Verifying security protocols by knowledge analysis

This paper describes a new interactive method to analyse knowledge of participants involved in security protocols and further to verify the correctness of the protocols. The method can detect attacks and flaws involving interleaving sessions besides normal attacks. The implementation of the method in a generic theorem proving environment, namely Isabelle, makes the verification of protocols mechanical and efficient; it can verify a medium-sized security protocol in less than ten seconds. As an example, the paper finds the flaw in the Needham-Schroeder public key authentication protocol and proves the secure properties and guarantees of the protocol with Lowe's fix to show the effectiveness of this method

A framework for proving the correctness of cryptographic protocol properties by linear temporal logic

In this paper, a framework for cryptographic protocol analysis using linear temporal logic is proposed. The framework can be used to specify and analyse security protocols. It aims to investigate and analyse the security protocols properties that are secure or have any flaws. The framework extends the linear temporal logic by including the knowledge of participants in each status that may change over the time. It includes two main parts, the Language of Temporal Logic (LTL) and the domain knowledge. The ability of the framework is demonstrated by analysing the Needham-Schroeder public key protocol and the Andrew Secure RPC protocol as examples

Timed Analysis of Security Protocols

We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol, where timing information allows the study of different attack scenarios. We model check the protocols using UPPAAL. Further, a taxonomy is obtained by studying and categorising protocols from the well known Clark Jacob library and the Security Protocol Open Repository (SPORE) library. Finally, we present some new challenges and threats that arise when considering time in the analysis, by providing a novel protocol that uses time challenges and exposing a timing attack over an implementation of an existing security protocol

Analysis of Selected Security Protocols

Tato bakalářská práce se zabývá nástrojem SRI Constraint Solver, určeným pro analýzu bezpečnostních protokolů. Nástroj je v práci stručně charakterizován, a jeho syntaxe předvedena na implementaci protokolu Needham-Schroeder Public Key. Praktická část uvádí příklady analyzovaných protokolů. Pro každý protokol je uvedena jeho specifikace, průběh protokolu v nástroji, publikovaný útok, a v případě nálezu také nalezený útok. Na závěr je uvedena metoda analýzy jednotlivých protokolů a porovnání dosažených výsledků s publikovanými.This bachelor's thesis deals with the SRI Constraint Solver tool used for analysis of security protocols. The tool is shortly characterised, and its syntax is shown on an implementation of the Needham-Schroeder Public Key protocol. The practical part shows some examples of analysed protocols. Every protocol is specified; it's run in the tool, published attack and found attack in case of its presence. At the end of the thesis, a method of analysis of each protocol and a comparison of achieved results with published are described.

Proof Theory, Transformations, and Logic Programming for Debugging Security Protocols

We define a sequent calculus to formally specify, simulate, debug and verify security protocols. In our sequents we distinguish between the current knowledge of principals and the current global state of the session. Hereby, we can describe the operational semantics of principals and of an intruder in a simple and modular way. Furthermore, using proof theoretic tools like the analysis of permutability of rules, we are able to find efficient proof strategies that we prove complete for special classes of security protocols including Needham-Schroeder. Based on the results of this preliminary analysis, we have implemented a Prolog meta-interpreter which allows for rapid prototyping and for checking safety properties of security protocols, and we have applied it for finding error traces and proving correctness of practical examples

Secrecy-Oriented First-Order Logical Analysis of Cryptographic Protocols

We present a computationally sound first-order system for security analysis of protocols that places secrecy of nonces and keys in its center. Even trace properties such as agreement and authentication are proven via proving a non-trace property, namely, secrecy first. This results a very powerful system, the working of which we illustrate on the agreement and authenti- cation proofs for the Needham-Schroeder-Lowe public-key and the amended Needham-Schroeder shared-key protocols in case of unlimited sessions. Unlike other available formal verification techniques, computational soundness of our approach does not require any idealizations about parsing of bitstrings or unnecessary tagging. In particular, we have total control over detecting or eliminating the possibility of type-flaw attacks

Constraints-based Verification of Parameterized Cryptographic Protocols.

Cryptographic protocols are crucial for securing electronic transactions. The confidence in these protocols can be increased by the formal analysis of their security properties. Although many works have been dedicated to standard protocols like Needham-Schroeder very few address the more challenging class of group protocols. We present a synchronous model for group protocols, that generalizes standard protocol models by permitting unbounded lists inside messages. In this extended model we propose a correct and complete set of inference rules for checking security properties in presence of an active intruder for the class of Well-Tagged protocols. We prove that the application of these rules on a constraint system terminates and that the normal form obtained can be checked for satisfiability. Therefore, we present here a decision procedure for this class