SmartVerif: Push the Limit of Automation Capability of Verifying Security Protocols by Dynamic Strategies

Current formal approaches have been successfully used to find design flaws in many security protocols. However, it is still challenging to automatically analyze protocols due to their large or infinite state spaces. In this paper, we propose SmartVerif, a novel and general framework that pushes the limit of automation capability of state-of-the-art verification approaches. The primary technical contribution is the dynamic strategy inside SmartVerif, which can be used to smartly search proof paths. Different from the non-trivial and error-prone design of existing static strategies, the design of our dynamic strategy is simple and flexible: it can automatically optimize itself according to the security protocols without any human intervention. With the optimized strategy, SmartVerif can localize and prove supporting lemmata, which leads to higher probability of success in verification. The insight of designing the strategy is that the node representing a supporting lemma is on an incorrect proof path with lower probability, when a random strategy is given. Hence, we implement the strategy around the insight by introducing a reinforcement learning algorithm. We also propose several methods to deal with other technical problems in implementing SmartVerif. Experimental results show that SmartVerif can automatically verify all security protocols studied in this paper. The case studies also validate the efficiency of our dynamic strategy.

[1]  Steve A. Schneider,et al.  Formal Analysis of V2X Revocation Protocols , 2017, STM.

[2]  Graham Steel,et al.  Formal Analysis of Protocols Based on TPM State Registers , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[3]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[4]  Guilin Wang Generic non-repudiation protocols supporting transparent off-line TTP , 2006, J. Comput. Secur..

[5]  Véronique Cortier,et al.  Designing and Proving an EMV-Compliant Payment Protocol for Mobile Devices , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[6]  Ralf Küsters,et al.  A Comprehensive Formal Security Analysis of OAuth 2.0 , 2016, CCS.

[7]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[8]  Karthikeyan Bhargavan,et al.  Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[9]  Ralf Sasse,et al.  A Formal Analysis of 5G Authentication , 2018, CCS.

[10]  Flemming Nielson,et al.  Set-Pi: Set Membership p-Calculus , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[11]  David A. Basin,et al.  Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[12]  Joshua D. Guttman State and Progress in Strand Spaces: Proving Fair Exchange , 2010, Journal of Automated Reasoning.

[13]  Véronique Cortier,et al.  A Formal Analysis of the Neuchatel e-Voting Protocol , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[14]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[15]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[16]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[17]  Shane Legg,et al.  Human-level control through deep reinforcement learning , 2015, Nature.

[18]  Flemming Nielson,et al.  Formal Security Analysis of the MaCAN Protocol , 2014, IFM.

[19]  Cas J. F. Cremers,et al.  Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5 , 2017, ESORICS.

[20]  Long-Ji Lin,et al.  Reinforcement learning for robots using neural networks , 1992 .

[21]  Gernot Heiser,et al.  The Last Mile: An Empirical Study of Timing Channels on seL4 , 2014, CCS.

[22]  José Meseguer,et al.  Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties , 2009, FOSAD.

[23]  Ralf Sasse,et al.  Automated Symbolic Proofs of Observational Equivalence , 2015, CCS.

[24]  Vincent Cheval,et al.  A Little More Conversation, a Little Less Action, a Lot More Satisfaction: Global States in ProVerif , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[25]  Karthikeyan Bhargavan,et al.  Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[26]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[27]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[28]  Graham Steel,et al.  YubiSecure? Formal Security Analysis Results for the Yubikey and YubiHSM , 2012, STM.

[29]  Robert Künnemann,et al.  Automated Analysis of Security Protocols with Global State , 2014, 2014 IEEE Symposium on Security and Privacy.

[30]  Mark Ryan,et al.  StatVerif: Verification of Stateful Processes , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[31]  Taro Sekiyama,et al.  Automated proof synthesis for propositional logic with deep neural networks , 2018, ArXiv.

[32]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[33]  Markus Jakobsson,et al.  Abuse-Free Optimistic Contract Signing , 1999, CRYPTO.

[34]  Josef Urban,et al.  DeepMath - Deep Sequence Models for Premise Selection , 2016, NIPS.

[35]  Timothy Bourke,et al.  seL4: From General Purpose to a Proof of Information Flow Enforcement , 2013, 2013 IEEE Symposium on Security and Privacy.

[36]  Graham Steel,et al.  Formal security analysis of PKCS#11 and proprietary extensions , 2010, J. Comput. Secur..

[37]  Catherine A. Meadows,et al.  Language generation and verification in the NRL protocol analyzer , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[38]  Cas J. F. Cremers,et al.  Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[39]  Ingrid Verbauwhede,et al.  CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus , 2011 .

[40]  Gilles Barthe,et al.  Cache-Leakage Resilient OS Isolation in an Idealized Model of Virtualization , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[41]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[42]  Daniel J. Dougherty,et al.  A Hybrid Analysis for Security Protocols with State , 2014, IFM.

[43]  Olfa Mosbahi,et al.  Distributed Reconfigurable B approach for the specification and verification of B-based distributed reconfigurable control systems , 2017 .

[44]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[45]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[46]  Cas J. F. Cremers,et al.  A Comprehensive Symbolic Analysis of TLS 1.3 , 2017, CCS.

[47]  Frank Piessens,et al.  Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 , 2017, CCS.

[48]  Josef Urban,et al.  ATPboost: Learning Premise Selection in Binary Setting with ATP Feedback , 2018, IJCAR.

[49]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[50]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[51]  Sebastian Mödersheim Abstraction by set-membership: verifying security protocols and web services with databases , 2010, CCS '10.

[52]  Danqi Chen,et al.  Reasoning With Neural Tensor Networks for Knowledge Base Completion , 2013, NIPS.