Formal verification of security protocols using Spin

Security protocols are the key to ensure network security. In the context of the state of the art, so many methods have been developed to analyze the security properties of security protocols, such as Ban logic, theorem proving and model checking etc. This paper used model checking method to formally verify security protocols because of its high degree of automation, briefness and effectiveness. The model checker Spin with sound algorithm design has an extraordinary ability of checking and a good support for LTL. This paper studied the use of Spin on security protocols, and proposed a more effective intruder model to formally verify the security properties of security protocols, such as authentication. The method in this paper decreased the number of model states by a wide margin, and avoided the state space explosion effectively. This paper exampled NSPK protocol and DS protocol, and good experimental results were shown.

[1]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[2]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[3]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[4]  Riccardo Sisto,et al.  Using SPIN to Verify Security Properties of Cryptographic Protocols , 2002, SPIN.

[5]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[6]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[7]  Qing Si-han Twenty Years Development of Security Protocols Research , 2003 .

[8]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[10]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[11]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[12]  Feng Liu,et al.  ASM-SPV: A Model Checker for Security Protocols , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[13]  Qing Si Twenty Years Development of Security Protocols Research , 2003 .

[14]  Ratan K. Guha,et al.  Understanding the intruder through attacks on cryptographic protocols , 2006, ACM-SE 44.

[15]  Mark Ryan,et al.  StatVerif: Verification of Stateful Processes , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[16]  Noomene Ben Henda,et al.  Generic and efficient attacker models in SPIN , 2014, SPIN.

[17]  Stephan Merz,et al.  Model Checking , 2000 .

[18]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).