7 research outputs found
A Program Logic for Verifying Secure Routing Protocols
The Internet, as it stands today, is highly vulnerable to attacks. However,
little has been done to understand and verify the formal security guarantees of
proposed secure inter-domain routing protocols, such as Secure BGP (S-BGP). In
this paper, we develop a sound program logic for SANDLog-a declarative
specification language for secure routing protocols for verifying properties of
these protocols. We prove invariant properties of SANDLog programs that run in
an adversarial environment. As a step towards automated verification, we
implement a verification condition generator (VCGen) to automatically extract
proof obligations. VCGen is integrated into a compiler for SANDLog that can
generate executable protocol implementations; and thus, both verification and
empirical evaluation of secure routing protocols can be carried out in this
unified framework. To validate our framework, we encoded several proposed
secure routing mechanisms in SANDLog, verified variants of path authenticity
properties by manually discharging the generated verification conditions in
Coq, and generated executable code based on SANDLog specification and ran the
code in simulation
A semantic analysis of key management protocols for wireless sensor networks
Gorrieri and Martinelli's timed Generalized Non-Deducibility on Compositions (tGNDC) schema is a well-known general framework for the formal verification of security protocols in a concurrent scenario. We generalise the tGNDC schema to verify wireless network security protocols. Our generalisation relies on a simple timed broadcasting process calculus whose operational semantics is given in terms of a labelled transition system which is used to derive a standard simulation theory. We apply our tGNDC framework to perform a security analysis of three well-known key management protocols for wireless sensor networks: \u3bcTESLA, LEAP+ and LiSP
A semantic analysis of key management protocols for wireless sensor networks
Abstract Gorrieri and Martinelli's timed Generalized Non-Deducibility on Compositions (tGNDC) schema is a well-known general framework for the formal verification of security protocols in a concurrent scenario. We generalise the tGNDC schema to verify wireless network security protocols. Our generalisation relies on a simple timed broadcasting process calculus whose operational semantics is given in terms of a labelled transition system which is used to derive a standard simulation theory. We apply our tGNDC framework to perform a security analysis of three well-known key management protocols for wireless sensor networks: ”TESLA, LEAP+ and LiSP
Modeling and Verifying Ad Hoc Routing Protocols
Mobile ad hoc networks consist of mobile wireless devices which autonomously organize their infrastructure. In such a network, a central issue, ensured by routing protocols, is to find a route from one device to another. Those protocols use cryptographic mechanisms in order to prevent a malicious node from compromising the discovered route. We present a calculus for modeling and reasoning about security protocols, including in particular secured routing protocols. Our calculus extends standard symbolic models to take into account the characteristics of routing protocols and to model wireless communication in a more accurate way. Then, by using constraint solving techniques, we propose a decision procedure for analyzing routing protocols for a bounded number of sessions and for a fixed network topology. We demonstrate the usage and usefulness of our approach by analyzing the protocol SRP applied to DSR
Modeling and Verifying Ad Hoc Routing Protocols
To appearInternational audienceMobile ad hoc networks consist of mobile wireless devices which autonomously organize their infrastructure. In such networks, a central issue, addressed by routing protocols, is to find a route from one device to another. These protocols use cryptographic mechanisms in order to prevent malicious nodes from compromising the discovered route. Our contribution is twofold. We first propose a calculus for modeling and reasoning about security protocols, including in particular secured routing protocols. Our calculus extends standard symbolic models to take into account the characteristics of routing protocols and to model wireless communication in a more accurate way. Our second main contribution is a decision procedure for analyzing routing protocols for any network topology. By using constraint solving techniques, we show that it is possible to automatically discover (in NPTIME) whether there exists a network topology that would allow malicious nodes to mount an attack against the protocol, for a bounded number of sessions. We also provide a decision procedure for detecting attacks in case the network topology is given a priori. We demonstrate the usage and usefulness of our approach by analyzing protocols of the literature, such as SRP applied to DSR and SDMSR