Abstractions for Security Protocol Verification

We present a large class of security protocol abstractions with the aim of improving the scope and efficiency of verification tools. We propose typed abstractions, which transform a term's structure based on its type, and untyped abstractions, which remove atomic messages, variables, and redundant terms. Our theory improves on previous work by supporting a useful subclass of shallow subterm-convergent rewrite theories, user-defined types, and untyped variables to cover type flaw attacks. We prove soundness results for an expressive property language that includes secrecy and authentication. Applying our abstractions to realistic IETF protocol models, we achieve dramatic speedups and extend the scope of several modern security protocol analyzers.

[1]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[2]  Jari Arkko,et al.  Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA') , 2009, RFC.

[3]  David A. Basin,et al.  Refining Key Establishment , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[4]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[5]  Agostino Cortesi,et al.  A calculus of challenges and responses , 2007, FMSE '07.

[6]  Jürgen Giesl,et al.  Automatic Termination Proofs in the Dependency Pair Framework , 2006, IJCAR.

[7]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[8]  Gavin Lowe,et al.  Fault-Preserving Simplifying Transformations for Security Protocols , 2001, J. Comput. Secur..

[9]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[10]  Alessandro Armando,et al.  SATMC: a SAT-based model checker for security protocols, business processes, and security APIs , 2004, International Journal on Software Tools for Technology Transfer.

[11]  Christoph Sprenger,et al.  Developing security protocols by refinement , 2010, CCS '10.

[12]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[13]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[14]  David A. Basin,et al.  Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[15]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[16]  Francisco Durán,et al.  A Church-Rosser Checker Tool for Conditional Order-Sorted Equational Maude Specifications , 2010, WRLA.

[17]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[18]  Steve A. Schneider,et al.  Specifying Authentication Using Signal Events in CSP , 2005, CISC.

[19]  Sebastian Mödersheim,et al.  Typing and Compositionality for Security Protocols: A Generalization to the Geometric Fragment , 2015, ESORICS.

[20]  Bruno Blanchet Security protocols: from linear to classical logic by abstract interpretation , 2005, Inf. Process. Lett..

[21]  Marie Duflot,et al.  Bounding Messages for Free in Security Protocols , 2007, FSTTCS.

[22]  Cas J. F. Cremers,et al.  Key Exchange in IPsec Revisited: Formal Analysis of IKEv1 and IKEv2 , 2011, ESORICS.

[23]  Mark Ryan,et al.  StatVerif: Verification of Stateful Processes , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[24]  Cas J. F. Cremers,et al.  Operational Semantics and Verification of Security Protocols , 2012, Information Security and Cryptography.

[25]  Erik P. de Vink,et al.  Injective synchronisation: An extension of the authentication hierarchy , 2006, Theor. Comput. Sci..

[26]  Christoph Sprenger,et al.  Sound Security Protocol Transformations , 2013, POST.

[28]  Joshua D. Guttman Security Goals and Protocol Transformations , 2011, TOSCA.

[29]  José Meseguer,et al.  Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties , 2009, FOSAD.

[30]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[31]  Jari Arkko,et al.  Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) , 2006, RFC.

[32]  Joshua D. Guttman Transformations between Cryptographic Protocols , 2009, ARSPA-WITS.

[33]  Hélène Kirchner,et al.  Completion of a Set of Rules Modulo a Set of Equations , 1986, SIAM J. Comput..

[34]  John C. Mitchell,et al.  Abstraction and refinement in protocol derivation , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[35]  José Meseguer,et al.  Folding variant narrowing and optimal variant termination , 2010, J. Log. Algebraic Methods Program..

[36]  Dusko Pavlovic,et al.  Deriving Secrecy in Key Establishment Protocols , 2006, ESORICS.

[37]  Joshua D. Guttman Establishing and preserving protocol security goals , 2014, J. Comput. Secur..

[38]  John C. Mitchell,et al.  A derivation system and compositional logic for security protocols , 2005, J. Comput. Secur..

[39]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[40]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[41]  Mathieu Turuani,et al.  The CL-Atse Protocol Analyser , 2006, RTA.

[42]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[43]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[44]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[45]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[46]  Sebastian Mödersheim,et al.  The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures , 2012, TACAS.

[47]  Alessandro Armando,et al.  SAT-based model-checking for security protocols analysis , 2008, International Journal of Information Security.

[48]  David A. Basin,et al.  Refining Authenticated Key Agreement with Strong Adversaries , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).