Timed Analysis of Security Protocols

We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol, where timing information allows the study of different attack scenarios. We model check the protocols using UPPAAL. Further, a taxonomy is obtained by studying and categorising protocols from the well known Clark Jacob library and the Security Protocol Open Repository (SPORE) library. Finally, we present some new challenges and threats that arise when considering time in the analysis, by providing a novel protocol that uses time challenges and exposing a timing attack over an implementation of an existing security protocol

A Multiset Rewriting Model for Specifying and Verifying Timing Aspects of Security Protocols

Catherine Meadows has played an important role in the advancement of formal methods for protocol security verification. Her insights on the use of, for example, narrowing and rewriting logic has made possible the automated discovery of new attacks and the shaping of new protocols. Meadows has also investigated other security aspects, such as, distance-bounding protocols and denial of service attacks. We have been greatly inspired by her work. This paper describes the use of Multiset Rewriting for the specification and verification of timing aspects of protocols, such as network delays, timeouts, timed intruder models and distance-bounding properties. We detail these timed features with a number of examples and describe decidable fragments of related verification problems

Sound reasoning in tock-CSP

Specifying budgets and deadlines using a process algebra like CSP requires an explicit notion of time. The tock-CSP encoding embeds a rich and flexible approach for modelling discrete-time behaviours with powerful tool support. It uses an event tock, interpreted to mark passage of time. Analysis, however, has traditionally used the standard semantics of CSP, which is inadequate for reasoning about timed refinement. The most recent version of the model checker FDR provides tailored support for tock-CSP, including specific operators, but the standard semantics remains inadequate. In this paper, we characterise tock-CSP as a language in its own right, rich enough to model budgets and deadlines, and reason about Zeno behaviour. We present the first sound tailored semantic model for tock-CSP that captures timewise refinement. It is fully mechanised in Isabelle/HOL and, to enable use of FDR4 to check refinement in this novel model, we use model shifting, which is a technique that explicitly encodes refusals in traces

Analysing Time Dependent Security Properties in CSP using PVS

This paper details an approach to verifying time dependent authentication properties of security protocols. We discuss the introduction of time into the Communicating Sequential Processes (CSP) protocol verification framework of [10]. The embedding of CSP in the theorem prover PVS (Prototype Verification System) is extended to incorporate eventbased time, retaining the use of the existing rank function approach to verify such properties. An example analysis is demonstrated using the Wide-Mouthed Frog protocol. 1 Introduction There are many methods that model and analyse security policies of distributed systems. Typically, the policies concerning communication are achieved using security protocols in which the agents of a system are trusted to provide a degree of secure communication across the system's network. The complexity of security protocols and the size of distributed systems have often been too great for analyses without a great deal of abstraction. This can lead to o..

Verification of timed process algebra and beyond

Ph.DDOCTOR OF PHILOSOPH

Aspects of Modeling and Verifying Secure Procedures

Security protocols are specifications for exchanging messages on a possibly insecure network. They aim at achieving some security goals (eg authenticating the parties involved in a communication, or preserving confidentiality of certain messages) preventing some malicious party to achieve advantages for its own. Goals of security protocols are generally achieved through the use of cryptography, the art of writing in secret characters, not comprehensible to anyone but the sender and the intended recipient. There is however a branch, in the computer science community, that, among its wide field of activities, aims at studying possible attacks on secure procedures without breaking cryptography, eg by manipulating some of the exchanged messages. This is the formal methods community, with an eye for security. This thesis mainly investigates the formal modeling and analysis of security protocols, both with finite and non finite behaviour, both within a process-algebraic and an automata framework. Real life protocols for signing and protecting digital contents and for giving assurance about authentic correspondences will be specified by means of the above cited formalisms, and some of their properties will be verified by means of formal proofs and automated tools. The original contributions of this thesis are the following. Within the framework of a formal modeling and verification of security protocols, we have applied an automated tool to better understand some secure mechanisms for the delivery of electronic documents. This has given us a deep insight on revealing the effects of omitted (or even erroneously implemented) security checks. Furthermore, a formal framework for modeling and analysing secure multicast and wireless communication protocols has been proposed. The analysis is mostly based on some new compositional principles giving sufficient conditions for safely composing an arbitrary number of components within a unique system. Also, steps towards providing the Team Automata formalism (TA) with a framework for security analysis have been taken. Within the framework, we model and analyse integrity and privacy properties, contributing to testify the expressive power and modelling capabilities of TA