Timed model checking of security protocols

We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol. Timing information allows us to study of different attack scenarios. We illustrate the attacks by model checking the protocol using Uppaal. We also present new challenges and threats that arise when considering time.

[1]  Sandro Etalle,et al.  Proof Theory, Transformations, and Logic Programming for Debugging Security Protocols , 2001, LOPSTR.

[2]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[3]  Sandro Etalle,et al.  An Improved Constraint-Based System for the Verification of Security Protocols , 2002, SAS.

[4]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[5]  Enrico Tronci,et al.  Formal Models of Timing Attacks on Web Privacy , 2002, TOSCA.

[6]  Lawrence C. Paulson,et al.  Kerberos Version 4: Inductive Analysis of the Secrecy Goals , 1998, ESORICS.

[7]  David L. Mills Cryptographic Authentication for Real-Time Network Protocols 1,2 , 1997 .

[8]  Neil Evans,et al.  Analysing Time Dependent Security Properties in CSP Using PVS , 2000, ESORICS.

[9]  Roberto Gorrieri,et al.  A Simple Language for Real-Time Cryptographic Protocol Analysis , 2003, ESOP.

[10]  Martín Abadi,et al.  Hiding Names: Private Authentication in the Applied Pi Calculus , 2002, ISSS.

[11]  Joost-Pieter Katoen,et al.  MoDeST - A Modelling and Description Language for Stochastic Timed Systems , 2001, PAPM-PROBMIV.

[12]  Leslie Lamport,et al.  Using Time Instead of Timeout for Fault-Tolerant Distributed Systems. , 1984, TOPL.

[13]  Edward W. Felten,et al.  Timing attacks on Web privacy , 2000, CCS.

[14]  Wang Yi,et al.  UPPAAL - Now, Next, and Future , 2000, MOVEP.

[15]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[16]  Paul Syverson,et al.  A Taxonomy of Replay Attacks , 1994 .

[17]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[18]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[19]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[20]  Giorgio Delzanno,et al.  Automatic Verification of Time Sensitive Cryptographic Protocols , 2004, TACAS.

[21]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[22]  David L. Mills Cryptographic authentication for real-time network protocols , 1997, Networks in Distributed Computing.

[23]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[24]  Marta Z. Kwiatkowska,et al.  Probabilistic symbolic model checking with PRISM: a hybrid approach , 2004, International Journal on Software Tools for Technology Transfer.