Using state space exploration and a natural deduction style message derivation engine to verify security protocols

As more resources are added to computer networks, and as more vendors look to the World Wide Web as a viable marketplace, the importance of being able to restrict access and to insure some kind of acceptable behavior even in the presence of malicious adversaries becomes paramount. Many researchers have proposed the use of security protocols to provide these security guarantees. In this paper, we develop a method of verifying these protocols using a special purpose model checker which executes an exhaustive state space search of a protocol model. Our tool also includes a natural deduction style derivation engine which models the capabilities of the adversary trying to attack the protocol. Because our models are necessarily abstractions, we cannot prove a protocol correct. However, our tool is extremely useful as a debugger. We have used our tool to analyze 14 different authentication protocols, and have found the previously reported attacks for them.

[1]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[2]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[3]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[4]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[5]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[6]  A W Roscoe Intensional Speciications of Security Protocols , 1998 .

[7]  Olivier Bonaventure,et al.  Specification and verification of a TTP protocol for the conditional access to services , 1996 .

[8]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[9]  Dan Craigen,et al.  Using EVES to Analyze Authentication Protocols , 1996 .

[10]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[11]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[12]  D. Prawitz Natural Deduction: A Proof-Theoretical Study , 1965 .

[13]  Rajashekar Kailar Accountability in Electronic Commerce Protocols , 1996, IEEE Trans. Software Eng..

[14]  Jeannette M. Wing,et al.  Fast, automatic checking of security protocols , 1996 .

[15]  Somesh Jha,et al.  Model Checking for Security Protocols , 1997 .

[16]  Steve A. Schneider Security properties and CSP , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[17]  James W. Gray,et al.  Using temporal logic to specify and verify cryptographic protocols , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[18]  A. W. Roscoe Intensional specifications of security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[19]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[20]  J. Doug Tygar,et al.  A Model for Secure Protocols and Their Compositions , 1996, IEEE Trans. Software Eng..

[21]  Doron A. Peled,et al.  All from One, One for All: on Model Checking Using Representatives , 1993, CAV.

[22]  Victor Shoup,et al.  Session Key Distribution Using Smart Cards , 1996, EUROCRYPT.

[23]  Jeannette M. Wing,et al.  Model checking electronic commerce protocols , 1996 .

[24]  Jonathan K. Millen,et al.  The Interrogator model , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[25]  Paul Pettersson,et al.  Tools and Algorithms for the Construction and Analysis of Systems: 28th International Conference, TACAS 2022, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022, Munich, Germany, April 2–7, 2022, Proceedings, Part II , 1998, TACAS.

[26]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[27]  Dominique Bolignano An Approach to the Formal Veriication of Cryptographic Protocols , 1996 .

[28]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[29]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[30]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[31]  Catherine A. Meadows A model of computation for the NRL Protocol Analyzer , 1994, Proceedings The Computer Security Foundations Workshop VII.

[32]  Dominique Bolignano An approach to the formal verification of cryptographic protocols , 1996, CCS '96.