Automated Analysis of Cryptographic Protocols Using Mur '

A methodology is presented for using a general-purpose state enumeration tool, Mur', to analyze cryptographic and security-related protocols. We illustrate the feasibility of the approach by analyzing the Needham-Schroeder protocol, nding a known bug in a few seconds of computation time, and analyzing variants of Kerberos and the faulty TMN protocol used in another comparative study. The eeciency of Mur' allows us to examine multiple runs of relatively short protocols , giving us the ability to detect replay attacks, or errors resulting from confusion between independent execution of a protocol by independent parties.

[1]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[2]  Natsume Matsuzaki,et al.  Key Distribution Protocol for Digital Mobile Communication Systems , 1989, CRYPTO.

[3]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[4]  John T. Kohl,et al.  The Evolution of the Kerberos Authentication Service , 1992 .

[5]  Alan J. Hu,et al.  Protocol verification as a hardware design aid , 1992, Proceedings 1992 IEEE International Conference on Computer Design: VLSI in Computers & Processors.

[6]  David L. Dill,et al.  Formal specification of abstract memory models , 1993 .

[7]  A. W. Roscoe Modelling and verifying key-exchange protocols using CSP and FDR , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[8]  David L. Dill,et al.  Automatic verification of the SCI cache coherence protocol , 1995, CHARME.

[9]  David Gao,et al.  System design methodology of ultraSPARC-I , 1995, DAC '95.

[10]  David L. Dill,et al.  State reduction using reversible rules , 1996, DAC '96.

[11]  L. C.NorrisIpDavid,et al.  Better Veri cation Through Symmetry , 1996 .

[12]  Catherine A. Meadows,et al.  Analyzing the Needham-Schroeder Public-Key Protocol: A Comparison of Two Approaches , 1996, ESORICS.

[13]  Steve A. Schneider Security properties and CSP , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[14]  G. Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol using CSP and FDR , 1996 .

[15]  Parallelizing the Mur' Veriier , 1997 .

[16]  David L. Dill,et al.  Verifying Systems with Replicated Components in Murϕ , 1999, Formal Methods Syst. Des..