Abstractions for security protocol verification
Abstract
We present a large class of security protocol abstractions with the aim of improving the scope and efficiency of verification tools. We propose abstractions that transform a term’s structure based on its type as well as abstractions that remove atomic messages, variables, and redundant terms. Our theory improves on previous work by supporting rewrite theories with the finite-variant property, user-defined types, and untyped variables to cover type flaw attacks. We prove soundness results for an expressive property language that includes secrecy and authentication. Applying our abstractions to realistic IETF protocol models, we achieve dramatic speedups and extend the scope of several modern security protocol analyzers.
References
[1]
O. Almousa, S.A. Mödersheim, P. Modesti and L. Viganò, Typing and compositionality for security protocols: A generalization to the geometric fragment, in: ESORICS, Lecture Notes in Computer Science, Springer, 2015.
[2]
M. Arapinis and M. Duflot, Bounding messages for free in security protocols, in: FSTTCS, 2007, pp. 376–387.
[3]
M. Arapinis, E. Ritter and M.D. Ryan, StatVerif: Verification of stateful processes, in: Proceedings of the 24th IEEE Computer Security Foundations Symposium, CSF 2011, Cernay-la-Ville, France, 27–29 June, 2011, IEEE Computer Society, 2011, pp. 33–47.
[4]
J. Arkko and H. Haverinen, RFC 4187: Extensible authentication protocol method for 3rd generation authentication and key agreement (EAP-AKA), 2006, http://www.ietf.org/rfc/rfc4187.
[5]
A. Armando, W. Arsac, T. Avanesov, M. Barletta, A. Calvi, A. Cappai, R. Carbone, Y. Chevalier, L. Compagna, J. Cuéllar, G. Erzse, S. Frau, M. Minea, S. Mödersheim, D. von Oheimb, G. Pellegrino, S.E. Ponta, M. Rocchetto, M. Rusinowitch, M.T. Dashti, M. Turuani and L. Viganò, The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures, in: TACAS, 2012, pp. 267–282.
[6]
A. Armando and L. Compagna, SAT-based model-checking for security protocols analysis, International Journal of Information Security 7(1) (2008), 3–32.
[7]
M. Backes, A. Cortesi, R. Focardi and M. Maffei, A calculus of challenges and responses, in: Proceedings of the 2007 ACM Workshop on Formal Methods in Security Engineering, FMSE ’07, ACM, New York, NY, USA, 2007, pp. 51–60. ISBN 978-1-59593-887-9.
[8]
D.A. Basin, S. Mödersheim and L. Viganò, OFMC: A symbolic model checker for security protocols, Int. J. Inf. Sec. 4(3) (2005), 181–208.
[9]
B. Blanchet, An efficient cryptographic protocol verifier based on prolog rules, in: 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001), Cape Breton, Nova Scotia, Canada, 11–13 June 2001, IEEE Computer Seciety, 2001, pp. 82–96.
[10]
P. Cousot and R. Cousot, Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints, in: POPL, 1977, pp. 238–252.
[11]
C. Cremers, IKEv1 and IKEv2 protocol suites, 2011, https://github.com/cascremers/scyther/tree/master/gui/Protocols/IKE.
[12]
C. Cremers, ISO/IEC 9798 authentication protocols, 2012, https://github.com/cascremers/scyther/tree/master/gui/Protocols/ISO-9798.
[13]
C. Cremers and S. Mauw, Operational Semantics and Verification of Security Protocols, Information Security and Cryptography, Springer, 2012. ISBN 978-3-540-78636-8.
[14]
C.J.F. Cremers, The Scyther tool: Verification, falsification, and analysis of security protocols, in: CAV, 2008, pp. 414–418.
[15]
C.J.F. Cremers, Key exchange in IPsec revisited: Formal analysis of IKEv1 and IKEv2, in: ESORICS, 2011, pp. 315–334.
[16]
C.J.F. Cremers, S. Mauw and E.P. de Vink, Injective synchronisation: An extension of the authentication hierarchy, Theor. Comput. Sci. 367(1–2) (2006), 139–161.
[17]
A. Datta, A. Derek, J.C. Mitchell and D. Pavlovic, Abstraction and refinement in protocol derivation, in: Proc. 17th IEEE Computer Security Foundations Workshop (CSFW), 2004.
[18]
A. Datta, A. Derek, J.C. Mitchell and D. Pavlovic, A derivation system and compositionl logic for security protocols, Journal of Computer Security 13 (2005), 423–482.
[19]
D. Dolev and A.C. Yao, On the security of public key protocols, IEEE Transactions on Information Theory 29(2) (1983), 198–207.
[20]
F. Durán and J. Meseguer, A Church-Rosser checker tool for conditional order-sorted equational maude specifications, in: Rewriting Logic and Its Applications – 8th International Workshop, WRLA 2010, Held as a Satellite Event of ETAPS 2010, Revised Selected Papers, Paphos, Cyprus, March 20–21, 2010, pp. 69–85.
[21]
S. Escobar, C. Meadows and J. Meseguer, Maude-NPA: Cryptographic protocol analysis modulo equational properties, in: FOSAD, 2007, pp. 1–50.
[22]
S. Escobar, R. Sasse and J. Meseguer, Folding variant narrowing and optimal variant termination, J. Log. Algebr. Program. 81(7–8) (2012), 898–928.
[23]
J. Giesl, P. Schneider-Kamp and R. Thiemann, Automatic termination proofs in the dependency pair framework, in: Automated Reasoning, Third International Joint Conference, IJCAR 2006, Proceedings, Seattle, WA, USA, August 17–20, 2006, 2006, pp. 281–286.
[24]
J.D. Guttman, Transformations between cryptographic protocols, in: ARSPA-WITS, 2009, pp. 107–123.
