Dynamic epistemic verification of security protocols: framework and case study

We propose a dynamic epistemic framework for the verification of security protocols. First, we introduce a dynamic epistemic logic equipped with iteration and cryptographic supplements in which we can formalize and check (epistemic) requirements of security protocols. On top of this, we give a general guide how to go from a protocol specification to its representation in our framework. We demonstrate this by checking requirements of a simplified version of a protocol for confidential message comparison

Refinement of Kripke Models for Dynamics

We propose a property-preserving refinement/abstraction theory for Kripke Modal Labelled Transition Systems incorporating not only state mapping but also label and proposition lumping, in order to have a compact but informative abstraction. We develop a 3-valued version of Public Announcement Logic (PAL) which has a dynamic operator that changes the model in the spirit of public broadcasting. We prove that the refinement relation on static models assures us to safely reason about any dynamic properties in terms of PAL-formulas on the abstraction of a model. The theory is in particular interesting and applicable for an epistemic setting as the example of the Muddy Children puzzle shows, especially in the view of the growing interest for epistemic modelling and (automatic) verification of communication protocols

Verifying multi-party authentication using rank functions and PVS

In this paper we present a fully formal correctness proof of a multi-party version of the Needham-Schroeder-Lowe public key authentication protocol. As the protocol allows for an arbitrary number of participants, the model consisting of all possible protocol executions exceeds any bounds imposed by model checking methods. By modelling the protocol in the CSP-framework and using the Rank Theorem we obtain an abstraction level that allows to give a correctness proof in PVS for the protocol with respect to authentication, for the protocol running in parallel in multiple instantiations, possibly with different numbers of agents for each instance.\u3cbr/\u3e\u3cbr/\u3eThis specific result shows how, more generally, the formalisation in CSP and application of the theorem prover PVS make full formal verification of multi-party security protocols possible

Refinement of Kripke models for dynamics

We propose a property-preserving refinement/abstraction theory for Kripke Modal Labelled Transition Systems incorporating not only state mapping but also label and proposition lumping, in order to have a compact but informative abstraction. We develop a 3-valued version of Public Announcement Logic (PAL) which has a dynamic operator that changes the model in the spirit of public broadcasting. We prove that the refinement relation on static models assures us to safely reason about any dynamic properties in terms of PAL-formulas on the abstraction of a model. The theory is in particular interesting and applicable for an epistemic setting as the example of the Muddy Children puzzle shows, especially in the view of the growing interest for epistemic modelling and (automatic) verification of communication protocols

Operational and epistemic approaches to protocol analysis: bridging the gap

Operational models of protocols, on one hand, are readable and conveniently match their implementation, at a certain abstraction level. Epistemic models, on the other hand, are appropriate for specifying knowledge-related properties such as anonymity. These two approaches to specification and analysis have so far developed in parallel and one has either to define ad hoc correctness criteria for the operational model or use complicated epistemic models to specify the operational behavior. We work towards bridging this gap by proposing a combined framework which allows modeling the behavior of a protocol in a process language with an operational semantics and supports reasoning about properties expressed in a rich logic with temporal and epistemic operators

Dynamic epistemic verification of security protocols: framework and case study

We propose a dynamic epistemic framework for the verification of security protocols. First, we introduce a dynamic epistemic logic equipped with iteration and cryptographic supplements in which we can formalize and check (epistemic) requirements of security protocols. On top of this, we give a general guide how to go from a protocol specification to its representation in our framework. We demonstrate this by checking requirements of a simplified version of a protocol for confidential message comparison

What is protocol analysis?

The following is a transcript of one of the discussion sessions that took place during the Workshop on Games, Action and Social Software at the Lorentz Center in Leiden. The discussion theme was set by the workshop organizers: Is logic useful for the analysis of protocols, and if so, how? The theme has attracted the usual protagonists, plus a cognitive scientist and a specialist in computer security

Operational and Epistemic Approaches to Protocol Analysis: Bridging the Gap

Operational models of protocols, on one hand, are readable and conveniently match their implementation, at a certain abstraction level. Epistemic models, on the other hand, are appropriate for specifying knowledge-related properties such as anonymity. These two approaches to specification and analysis have so far developed in parallel and one has either to define ad hoc correctness criteria for the operational model or use complicated epistemic models to specify the operational behavior. We work towards bridging this gap by proposing a combined framework which allows modeling the behavior of a protocol in a process language with an operational semantics and supports reasoning about properties expressed in a rich logic with temporal and epistemic operators