We present a new verification algorithm for security protocols that allows for unbounded verification, falsification, and complete characterization. The algorithm provides a number of novel features, including: (1) Guaranteed termination, after which the result is either unbounded correctness, falsification, or bounded correctness. (2) Efficient generation of a finite representation of an infinite set of traces in terms of patterns, also known as a complete characterization. (3) State-of-the-art performance, which has made new types of protocol analysis feasible, such as multi-protocol analysis.

References

[1]

A. Armando and L. Compagna. Sat-based model checking for security protocols analysis. International Journal of Information Security, 7(1):3--32, 2008.

Digital Library

[2]

M. Backes, S. Lorenz, M. Maffei, and K. Pecina. The CASPA tool: Causality--based abstraction for security protocol analysis. In A. Gupta and S. Malik, editors, CAV, volume 5123 of Lecture Notes in Computer Science, pages 419--422. Springer, 2008.

Digital Library

[3]

M. Backes, M. Maffei, and A. Cortesi. Causality-based abstraction of multiplicity in security protocols. In Proc. 20th IEEE Computer Security Foundations Symposium (CSF). IEEE Computer Society, June 2007.

Digital Library

[4]

D. Basin, S. Moedersheim, and L. Vigano. OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 4(3):181--208, 2005.

Digital Library

[5]

S. Berezin. Extensions to Athena: Constraint satisfiability problem and new pruning theorems based on type system extensions for messages. http://www.sergeyberezin.com/papers/athena--extensions.ps (unpublished manuscript), 2001.

[6]

B. Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pages 82--96, Cape Breton, June 2001. IEEE Computer Society.

Digital Library

[7]

C. Bodei, M. Buchholtz, P. Degano, F. Nielson, and H. Nielson. Static validation of security protocols. Journal of Computer Security, 13(3):347--390, 2005.

Digital Library

[8]

Y. Boichut, P.-C. Heam, O. Kouchnarenko, and F. Oehl. Improvements on the Genet and Klay technique to automatically verify security protocols. In Proc. International Workshop on Automated Verification of Infinite-State Systems (AVIS'2004).

[9]

M. Bugliesi, R. Focardi, and M. Maffei. Authenticity by tagging and typing. In Proc. 2nd ACM Workshop on Formal Methods in Security Engineering (FMSE), pages 1--12. ACM Press, 2004.

Digital Library

[10]

M. Burrows, M. Abadi, and R. Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, 1990.

Digital Library

[11]

R. Corin and S. Etalle. An improved constraint-based system for the verification of security protocols. In Proc. 9th International Static Analysis Symposium (SAS), volume 2477 of Lecture Notes in Computer Science, pages 326--341, Spain, Sep 2002. Springer.

Digital Library

[12]

C. Cremers. Feasibility of multi-protocol attacks. In Proc. of The First International Conference on Availability, Reliability and Security (ARES), pages 287--294, Vienna, Austria, April 2006. IEEE Computer Society.

Digital Library

[13]

C. Cremers. The Scyther Tool: Verification, falsification, and analysis of security protocols. In Computer Aided Verification, 20th International Conference, CAV 2008, Princeton, USA, Proc., volume 5123/2008 of Lecture Notes in Computer Science, pages 414--418. Springer, 2008.

Digital Library

[14]

C. Cremers and P. Lafourcade. Comparing state spaces in automatic protocol verification. In Proc. of the 7th Int. Workshop on Automated Verification of Critical Systems (AVoCS'07), Electronic Notes in Theoretical Computer Science. Elsevier Science Direct, September 2007.

[15]

C. Cremers and S. Mauw. Operational semantics of security protocols. In Scenarios: Models, Transformations and Tools, International Workshop, 2003, Revised Selected Papers, volume 3466 of Lecture Notes in Computer Science. Springer, 2005.

[16]

S. Doghmi, J. D. Guttman, and F. Thayer. Skeletons, homomorphisms, and shapes: Characterizing protocol executions. In Proc. of the 23rd Conf. on the Mathematical Foundations of Programming Semantics (MFPS XXIII), volume 173 of Electronic Notes in Theoretical Computer Science, pages 85--102. Elsevier ScienceDirect, April 2007.

Digital Library

[17]

D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(12):198--208, Mar. 1983.

Digital Library

[18]

N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. Undecidability of bounded security protocols. In Proc. of the FLOC'99 Workshop on Formal Methods and Security Protocols (FMSP'99), 1999.

[19]

C. Haack and A. Jeffrey. Pattern-matching spi-calculus. Inf. Comput., 204(8):1195--1263, 2006.

Digital Library

[20]

F. O. P. IST-2001-39252. AVISPA: Automated validation of internet security protocols and applications, 2003.

[21]

G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proc. 2nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 1055 of Lecture Notes in Computer Science, pages 147--166. Springer, 1996.

Digital Library

[22]

G. Lowe. Casper: A compiler for the analysis of security protocols. In Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pages 18--30. IEEE Computer Society, 1997.

Digital Library

[23]

C. Meadows. The NRL protocol analyzer: An overview. Journal of Logic Programming, 26(2):113--131, 1996.

[24]

S. Meier. A formalization of an operational semantics of security protocols. Diploma thesis, ETH Zurich, August 2007. http://people.inf.ethz.ch/meiersi/fossp/index.html.

[25]

J. Millen. A necessarily parallel attack. In Workshop on Formal Methods and Security Protocols, Trento, Italy, 1999.

[26]

L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85--128, 1998.

Digital Library

[27]

L. Paulson. Inductive analysis of the Internet protocol TLS. ACM Transactions on Information and System Security, 2(3):332--351, Aug. 1999.

