9,252 research outputs found

    Formal Verification of Security Protocol Implementations: A Survey

    Get PDF
    Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac

    Verifying security protocols by knowledge analysis

    Get PDF
    This paper describes a new interactive method to analyse knowledge of participants involved in security protocols and further to verify the correctness of the protocols. The method can detect attacks and flaws involving interleaving sessions besides normal attacks. The implementation of the method in a generic theorem proving environment, namely Isabelle, makes the verification of protocols mechanical and efficient; it can verify a medium-sized security protocol in less than ten seconds. As an example, the paper finds the flaw in the Needham-Schroeder public key authentication protocol and proves the secure properties and guarantees of the protocol with Lowe's fix to show the effectiveness of this method

    Term-based composition of security protocols

    Full text link
    In the context of security protocol parallel composition, where messages belonging to different protocols can intersect each other, we introduce a new paradigm: term-based composition (i.e. the composition of message components also known as terms). First, we create a protocol specification model by extending the original strand spaces. Then, we provide a term composition algorithm based on which new terms can be constructed. To ensure that security properties are maintained, we introduce the concept of term connections to express the existing connections between terms and encryption contexts. We illustrate the proposed composition process by using two existing protocols.Comment: 2008 IEEE International Conference on Automation, Quality and Testing, Robotics, Cluj-Napoca, Romania, May 2008, pp. 233-238, ISBN 978-1-4244-2576-

    Proof Theory, Transformations, and Logic Programming for Debugging Security Protocols

    Get PDF
    We define a sequent calculus to formally specify, simulate, debug and verify security protocols. In our sequents we distinguish between the current knowledge of principals and the current global state of the session. Hereby, we can describe the operational semantics of principals and of an intruder in a simple and modular way. Furthermore, using proof theoretic tools like the analysis of permutability of rules, we are able to find efficient proof strategies that we prove complete for special classes of security protocols including Needham-Schroeder. Based on the results of this preliminary analysis, we have implemented a Prolog meta-interpreter which allows for rapid prototyping and for checking safety properties of security protocols, and we have applied it for finding error traces and proving correctness of practical examples

    Verifying privacy by little interaction and no process equivalence

    Get PDF
    While machine-assisted verification of classical security goals such as confidentiality and authentication is well-established, it is less mature for recent ones. Electronic voting protocols claim properties such as voter privacy. The most common modelling involves indistinguishability, and is specified via trace equivalence in cryptographic extensions of process calculi. However, it has shown restrictions. We describe a novel model, based on unlinkability between two pieces of information. Specifying it as an extension to the Inductive Method allows us to establish voter privacy without the need for approximation or session bounding. The two models and their latest specifications are contrasted

    Denial-of-Service Resistance in Key Establishment

    Get PDF
    Denial of Service (DoS) attacks are an increasing problem for network connected systems. Key establishment protocols are applications that are particularly vulnerable to DoS attack as they are typically required to perform computationally expensive cryptographic operations in order to authenticate the protocol initiator and to generate the cryptographic keying material that will subsequently be used to secure the communications between initiator and responder. The goal of DoS resistance in key establishment protocols is to ensure that attackers cannot prevent a legitimate initiator and responder deriving cryptographic keys without expending resources beyond a responder-determined threshold. In this work we review the strategies and techniques used to improve resistance to DoS attacks. Three key establishment protocols implementing DoS resistance techniques are critically reviewed and the impact of misapplication of the techniques on DoS resistance is discussed. Recommendations on effectively applying resistance techniques to key establishment protocols are made

    Automated Cryptographic Analysis of the Pedersen Commitment Scheme

    Full text link
    Aiming for strong security assurance, recently there has been an increasing interest in formal verification of cryptographic constructions. This paper presents a mechanised formal verification of the popular Pedersen commitment protocol, proving its security properties of correctness, perfect hiding, and computational binding. To formally verify the protocol, we extended the theory of EasyCrypt, a framework which allows for reasoning in the computational model, to support the discrete logarithm and an abstraction of commitment protocols. Commitments are building blocks of many cryptographic constructions, for example, verifiable secret sharing, zero-knowledge proofs, and e-voting. Our work paves the way for the verification of those more complex constructions.Comment: 12 pages, conference MMM-ACNS 201
    corecore