Generic and efficient attacker models in SPIN

In telecommunication networks, it is common that security protocol procedures rely on context information and other parameters of the global system state. Current security ver- ification tools are well suited for analyzing protocols in iso- lation and it is not clear how they can be used for protocols intended to be run in more“dynamic”settings. Think of pro- tocol procedures sharing parameters, arbitrarily interleaved or used as building blocks in more complex compound proce- dures. SPIN is a well established general purpose verification tool that has good support for modeling such systems. In contrast to specialized tools, SPIN lacks support for crypto- graphic primitives and intruder model which are necessary for checking security properties. We consider a special class of security protocols that fit well in the SPIN framework. Our modeling method is systematic, generic and efficient enough so that SPIN could find all the expected attacks on several of the classical key distribution protocols.

[1]  Martín Abadi,et al.  Just fast keying in the pi calculus , 2004, TSEC.

[2]  Margo McCall,et al.  IEEE Computer Society , 2019, Encyclopedia of Software Engineering.

[3]  Markus Jakobsson,et al.  Security Weaknesses in Bluetooth , 2001, CT-RSA.

[4]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[5]  Susanne Wetzel,et al.  Symbolic Analysis for Security of Roaming Protocols in Mobile Networks - [Extended Abstract] , 2011, SecureComm.

[6]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[7]  Cas J. F. Cremers Session-state Reveal Is Stronger Than Ephemeral Key Reveal: Attacking the NAXOS Authenticated Key Exchange Protocol , 2009, ACNS.

[8]  14th IEEE Computer Security Foundations Workshop (CSFW-14 2001), 11-13 June 2001, Cape Breton, Nova Scotia, Canada , 2001, CSFW.

[9]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[10]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[11]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[12]  Madhavan Mukund,et al.  Generic Verification of Security Protocols , 2005, SPIN.

[13]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[14]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[15]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[16]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[17]  Cas J. F. Cremers,et al.  Key Exchange in IPsec Revisited: Formal Analysis of IKEv1 and IKEv2 , 2011, ESORICS.

[18]  Natsume Matsuzaki,et al.  Key Distribution Protocol for Digital Mobile Communication Systems , 1989, CRYPTO.

[19]  Cas J. F. Cremers,et al.  Operational Semantics and Verification of Security Protocols , 2012, Information Security and Cryptography.

[20]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[21]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[22]  John C. Mitchell,et al.  Multiset rewriting and the complexity of bounded security protocols , 2004, J. Comput. Secur..

[23]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[24]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[25]  Riccardo Sisto,et al.  Using SPIN to Verify Security Properties of Cryptographic Protocols , 2002, SPIN.