Slede: a domain-specific verification framework for sensor network security protocol implementations

Finding flaws in security protocol implementations is hard. Finding flaws in the implementations of sensor network security protocols is even harder because they are designed to protect against more system failures compared to traditional protocols. Formal verification techniques such as model checking, theorem proving, etc, have been very successful in the past in detecting faults in security protocol specifications; however, they generally require that a formal description of the protocol, often called model, is developed before the verification can start. There are three factors that make model construction, and as a result, formal verification is hard. First, knowledge of the specialized language used to construct the model is necessary. Second, upfront effort is required to produce an artifact that is only useful during verification, which might be considered wasteful by some, and third, manual model construction is error prone and may lead to inconsistencies between the implementation and the model. The key contribution of this work is an approach for automated formal verification of sensor network security protocols. Technical underpinnings of our approach includes a technique for automatically extracting a model from the nesC implementations of a security protocol, a technique for composing this extracted model with models of intrusion and network topologies, and a technique for translating the results of the verification process to domain terms. Our approach is sound and complete within bounds, i.e. if it reports a fault scenario for a protocol, there is indeed a fault and our framework terminates for a network topology of given size; otherwise no faults in the protocol are present that can be exploited in the network topology of that size or less using the given intrusion model. Our approach also does not require upfront model construction, which significantly decreases the cost of verification

Verifying Computation Tree Logic of Knowledge via Knowledge-Oriented Petri Nets and Ordered Binary Decision Diagrams

Computation Tree Logic of Knowledge (CTLK) can specify many requirements of privacy and security of multi-agent systems (MAS). In our previous papers, we defined Knowledge-oriented Petri Net (KPN) to model MAS, proposed similar reachability graph to verify CTLK, gave their model checking algorithms and developed a related tool. In this paper, we use the technique of Ordered Binary Decision Diagrams (OBDD) to encode similar reachability graph in order to alleviate the state explosion problem, and verify more epistemic operators of CTLK. We design the corresponding symbolic model checking algorithms and improve our tool. We compare our model and method with MCMAS that is the state-of-the-art CTLK model checker, and experiments illustrate the advantages of our model and method. We also explain the reasons why our model and method can obtain better performances

Extending cryptographic logics of belief to key agreement protocols

The authentication logic of Burrows, Abadi and Needham (BAN) provided an important step towards rigorous analysis of authentication protocols, and has motivated several subsequent refinements. We propose extensions to BAN-like logics which facilitate, for the first time, examination of public-key based authenticated key establishment protocols in which both parties contribute to the derived key (i.e. key agreement protocols). Attention is focussed on six distinct generic goals for authenticated key establishment protocols. The extended logic is used to analyze three Diffie-Hellman based key agreement protocols, facilitating direct comparison of these protocols with respect to formal goals reached and formal assumptions required

Analysis of Selected Security Protocols

Předmětem této diplomové práce je studium dostupných bezpečnostních protokolů a nástrojů sloužících k jejich verifikaci. První část práce se krátce věnuje popisu pojmů souvisejících s oblastí bezpečnostních protokolů a verifikačních logik. Druhá část již přímo uvádí jednotlivé protokoly spolu s nalezenými útoky a chybami v návrhu. V další kapitole jsou detailněji popsány nejdůležitější nástroje pro automatickou analýzu bezpečnostních protokolů. Hlavní část práce se zabývá verifikací vybraných bezpečnostních protokolů ve zvoleném nástroji Scyther. Na závěr jsou uvedeny příklady víceprotokolových útoků spolu s přehledovou tabulkou.The subject of this thesis is to study available security protocols and tools for their verification. The first part is devoted to briefly describe the concepts related to the area of security protocols and verification logics. The second part directly lists various protocols, along with attacks and errors found in design. Next chapter describes the most important tools for automatic analysis of security protocols in more detail. The main part deals with verification of security protocols selected in the chosen tool called Scyther. In conclusion, examples of multiprotocol attacks along with a summary table are displayed.

