SeVe: automatic tool for verification of security protocols

Security protocols play more and more important roles with wide use in many applications nowadays. Currently, there are many tools for specifying and verifying security protocols such as Casper/FDR, ProVerif, or AVISPA. In these tools, the intruder’s ability, which either needs to be specified explicitly or set by default, is not flexible in some circumstances. Moreover, whereas most of the existing tools focus on secrecy and authentication properties, few supports privacy properties like anonymity, receipt freeness, and coercion resistance, which are crucial in many applications such as in electronic voting systems or anonymous online transactions.In this paper, we introduce a framework for specifying security protocols in the labeled transition system (LTS) semantics model, which embeds the knowledge of the participants and parameterizes the ability of an attacker. Using this model, we give the formal definitions for three types of privacy properties based on trace equivalence and knowledge reasoning. The formal definitions for some other security properties, such as secrecy and authentication, are introduced under this framework, and the verification algorithms are also given. The results of this paper are embodied in the implementation of a SeVe module in a process analysis toolkit (PAT) model checker, which supports specifying, simulating, and verifying security protocols. The experimental results show that a SeVe module is capable of verifying many types of security protocols and complements the state-of-the-art security verifiers in several aspects. Moreover, it also proves the ability in building an automatic verifier for security protocols related to privacy type, which are mostly verified by hand now.

[1]  Jin Song Dong,et al.  An Object Semantic Model of SOFL , 1999, IFM.

[2]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[3]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[4]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[5]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[6]  Yanhong A. Liu,et al.  Model Checking Linearizability via Refinement , 2009, FM.

[7]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[8]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9]  Tatsuaki Okamoto,et al.  An electronic voting scheme , 1996, IFIP World Conference on IT Tools.

[10]  Martín Abadi,et al.  Computer-Assisted Verification of a Protocol for Certified Email , 2003, SAS.

[11]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[13]  Jun Sun,et al.  PAT: Towards Flexible Verification under Fairness , 2009, CAV.

[14]  Erik P. de Vink,et al.  Formalising Receipt-Freeness , 2006, ISC.

[15]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[16]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[17]  Dieter Gollmann,et al.  A fair non-repudiation protocol , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[18]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[19]  Jun Sun,et al.  Specifying and Verifying Event-Based Fairness Enhanced Systems , 2008, ICFEM.

[20]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[21]  Frédéric Cuppens,et al.  Proceedings of the 6th European Symposium on Research in Computer Security , 1994 .

[22]  Michael Backes,et al.  Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[23]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[24]  Jin Song Dong,et al.  Blending Object-Z and Timed CSP: an introduction to TCOZ , 1998, Proceedings of the 20th International Conference on Software Engineering.

[25]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[26]  Mathieu Turuani,et al.  The CL-Atse Protocol Analyser , 2006, RTA.

[27]  Peter Y. A. Ryan,et al.  The modelling and analysis of security protocols: the csp approach , 2000 .

[28]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[29]  Erik P. de Vink,et al.  A Formalization of Anonymity and Onion Routing , 2004, ESORICS.

[30]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[31]  R. Jalili,et al.  Using CSP to model and analyze Transmission Control Protocol vulnerabilities within the broadcast network , 2004, 2004 International Networking and Communication Conference.

[32]  Jun Pang,et al.  Analysis of a Receipt-Free Auction Protocol in the Applied Pi Calculus , 2010, Formal Aspects in Security and Trust.

[33]  Andrew William Roscoe,et al.  Model-checking CSP , 1994 .

[34]  Jin Song Dong,et al.  Timed Communicating Object Z , 2000, IEEE Trans. Software Eng..

[35]  Steve A. Schneider,et al.  Verifying Security Protocols: An Application of CSP , 2004, 25 Years Communicating Sequential Processes.

[36]  Martín Abadi,et al.  Hiding Names: Private Authentication in the Applied Pi Calculus , 2002, ISSS.

[37]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[38]  Shaoying Liu SOFL: a formal engineering methodology for industrial applications , 1997, Proceedings of ISRE '97: 3rd IEEE International Symposium on Requirements Engineering.

[39]  Sebastian Mödersheim,et al.  An On-the-Fly Model-Checker for Security Protocol Analysis , 2003, ESORICS.

[40]  Jun Pang,et al.  How to Work with Honest but Curious Judges? (Preliminary Report) , 2009, SECCO.

[41]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[42]  Byoungcheon Lee,et al.  Providing Receipt-Freeness in Mixnet-Based Voting Protocols , 2003, ICISC.

[43]  Lawrence C. Paulson,et al.  Kerberos Version 4: Inductive Analysis of the Secrecy Goals , 1998, ESORICS.