Unbounded verification, falsification, and characterization of security protocols by pattern refinement

We present a new verification algorithm for security protocols that allows for unbounded verification, falsification, and complete characterization. The algorithm provides a number of novel features, including: (1) Guaranteed termination, after which the result is either unbounded correctness, falsification, or bounded correctness. (2) Efficient generation of a finite representation of an infinite set of traces in terms of patterns, also known as a complete characterization. (3) State-of-the-art performance, which has made new types of protocol analysis feasible, such as multi-protocol analysis.

[1]  Cas Cremers Comparing State Spaces in Automatic Protocol Verification , 2007 .

[2]  Agostino Cortesi,et al.  Causality-based Abstraction of Multiplicity in Security Protocols , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[3]  Mathieu Turuani,et al.  The CL-Atse Protocol Analyser , 2006, RTA.

[4]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[5]  Simon Meier A Formalization of an Operational Semantics of Security Protocols , 2007 .

[6]  Cas J. F. Cremers Feasibility of multi-protocol attacks , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[7]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[8]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[9]  Cas J. F. Cremers,et al.  Operational Semantics of Security Protocols , 2003, Scenarios: Models, Transformations and Tools.

[10]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[11]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[12]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[13]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[14]  Alessandro Armando,et al.  SAT-based model-checking for security protocols analysis , 2008, International Journal of Information Security.

[15]  Sandro Etalle,et al.  An Improved Constraint-Based System for the Verification of Security Protocols , 2002, SAS.

[16]  Joshua D. Guttman,et al.  Skeletons, Homomorphisms, and Shapes: Characterizing Protocol Executions , 2007, MFPS.

[17]  Michael Backes,et al.  The CASPA Tool: Causality-Based Abstraction for Security Protocol Analysis , 2008, CAV.

[18]  Sergey Berezin Extensions to Athena : Constraint Satisfiability Problem and New Pruning Theorems Based on Type System Extensions for Messages , 2007 .

[19]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[20]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[21]  Dawn Xiaodong Song,et al.  Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis , 2001, J. Comput. Secur..

[22]  Lawrence C. Paulson,et al.  Inductive analysis of the Internet protocol TLS , 1999, TSEC.

[23]  Jonathan Millen A Necessarily Parallel Attack , 1999 .

[24]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[25]  Michele Bugliesi,et al.  Authenticity by tagging and typing , 2004, FMSE '04.

[26]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[27]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[28]  Flemming Nielson,et al.  Static validation of security protocols , 2005, J. Comput. Secur..

[29]  Alan Jeffrey,et al.  Pattern-matching spi-calculus , 2004, Inf. Comput..

[30]  A. N.A.DurginP.D.LincolnJ.C.Mitchell,et al.  Undecidability of bounded security protocols , 1999 .