[25]
J.D. Guttman, Security goals and protocol transformations, in: Theory of Security and Applications (TOSCA), an ETAPS Associated Event, LNCS, Vol. 6993, Springer, 2011.
[26]
J.D. Guttman, Establishing and preserving protocol security goals, Journal of Computer Security 22(2) (2014), 203–268.
[27]
D. Harkins and D. Carrel, The Internet key exchange (IKE), IETF RFC 2409 (proposed standard), 1998, Obsoleted by RFC 4306, updated by RFC 4109, http://www.ietf.org/rfc/rfc2409.txt.
[28]
M.L. Hui and G. Lowe, Fault-preserving simplifying transformations for security protocols, Journal of Computer Security 9(1/2) (2001), 3–46.
[29]
J.-P. Jouannaud and H. Kirchner, Completion of a set of rules modulo a set of equations, SIAM J. Comput. 15(4) (1986), 1155–1194.
[30]
C. Kaufman, P. Hoffman, Y. Nir and P. Eronen, Internet key exchange protocol version 2 (IKEv2), IETF RFC 5996, 2010, http://tools.ietf.org/html/rfc5996.
[31]
J. Lallemand, D.A. Basin and C. Sprenger, Refining authenticated key agreement with strong adversaries, in: 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, Paris, France, April 26–28, 2017, pp. 92–107.
[32]
G. Lowe, A hierarchy of authentication specifications, in: IEEE Computer Security Foundations Workshop, IEEE Computer Society, Los Alamitos, CA, USA, 1997, pp. 31–43.
[33]
S. Meier, C.J.F. Cremers and D.A. Basin, Strong invariants for the efficient construction of machine-checked protocol security proofs, in: Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, Edinburgh, United Kingdom, July 17–19, 2010, IEEE Computer Seciety, 2010, pp. 231–245.
[34]
S. Meier, B. Schmidt, C. Cremers and D.A. Basin, The TAMARIN prover for the symbolic analysis of security protocols, in: CAV, 2013, pp. 696–701.
[35]
R.M. Needham and M.D. Schroeder, Using encryption for authentication in large networks of computers, Commun. ACM 21(12) (1978), 993–999.
[36]
B.T. Nguyen, The Scyther-abstraction tool, 2018, https://github.com/binhnguyen1984/scyther-abstraction.
[37]
B.T. Nguyen and C. Sprenger, Sound security protocol transformations, in: POST, 2013, pp. 83–104.
[38]
B.T. Nguyen and C. Sprenger, Abstractions for security protocol verification, in: Principles of Security and Trust – 4th International Conference, POST 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, Proceedings, London, UK, April 11–18, 2015, R. Focardi and A.C. Myers, eds, Lecture Notes in Computer Science, Vol. 9036, Springer, 2015, pp. 196–215.
[39]
B.T. Nguyen, C. Sprenger and C. Cremers, Abstractions for security protocol verification, Technical report, Department of Computer Science, ETH Zurich, 2018.
[40]
L. Paulson, The inductive approach to verifying cryptographic protocols, J. Computer Security 6 (1998), 85–128.
[41]
D. Pavlovic and C. Meadows, Deriving secrecy in key establishment protocols, in: Proc. 11th European Symposium on Research in Computer Security (ESORICS), 2006, pp. 384–403.
[42]
A. Perrig, J.D. Tygar, D. Song and R. Canetti, Efficient authentication and signing of multicast streams over Lossy channels, in: Proceedings of the 2000 IEEE Symposium on Security and Privacy, SP ’00, IEEE Computer Society, Washington, DC, USA, 2000, p. 56. ISBN 0-7695-0665-8.
[43]
S. Schneider, Verifying authentication protocols with CSP, in: 10th Computer Security Foundations Workshop (CSFW ’97), Rockport, Massachusetts, USA, June 10–12, 1997, 1997, pp. 3–17.
[44]
S.A. Shaikh, V.J. Bush and S.A. Schneider, Specifying authentication using signal events in CSP, Computers & Security 28(5) (2009), 310–324.
[45]
C. Sprenger and D. Basin, Developing security protocols by refinement, in: Proc. 17th ACM Conference on Computer and Communications Security (CCS), 2010, pp. 361–374.
[46]
C. Sprenger and D. Basin, Refining key establishment, in: Proc. 25th IEEE Computer Security Foundations Symposium (CSF), 2012, pp. 230–246.
[47]
M. Turuani, The CL-Atse protocol analyser, in: RTA, 2006, pp. 277–286.
Index Terms
- Abstractions for security protocol verification
Index terms have been assigned to the content through auto-classification.
Recommendations
Analysis of a mobile communication security protocol
ISICT '03: Proceedings of the 1st international symposium on Information and communication technologiesCryptographic protocols are used to achieve secure communication over insecure networks. Weaknesses in such protocols are hard to identify, as they can be the result of subtle design flaws. Formal verification techniques provide rigid and thorough means ...
Abstractions for Security Protocol Verification
Proceedings of the 4th International Conference on Principles of Security and Trust - Volume 9036We present a large class of security protocol abstractions with the aim of improving the scope and efficiency of verification tools. We propose typed abstractions, which transform a term's structure based on its type, and untyped abstractions, which ...
Formal Verification of Security Protocols: ProVerif and Extensions
Artificial Intelligence and SecurityAbstractSecure protocols are built on cryptographic algorithms, which provide a variety of secure services to realize secure communications in a network environment. To improve the quality of security protocols and ensure their reliability, sufficient ...
Comments
Information & Contributors
Information
Published In
© 2018 – IOS Press and the authors. All rights reserved.
Publisher
IOS Press
Netherlands
Publication History
Published: 01 January 2018
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 09 Feb 2025