Formal specification and analysis of the Group Domain Of Interpretation Protocol using NPATRL and the NRL Protocol Analyzer

Although research has been going on in the formal analysis of cryptographic protocols for a number of years, they are only slowly being integrated into the protocol design process. In this paper we describe how we furthered the integration of analysis and design by working closely with the Multicast Security Working Group in the Internet Engineering Task Force on the analysis of a proposed Internet Standard, the Group Domain Of Interpretation (GDOI) Protocol. We describe the challenges that had to be met before the analysis could be successfully completed, and some of the challenges that still remain. Perhaps not surprisingly, some of the most challenging work was in understanding the security requirements for group protocols in general. We give a detailed specification of the requirements for GDOI, describe our formal analysis of the protocol with respect to these requirements, and show how our analysis impacted the development of GDOI.

[1]  Catherine A. Meadows,et al.  A Formal Language for Cryptographic Protocol Requirements , 1996, Des. Codes Cryptogr..

[2]  Catherine A. Meadows,et al.  A model of computation for the NRL Protocol Analyzer , 1994, Proceedings The Computer Security Foundations Workshop VII.

[3]  Brian Weis,et al.  Group Domain of Interpretation for ISAKMP , 2001 .

[4]  Naganand Doraswamy,et al.  Ipsec: the new security standard for the internet , 1999 .

[5]  Catherine A. Meadows,et al.  A Formal Specification of Requirements for Payment Transactions in the SET Protocol , 1998, Financial Cryptography.

[6]  Max J. Cresswell,et al.  A New Introduction to Modal Logic , 1998 .

[7]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[8]  Catherine A. Meadows,et al.  A Cost-Based Framework for Analysis of Denial of Service Networks , 2001, J. Comput. Secur..

[9]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[10]  Catherine A. Meadows,et al.  A logical language for specifying cryptographic protocol requirements , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Catherine Meadows Identifying Potential Type Confusion in Authenticated Messages , 2002 .

[12]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[13]  R. Goldblatt Logics of Time and Computation , 1987 .

[14]  Amir Pnueli,et al.  The Glory of the Past , 1985, Logic of Programs.

[15]  Paul Gastin,et al.  Fast LTL to Büchi Automata Translation , 2001, CAV.

[16]  Paul Syverson,et al.  A formal language for cryptographic protocol requirements , 1996 .

[17]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[18]  Gavin Lowe,et al.  How to prevent type flaw attacks on security protocols , 2003 .

[19]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[20]  Catherine A. Meadows,et al.  Formal Requirements for Key Distribution Protocols , 1994, EUROCRYPT.

[21]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..