2,826 research outputs found
Verifying security protocols by knowledge analysis
This paper describes a new interactive method to analyse knowledge of participants involved in security protocols and further to verify the correctness of the protocols. The method can detect attacks and flaws involving interleaving sessions besides normal attacks. The implementation of the method in a generic theorem proving environment, namely Isabelle, makes the verification of protocols mechanical and efficient; it can verify a medium-sized security protocol in less than ten seconds. As an example, the paper finds the flaw in the Needham-Schroeder public key authentication protocol and proves the secure properties and guarantees of the protocol with Lowe's fix to show the effectiveness of this method
Recommended from our members
A framework for proving the correctness of cryptographic protocol properties by linear temporal logic
In this paper, a framework for cryptographic protocol analysis using linear temporal logic is proposed. The framework can be used to specify and analyse security protocols. It aims to investigate and analyse the security protocols properties that are secure or have any flaws. The framework extends the linear temporal logic by including the knowledge of participants in each status that may change over the time. It includes two main parts, the Language of Temporal Logic (LTL) and the domain knowledge. The ability of the framework is demonstrated by analysing the Needham-Schroeder public key protocol and the Andrew Secure RPC protocol as examples
Timed Analysis of Security Protocols
We propose a method for engineering security protocols that are aware of
timing aspects. We study a simplified version of the well-known Needham
Schroeder protocol and the complete Yahalom protocol, where timing information
allows the study of different attack scenarios. We model check the protocols
using UPPAAL. Further, a taxonomy is obtained by studying and categorising
protocols from the well known Clark Jacob library and the Security Protocol
Open Repository (SPORE) library. Finally, we present some new challenges and
threats that arise when considering time in the analysis, by providing a novel
protocol that uses time challenges and exposing a timing attack over an
implementation of an existing security protocol
Analysis of Selected Security Protocols
Tato bakalĂĄĆskĂĄ prĂĄce se zabĂœvĂĄ nĂĄstrojem SRI Constraint Solver, urÄenĂœm pro analĂœzu bezpeÄnostnĂch protokolĆŻ. NĂĄstroj je v prĂĄci struÄnÄ charakterizovĂĄn, a jeho syntaxe pĆedvedena na implementaci protokolu Needham-Schroeder Public Key. PraktickĂĄ ÄĂĄst uvĂĄdĂ pĆĂklady analyzovanĂœch protokolĆŻ. Pro kaĆŸdĂœ protokol je uvedena jeho specifikace, prĆŻbÄh protokolu v nĂĄstroji, publikovanĂœ Ăștok, a v pĆĂpadÄ nĂĄlezu takĂ© nalezenĂœ Ăștok. Na zĂĄvÄr je uvedena metoda analĂœzy jednotlivĂœch protokolĆŻ a porovnĂĄnĂ dosaĆŸenĂœch vĂœsledkĆŻ s publikovanĂœmi.This bachelor's thesis deals with the SRI Constraint Solver tool used for analysis of security protocols. The tool is shortly characterised, and its syntax is shown on an implementation of the Needham-Schroeder Public Key protocol. The practical part shows some examples of analysed protocols. Every protocol is specified; it's run in the tool, published attack and found attack in case of its presence. At the end of the thesis, a method of analysis of each protocol and a comparison of achieved results with published are described.
Proof Theory, Transformations, and Logic Programming for Debugging Security Protocols
We define a sequent calculus to formally specify, simulate, debug and verify security protocols. In our sequents we distinguish between the current knowledge of principals and the current global state of the session. Hereby, we can describe the operational semantics of principals and of an intruder in a simple and modular way. Furthermore, using proof theoretic tools like the analysis of permutability of rules, we are able to find efficient proof strategies that we prove complete for special classes of security protocols including Needham-Schroeder. Based on the results of this preliminary analysis, we have implemented a Prolog meta-interpreter which allows for rapid prototyping and for checking safety properties of security protocols, and we have applied it for finding error traces and proving correctness of practical examples
Secrecy-Oriented First-Order Logical Analysis of Cryptographic Protocols
We present a computationally sound first-order system for security analysis of protocols that places secrecy of nonces and keys in its center. Even trace properties such as agreement and authentication are proven via proving a non-trace property, namely, secrecy first. This results a very powerful system, the working of which we illustrate on the agreement and authenti- cation proofs for the Needham-Schroeder-Lowe public-key and the amended Needham-Schroeder shared-key protocols in case of unlimited sessions. Unlike other available formal verification techniques, computational soundness of our approach does not require any idealizations about parsing of bitstrings or unnecessary tagging. In particular, we have total control over detecting or eliminating the possibility of type-flaw attacks
Constraints-based Verification of Parameterized Cryptographic Protocols.
Cryptographic protocols are crucial for securing electronic transactions. The confidence in these protocols can be increased by the formal analysis of their security properties. Although many works have been dedicated to standard protocols like Needham-Schroeder very few address the more challenging class of group protocols. We present a synchronous model for group protocols, that generalizes standard protocol models by permitting unbounded lists inside messages. In this extended model we propose a correct and complete set of inference rules for checking security properties in presence of an active intruder for the class of Well-Tagged protocols. We prove that the application of these rules on a constraint system terminates and that the normal form obtained can be checked for satisfiability. Therefore, we present here a decision procedure for this class
- âŠ