A Team Automaton Scenario for the Analysis of Security Properties of Communication Protocols

Formal methods are a popular means to specify and verify security properties of a variety of communication protocols. In this article we take a step towards the use of team automata for the analysis of security aspects in such protocols. To this aim, we define an insecure communication scenario for team automata that is general enough to encompass various communication protocols. We then reformulate the Generalized Non-Deducibility on Compositions schema -originally introduced in the context of process algebrae -in terms of team automata. Based on the resulting team automata framework, we subsequently develop two analysis strategies that can be used to verify security properties of communication protocols. Indeed, the paper concludes with two case studies in which we show how our framework can be used to prove integrity and secrecy in two different settings: We show how integrity is guaranteed in a team automaton model of a particular instance of the Efficient Multi-chained Stream Signature protocol, a communication protocol for signing digital streams that provides some robustness against packet loss, and we show how secrecy is preserved when a member of a multicast group leaves the group in a particular run of the complementary variable approach to the N-Root/Leaf pairwise keys protocol.

[1]  Maurice H. ter Beek,et al.  Team Automata: A Formal Approach to the Modeling of Collaboration Between System Components , 2003 .

[2]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[3]  Roberto Gorrieri,et al.  Classification of Security Properties - Part II: Network Security , 2002, FOSAD.

[4]  Maurice H. ter Beek,et al.  Team Automata Satisfying Compositionality , 2003, FME.

[5]  Jetty Kleijn,et al.  Team Automata for CSCW - A Survey , 2003, Petri Net Technology for Communication-Based Systems.

[6]  Roberto Gorrieri,et al.  Non Interference for the Analysis of Cryptographic Protocols , 2000, ICALP.

[7]  Gabriele Lenzini,et al.  Team Automata for Security: - A Survey - , 2005, SecCo.

[8]  Grzegorz Rozenberg,et al.  Team automata for spatial access control , 2001, ECSCW.

[9]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[10]  Andrea Maggiolo-Schettini,et al.  Weak bisimulation for probabilistic timed automata and applications to security , 2003, First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings..

[11]  Volkmar Lotz,et al.  Formal Security Analysis with Interacting State Machines , 2002, ESORICS.

[12]  Grzegorz Rozenberg,et al.  Synchronizations in Team Automata for Groupware Systems , 2003, Computer Supported Cooperative Work (CSCW).

[13]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[14]  Roberto Gorrieri,et al.  Compositional verification of integrity for digital stream signature protocols , 2003, Third International Conference on Application of Concurrency to System Design, 2003. Proceedings..

[15]  Clarence A. Ellis Team automata for groupware systems , 1997, GROUP '97.

[16]  Gabriele Lenzini,et al.  Team Automata for Security Analysis of Multicast/Broadcast Communication , 2003 .

[17]  Hartmut Ehrig Petri Net Technology for communication-based systems : advances in Petri Nets , 2003 .

[18]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[19]  Gabriele Lenzini,et al.  Team Automata for Security Analysis , 2004 .

[20]  Nancy A. Lynch,et al.  I/O automaton models and proofs for shared-key communication systems , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[21]  Somesh Jha,et al.  Verifying security protocols with Brutus , 2000, TSEM.

[22]  Marinella Petrocchi,et al.  Modelling a Secure Agent with Team Automata , 2006, Electron. Notes Theor. Comput. Sci..

[23]  Roberto Gorrieri,et al.  A simple framework for real-time cryptographic protocol analysis with compositional proof rules , 2004, Sci. Comput. Program..

[24]  Gabriele Lenzini,et al.  Integration of Analysis Techniques in Security and Fault-Tolerance , 2005 .

[25]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[26]  Roberto Gorrieri,et al.  Secrecy in Security Protocols as Non Interference , 1999, Workshop on Secure Architectures and Information Flow.

[27]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[28]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[29]  David von Oheimb Interacting State Machines: A Stateful Approach to Proving Security , 2002, FASec.

[30]  Fabio Martinelli,et al.  Compositional Verification of Secure Streamed Data: A Case Study with EMSS , 2003, ICTCS.

[31]  Andrea Maggiolo-Schettini,et al.  Information Flow Analysis for Probabilistic Timed Automata , 2004, Formal Aspects in Security and Trust.

[32]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[33]  Roberto Gorrieri,et al.  A Classification of Security Properties , 1993 .

[34]  Nancy A. Lynch,et al.  An introduction to input/output automata , 1989 .

[35]  Maurice H. ter Beek,et al.  Modularity for teams of I/O automata , 2005, Inf. Process. Lett..

[36]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[37]  R.,et al.  A Classiication of Security Properties for Process Algebras a Classification of Security Properties for Process Algebras 1 , 2007 .

[38]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[39]  Andrea Maggiolo-Schettini,et al.  Decidability results for parametric probabilistic transition systems with an application to security , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[40]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[41]  Carsten Rudolph,et al.  Role based specification and security analysis of cryptographic protocols using asynchronous product automata , 2002, Proceedings. 13th International Workshop on Database and Expert Systems Applications.

[42]  Fabio Martinelli,et al.  A Uniform Approach for the Definition of Security Properties , 1999, World Congress on Formal Methods.

[43]  Joe Kilian,et al.  One-Round Secure Computation and Secure Autonomous Mobile Agents , 2000, ICALP.

[44]  Diego Latella,et al.  Spider: a Security Model Checker , 2003 .