Digital Library

[28]

D. Song, S. Berezin, and A. Perrig. Athena: A novel approach to efficient automatic security protocol analysis. Journal of Computer Security, 9(1/2):47--74, 2001.

Digital Library

[29]

Security protocols open repository (SPORE). http://www.lsv.ens-cachan.fr/spore.

[30]

F. Thayer, J. Herzog, and J. Guttman. Strand spaces: Proving security protocols correct. Journal of Computer Security, 7:191--230, 1999.

Digital Library

[31]

M. Turuani. The CL-Atse protocol analyser. In Proc. RTA'06, volume 4098 of Lecture Notes in Computer Science, pages 227--286. Springer, Aug. 2006.

Digital Library

Cited By

Le TPham XLe V(2024)Advancing Security Protocol Verification: A Comparative Study of Scyther, TamarinJournal of Technical Education Science10.54644/jte.2024.152319:1(43-53)Online publication date: 28-Feb-2024
https://doi.org/10.54644/jte.2024.1523
Feng HGuan JLi HPan XZhao Z(2023)FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework ProtocolIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321725920:5(4291-4310)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3217259
Guan JLi HYe HZhao Z(2022)A Formal Analysis of the FIDO2 ProtocolsComputer Security – ESORICS 202210.1007/978-3-031-17143-7_1(3-21)Online publication date: 26-Sep-2022
https://dl.acm.org/doi/10.1007/978-3-031-17143-7_1
Show More Cited By

Index Terms

Unbounded verification, falsification, and characterization of security protocols by pattern refinement
1. Networks
  1. Network protocols
    1. Protocol correctness
      1. Protocol testing and verification

Recommendations

How verified (or tested) is my code? Falsification-driven verification and testing

Formal verification has advanced to the point that developers can verify the correctness of small, critical modules. Unfortunately, despite considerable efforts, determining if a "verification" verifies what the author intends is still difficult. ...
Local abstract verification and refinement of security protocols
FMSE '08: Proceedings of the 6th ACM workshop on Formal methods in security engineering

The verification problem for security protocols is undecidable, but it is feasible to verify protocols by abstract interpretation. This paper presents a method based on local abstraction and refinement for verifying security protocols terminably. Local ...
Distribution models for falsification and verification of DNNs
ASE '21: Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering

DNN validation and verification approaches that are input distribution agnostic waste effort on irrelevant inputs and report false property violations. Drawing on the large body of work on model-based validation and verification of traditional systems, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

October 2008

590 pages

ISBN:9781595938107

DOI:10.1145/1455770

General Chair:
Peng Ning
North Carolina State University, USA
,
Program Chairs:
Paul Syverson
Naval Research Laboratory, USA
,
Somesh Jha
University of Wisconsin, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 27 - 31, 2008

Virginia, Alexandria, USA

Acceptance Rates

CCS '08 Paper Acceptance Rate 51 of 280 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

40
Total Citations
View Citations
580
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)1

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Le TPham XLe V(2024)Advancing Security Protocol Verification: A Comparative Study of Scyther, TamarinJournal of Technical Education Science10.54644/jte.2024.152319:1(43-53)Online publication date: 28-Feb-2024
https://doi.org/10.54644/jte.2024.1523
Feng HGuan JLi HPan XZhao Z(2023)FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework ProtocolIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321725920:5(4291-4310)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3217259
Guan JLi HYe HZhao Z(2022)A Formal Analysis of the FIDO2 ProtocolsComputer Security – ESORICS 202210.1007/978-3-031-17143-7_1(3-21)Online publication date: 26-Sep-2022
https://dl.acm.org/doi/10.1007/978-3-031-17143-7_1
Miao XGu CLu SShi Y(2021)ESSMSecurity and Communication Networks10.1155/2021/82731722021Online publication date: 7-Dec-2021
https://dl.acm.org/doi/10.1155/2021/8273172
Zhang TSzefer JLee R(2021)Practical and Scalable Security Verification of Secure ArchitecturesProceedings of the 10th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3505253.3505256(1-9)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3505253.3505256
Mall PBhuiyan MAmin R(2019)A Lightweight Secure Communication Protocol for IoT Devices Using Physically Unclonable FunctionSecurity, Privacy, and Anonymity in Computation, Communication, and Storage10.1007/978-3-030-24907-6_3(26-35)Online publication date: 11-Jul-2019
https://doi.org/10.1007/978-3-030-24907-6_3
Blot EDreier JLafourcade P(2018)Formal Analysis of Combinations of Secure ProtocolsFoundations and Practice of Security10.1007/978-3-319-75650-9_4(53-67)Online publication date: 17-Feb-2018
https://doi.org/10.1007/978-3-319-75650-9_4
Abadi MBlanchet BFournet C(2017)The Applied Pi CalculusJournal of the ACM10.1145/312758665:1(1-41)Online publication date: 26-Oct-2017
https://dl.acm.org/doi/10.1145/3127586
Mundhenk PPaverd AMrowca ASteinhorst SLukasiewycz MFahmy SChakraborty S(2017)Security in Automotive NetworksACM Transactions on Design Automation of Electronic Systems10.1145/296040722:2(1-27)Online publication date: 13-Mar-2017
https://dl.acm.org/doi/10.1145/2960407
Blanchet B(2017)Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols2017 IEEE 30th Computer Security Foundations Symposium (CSF)10.1109/CSF.2017.7(68-82)Online publication date: Aug-2017
https://doi.org/10.1109/CSF.2017.7
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten