Automatic verification of protocols with lists of unbounded length

We present a novel automatic technique for proving secrecy and authentication properties for security protocols that manipulate lists of unbounded length, for an unbounded number of sessions. This result is achieved by extending the Horn clause approach of the automatic protocol verifier ProVerif. We extend the Horn clauses to be able to represent lists of unbounded length. We adapt the resolution algorithm to handle the new class of Horn clauses, and prove the soundness of this new algorithm. We have implemented our algorithm and successfully tested it on several protocol examples, including XML protocols coming from web services.

[1]  Michaël Rusinowitch,et al.  Decidable Analysis for a Class of Cryptographic Group Protocols with Unbounded Lists , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[2]  Mathieu Turuani,et al.  Constraints-based Verification of Parameterized Cryptographic Protocols. , 2008 .

[3]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[4]  Steve A. Schneider,et al.  Recursive Authentication Protocol , 2009 .

[5]  Lawrence C. Paulson,et al.  Mechanized proofs for a recursive authentication protocol , 1997, Proceedings 10th Computer Security Foundations Workshop.

[6]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[7]  Andrew D. Gordon,et al.  TulaFale: A Security Tool for Web Services , 2003, FMCO.

[8]  Andrew D. Gordon,et al.  A semantics for web services authentication , 2004, Theor. Comput. Sci..

[9]  Michael McIntosh,et al.  XML signature element wrapping attacks and countermeasures , 2005, SWS '05.

[10]  Ullrich Hustadt,et al.  A New Clausal Class Decidable by Hyperresolution , 2002, CADE.

[11]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[12]  Gavin Lowe,et al.  A Hierarchy of Authentication Speci fi cations , 2008 .

[13]  Ralf Küsters,et al.  On the Automatic Analysis of Recursive Security Protocols with XOR , 2007, STACS.

[14]  Bruno Blanchet,et al.  Verification of security protocols with lists: From length one to unbounded length , 2012, J. Comput. Secur..

[15]  Tomasz Truderung Selecting Theories and Recursive Protocols , 2005, CONCUR.

[16]  Bill Roscoe,et al.  Web Services Security: a preliminary study using Casper and FDR , 2004 .

[17]  A. W. Roscoe,et al.  On the Relationship Between Web Services Security and Traditional Protocols , 2005, MFPS.

[18]  Allen Brown SOAP Security Extensions: Digital Signature , 2001 .

[19]  Bruno Blanchet,et al.  Using Horn Clauses for Analyzing Security Protocols , 2011, Formal Models and Techniques for Analyzing Security Protocols.

[20]  Harald Ganzinger,et al.  Resolution Theorem Proving , 2001, Handbook of Automated Reasoning.

[21]  N. Asokan,et al.  Key agreement in ad hoc networks , 2000, Comput. Commun..

[22]  Sebastian Mödersheim,et al.  Symbolic and Cryptographic Analysis of the Secure WS-ReliableMessaging Scenario , 2006, IACR Cryptol. ePrint Arch..