Partial Order Reduction for Branching Security Protocols

Two extensions of the partial order reduction algorithm of Clarke, Jha and Marrero are presented. The proposed algorithms are suitable for branching security protocols, e.g. optimistic fair contract signing schemes. The first extension is proved to generate a reduced state space which is branching bisimilar to the full state space, while the second extension generates a state space that is trace equivalent to the full state space. Experimental results using an implementation of the algorithms in the toolset of the µCRL process algebra are reported.

[1]  Jianying Zhou,et al.  An intensive survey of fair non-repudiation protocols , 2002, Comput. Commun..

[2]  Jan Friso Groote,et al.  The Syntax and Semantics of μCRL , 1995 .

[3]  Muhammad Torabi Dashti,et al.  Nuovo DRM Paradiso: Designing a Secure, Verified, Fair Exchange DRM Scheme , 2008, Fundam. Informaticae.

[4]  Nadarajah Asokan,et al.  Fairness in electronic commerce , 1998, Research report / RZ / IBM / IBM Research Division / Zürich Research Laboratory.

[5]  Stephan Merz,et al.  Model Checking , 2000 .

[6]  Somesh Jha,et al.  Partial Order Reductions for Security Protocol Verification , 2000, TACAS.

[7]  Sebastian Mödersheim,et al.  Constraint differentiation: A new reduction technique for constraint-based analysis of security protocols , 2003 .

[8]  Somesh Jha,et al.  Verifying security protocols with Brutus , 2000, TSEM.

[9]  Somesh Jha,et al.  Efficient verification of security protocols using partial-order reductions , 2003, International Journal on Software Tools for Technology Transfer.

[10]  Doron A. Peled,et al.  All from One, One for All: on Model Checking Using Representatives , 1993, CAV.

[11]  Muhammad Torabi Dashti,et al.  On the Quest for Impartiality: Design and Analysis of a Fair Non-repudiation Protocol , 2005, ICICS.

[12]  Cas J. F. Cremers,et al.  Checking Secrecy by Means of Partial Order Reduction , 2004, SAM.

[13]  Jean-François Raskin,et al.  A game-based verification of non-repudiation and fair exchange protocols , 2003 .

[14]  Muhammad Torabi Dashti,et al.  Distributed Partial Order Reduction for Security Protocols , 2008, PDMC@CAV.

[15]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[16]  Kim G. Larsen,et al.  To Store or Not to Store , 2003, CAV.

[17]  Vitaly Shmatikov,et al.  Efficient finite-state analysis for large security protocols , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[18]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[19]  Doron A. Peled,et al.  Ten Years of Partial Order Reduction , 1998, CAV.

[20]  Rocco De Nicola,et al.  Three logics for branching bisimulation , 1995, JACM.

[21]  Michael Weber,et al.  "To Store or Not To Store" Reloaded: Reclaiming Memory on Demand , 2006, FMICS/PDMC.

[22]  David A. Basin Lazy Infinite-State Analysis of Security Protocols , 1999, CQRE.

[23]  R. V. Glabbeek The Linear Time - Branching Time Spectrum II: The Semantics of Sequential Systems with Silent Moves , 1993 .

[24]  Jianying Zhou,et al.  An Intensive Survey of Non-Repudiation Protocols , 2002 .

[25]  Jean-François Raskin,et al.  A Game-based Verification of Non-repudiation and Fair Exchange Protocols , 2001, J. Comput. Secur..

[26]  Ralf Küsters,et al.  Constraint Solving for Contract-Signing Protocols , 2005, CONCUR.

[27]  Simona Orzan,et al.  A Framework for Automatically Checking Anonymity with mu CRL , 2006, TGC.

[28]  Simona Orzan,et al.  Distributed Analysis with mu CRL: A Compendium of Case Studies , 2007, TACAS.

[29]  Wojciech Penczek,et al.  A partial order approach to branching time logic model checking , 1995, Proceedings Third Israel Symposium on the Theory of Computing and Systems.

[30]  Doron A. Peled Partial order reduction: Linear and branching temporal logics and process algebras , 1996, Partial Order Methods in Verification.

[31]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[32]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1999 .

[33]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[34]  Jan Friso Groote,et al.  The Syntax and Semantics of mCRL , 1994 .

[35]  Rob J. van Glabbeek,et al.  Branching time and abstraction in bisimulation semantics , 1996, JACM.

[36]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[37]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[38]  Vitaly Shmatikov,et al.  Constraint solving for bounded-process cryptographic protocol analysis , 2001, CCS '01.

[39]  Muhammad Torabi Dashti,et al.  An intruder model for verifying liveness in security protocols , 2006, FMSE '06.

[40]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[41]  Annapaola Marconi,et al.  Automated Composition of Web Services by Planning at the Knowledge Level , 2005, IJCAI.

[42]  Rob J. van Glabbeek,et al.  The Linear Time - Branching Time Spectrum II , 1993, CONCUR.

[43]  Jan Friso Groote,et al.  µCRL: A Toolset for Analysing Algebraic Specifications , 2001, CAV.

[44]  Hugo Jonker,et al.  Nuovo DRM Paradiso : formal specification and verification of a DRM protocol , 2006 .

[45]  Piergiorgio Bertoli,et al.  Automated composition of Web services via planning in asynchronous domains , 2005, Artif. Intell..

[46]  Sebastian Mödersheim,et al.  CDiff: a new reduction technique for constraint-based analysis of security protocols , 2003, CCS '03.

[47]  Richard M. Karp,et al.  On the Security of Ping-Pong Protocols , 1982, Inf. Control..

[48]  Gerard J. Holzmann,et al.  Partial Order Methods in Verification , 1997 .