CVS: a compiler for the analysis of cryptographic protocols

The Security Process Algebra (SPA) is a CCS-like specification language where actions belong to two different levels of confidentiality. It has been used to define several non-interference-like security properties whose verification has been automatized by means of the tool CoSeC. In recent years, a method for analyzing security protocols using SPA and CoSeC has been developed. Even if it has been useful in analyzing small security protocols, this method has shown to be error-prone as it requires the description by hand of the protocol and of the environment in which it will execute. This problem has been solved by defining a protocol specification language more abstract than SPA, called VSP and a compiler CVS that generates in an automatic way the SPA specification for a given protocol described in VSP. The VSP/CVS technology is very powerful and its usefulness is shown with the case-study of the Woo-Lam one-way authentication protocol, for which an attack undocumented in the literature is found.

[1]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[2]  A. W. Roscoe,et al.  Using CSP to Detect Errors in the TMN Protocol , 1997, IEEE Trans. Software Eng..

[3]  T.Y.C. Woo,et al.  'Authentication' revisited (correction and addendum to 'Authentication' for distributed systems, Jan. 92, 39-52) , 1992 .

[4]  Mahadev Satyanarayanan,et al.  Integrating security in a large distributed system , 1989, TOCS.

[5]  Thomas Y. C. Woo,et al.  Authentication for distributed systems , 1997, Computer.

[6]  Natsume Matsuzaki,et al.  Key Distribution Protocol for Digital Mobile Communication Systems , 1989, CRYPTO.

[7]  Corrado Priami,et al.  Authentication via localized names , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[8]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[9]  Paul Syverson,et al.  A Taxonomy of Replay Attacks , 1994 .

[10]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[11]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[12]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[13]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[14]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[15]  Gavin Lowe,et al.  Towards a completeness result for model checking of security protocols , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[16]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[17]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[18]  Paul F. Syverson,et al.  A taxonomy of replay attacks [cryptographic protocols] , 1994, Proceedings The Computer Security Foundations Workshop VII.

[19]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[20]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.