Analyzing a Library of Security Protocols using Casper and FDR

In this paper we describe the analysis of a library of fifty security protocols using FDR, a model checker for the process algebra CSP, and Casper, a compiler that produces the CSP descriptions from a more concise description. We succeed in finding nearly all of the attacks previously reported upon these protocols; in addition, we identify several new attacks.

[1]  Martín Abadi,et al.  Prudent engineering practice for cryptographic protocols , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[3]  Gavin Lowe Casper: a compiler for the analysis of security protocols , 1998 .

[4]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[5]  Tzonelih Hwang,et al.  Two Attacks on Neuman-Stubblebine Authentication Protocols , 1995, Inf. Process. Lett..

[6]  A. W. Roscoe,et al.  Using CSP to Detect Errors in the TMN Protocol , 1997, IEEE Trans. Software Eng..

[7]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[8]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[9]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[10]  Stephen H. Brackin Evaluating and improving protocol analysis by automatic proof , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[11]  Joshua D. Guttman,et al.  Honest ideals on strand spaces , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).