Methodology of Testing the Security of Cryptographic Protocols Using the CMMTree Framework

Internet communication is one of the significant aspects of modern civilization. People use banking, health, social, or shopping platforms and send a lot of data. Each communication should be secured and protected against dishonest users’ activities during its transfer via network links. Cryptographic protocols provide such security and protection. Because of the evolution of the vulnerabilities and attackers’ methods, the cryptographic protocols should be regularly verified. This paper presents a methodology for testing the security of cryptographic protocols using the CMMTree framework. We developed and adapted a software package for analyzing cryptographic protocols regarding compatibility with the CMMTree framework using a predicate according to the approach described in Siedlecka-Lamch et al.’s works. We optimized and strengthened the mentioned approach with tree optimization methods and a lexicographic sort rule. Next, we researched the well-known security protocols using a developed tool and compared and verified the results using sorted and shuffled data. This work produced promising results. No attacks on the tested protocols were discovered

Key Agreement and Authentication Protocols in the Internet of Things: A Survey

The rapid development of Internet of things (IoT) technology has made the IoT applicable in many areas of life and has contributed to the IoT’s improvement. IoT devices are equipped with various sensors that enable them to perform the tasks they were designed for. The use of such devices is associated with securing communication between devices and users. The key stages of communication are the processes of authentication and the process of agreeing on session keys because they are the basis of the subsequent communication phases. The specially designed security protocols are used to secure communication. These protocols define the course of communication and cryptographic techniques employed for securing. In this article, we have reviewed the latest communication protocols designed to secure authentication processes and agree on session keys in IoT environments. We analyzed the proposed protocols’ security level, vulnerability, and computational and communication costs. We showed our observations, describing the requirements that a secure protocol should meet

Timed models of security protocols including delays in the network

A very important part of the network and computer systems is to ensure an appropriate level of information transmission security. Security is based primarily on properly selected communication in security protocol. Unfortunately, the time-dependent protocols are vulnerable to attacks; therefore there is a need to verify these protocols. For verification purposes, protocols can be modeled using timed automata. During the modeling and verification of the protocols, one should also keep in mind delays in the network. So far, delays in the network were not modeled

Timed models of security protocols including delays in the network

A very important part of the network and computer systems is to ensure an appropriate level of information transmission security. Security is based primarily on properly selected communication in security protocol. Unfortunately, the time-dependent protocols are vulnerable to attacks; therefore there is a need to verify these protocols. For verification purposes, protocols can be modeled using timed automata. During the modeling and verification of the protocols, one should also keep in mind delays in the network. So far, delays in the network were not modeled

Towards Most Efficient Method for Untimed Security Protocols Verification

Security protocols are a crucial point of more complicated communication protocols that are responsible for keeping security during data transmission in computer networks. From a security point of view, proper verification of such protocols properties is a significant challenge. In the last decades, many concepts and connected with them verification tools were developed and successfully used for checking protocols correctness conditions. In this area of research, much attention is paid for suitable methods of protocols modelling and a low as possible a computational complexity of algorithms used. The last property is important because it allows practical use of such structures and algorithms for automatic verification. Adding timestamps for protocols schemes caused a need for time modelling in solutions of security protocols verification. Time models added into considerations introduce more complicated structures and increase the complexity of structures and algorithms used in the verification process. According to this, there is still a need of looking for more and more efficient ways for modelling of untimed versions of the protocols, for which adding time will be effective from the verification process point of view. In this paper, we propose a new method for modelling and verification of untimed security protocols properties. We present an idea, examples, an algorithm and experimental results for several protocols. We also compare our results with the best, well-known verification tools

SAT and SMT-Based Verification of Security Protocols Including Time Aspects

For many years various types of devices equipped with sensors have guaranteed proper work in a huge amount of machines and systems. For the proper operation of sensors, devices, and complex systems, we need secure communication. Security protocols (SP) in this case, guarantee the achievement of security goals. However, the design of SP is not an easy process. Sometimes SP cannot realise their security goals because of errors in their constructions and need to be investigated and verified in the case of their correctness. Now SP uses often time primitives due to the necessity of security dependence on the passing of time. In this work, we propose and investigate the SAT-and SMT-based formal verification methods of SP used in communication between devices equipped with sensors. For this, we use a formal model based on networks of communicating timed automata. Using this, we show how the security property of SP dedicated to the sensors world can be verified. In our work, we investigate such timed properties as delays in the network and lifetimes. The delay in the network is the lower time constraint related to sending the message. Lifetime is an upper constraint related to the validity of the timestamps generated for the transmitted messages