Defining an approximation to formally verify cryptographic protocols

Electronic forms of communication are abundant in todays world, and much emphasis is placed on these methods of communication in every day life. In order to guarantee the secrecy and authenticity of information exchanged, it is vital to formally verify the cryptographic protocols used in these forms of communications. This verification does, however, present many challenges. The systems to verify are infinite, with an infinite number of sessions and of p articipants. As if this was not enough, there is also a reactive element to deal with: th e intruder. The intruder will attack the protocol to achieve his goal: usurping identity, stealing confidential information, etc. His behavior is unpredictable! This thesis describes a method of verification based 011 the verification of systems by approximation. Starting from an initial configuration of the network, an overapproximation of the set of messages exchanged is automatically computed. Secrecy and authentication properties can then be checked on the approximated system. Starting from an existing semi-automatic proof method developed by Genet and Klay, an automatic solution is developed. Starting from an existing semi-automatic proof method developed by Genet and Klay, an automatic solution is developed. This thesis defines a particular approximation function that can be generated automatically and that guarantees that the computation of the approximated system terminates. Th e verification by approximation only tells if properties are verified. When the verification fails no conclusion can be drawn on the property. Thus, this thesis also shows how the approximation technique can easily be combined with another verification technique to combine the strengths of both approaches. Finally, the tool developed to validate these developments and the results of cryptographic protocol verifications carried out in the course of this research are included

Automated security analysis of payment protocols

Thesis (Ph. D. in the Field of Computer Engineering)--Massachusetts Institute of Technology, Dept. of Civil and Environmental Engineering, 2012.Cataloged from PDF version of thesis.Includes bibliographical references (p. 173-182).Formal analyses have been used for payment protocol design and verification but, despite developments in semantics and expressiveness, previous literature has placed little emphasis on the automation aspects of the proof systems. This research develops an automated analysis framework for payment protocols called PTGPA. PTGPA combines the techniques of formal analysis as well as the decidability afforded by theory generation, a general-purpose framework for automated reasoning. A comprehensive and self-contained proof system called TGPay is first developed. TGPay introduces novel developments and refinements in the formal language and inference rules that conform to the prerequisites of theory generation. These target desired properties in payment systems such as confidentiality, integrity, authentication, freshness, acknowledgement and non-repudiation. Common security primitives such as encryption, decryption, digital signatures, message digests, message authentication codes and X.509 certificates are modeled. Using TGPay, PTGPA performs analyses of payment protocols under two scenarios in full automation. An Alpha-Scenario is one in which a candidate protocol runs in a perfect environment without attacks from any intruders. The candidate protocol is correct if and only if all pre-conditions and post-conditions are met. PTGPA models actions and knowledge sets of intruders in a second, modified protocol that represents an attack scenario. This second protocol, called a Beta-Scenario, is obtained mechanically from the original candidate protocol, by applying a set of elementary capabilities from a Dolev-Yao intruder model. This thesis includes a number of case studies to demonstrate the feasibility and benefits of the proposed framework. Automated analyses of real-world bank card payment protocols as well as newly proposed contactless mobile payment protocols are presented. Security flaws are identified in some of the protocols; their causes and implications are addressed.by Enyang Huang.Ph.D.in the Field of Computer Engineerin

Facilitating the modelling and automated analysis of cryptographic protocols

Includes bibliographical references.Multi-dimensional security protocol engineering is effective for creating cryptographic protocols since it encompasses a variety of design, analysis and deployment techniques, thereby providing a higher level of confidence than individual approaches. SPEAR II, the Security Protocol Engineering and Analysis Resource n, is a protocol engineering tool built on the foundation of previous experience garnered during the SPEAR I project in 1997. The goal of the SPEAR II tool is to facilitate cryptographic protocol engineering and aid users in distilling the critical issues during an engineering session by presenting them with an appropriate level of detail and guiding them as much as possible. The SPEAR II tool currently consists of four components that have been created as part of this dissertation and integrated into one consistent and unified graphical interface: a protocol specification environment (GYPSIE), a GNY statement construction interface (Visual GNY), a Prolog-based GNY analysis engine (GYNGER) and a message rounds calculator