Abstract
We introduce the on-the-fly model-checker OFMC, a tool that combines two methods for analyzing security protocols. The first is the use of lazy data-types as a simple way of building an efficient on-the-fly model checker for protocols with infinite state spaces. The second is the integration of symbolic techniques for modeling a Dolev-Yao intruder, whose actions are generated in a demand-driven way. We present experiments that demonstrate that our tool is state-of-the-art, both in terms of coverage and performance, and that it scales well to industrial-strength protocols.
This work was supported by the FET Open Project IST-2001-39252, ”AVISPA: Automated Validation of Internet Security Protocols and Applications” [2].
Chapter PDF
Similar content being viewed by others
References
Amadio, R., Lugiez, D.: On the reachability problem in cryptographic protocols. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 380–394. Springer, Heidelberg (2000)
AVISPA: Automated Validation of Internet Security Protocols and Applications. FET Open Project IST-2001-39252, http://www.avispa-project.org
Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge U. Pr., New York (1998)
Basin, D.: Lazy infinite-state analysis of security protocols. In: Baumgart, R. (ed.) CQRE 1999. LNCS, vol. 1740, pp. 30–42. Springer, Heidelberg (1999)
Basin, D., Mödersheim, S., Viganò, L.: An On-The-Fly Model-Checker for Security Protocol Analysis (Extended Version). Technical Report 404, ETH Zurich, Computer Science (2003), http://www.inf.ethz.ch/research/publications/
Basin, D., Mödersheim, S., Viganò, L.: Constraint Differentiation: A New Reduction Technique for Constraint-Based Analysis of Security Protocols. Technical Report 405, ETH Zurich, Computer Science (2003), http://www.inf.ethz.ch/research/publications/
Boreale, M.: Symbolic trace analysis of cryptographic protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 667–681. Springer, Heidelberg (2001)
Chevalier, Y., Vigneron, L.: A Tool for Lazy Verification of Security Protocols. In: Proc. ASE 2001. IEEE Computer Society Press, Los Alamitos (2001)
Clark, J., Jacob, J.: A Survey of Authentication Protocol Literature: Version 1.0, November 17 (1997), URL: http://www.cs.york.ac.uk/~jac/papers/drareview.ps.gz
Corin, R., Etalle, S.: An Improved Constraint-Based System for the Verification of Security Protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 326–341. Springer, Heidelberg (2002)
Denker, G., Millen, J., Rueß, H.: The CAPSL Integrated Protocol Environment. Technical Report SRI-CSL-2000-02, SRI International (2000)
Dolev, D., Yao, A.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 2(29) (1983)
Donovan, B., Norris, P., Lowe, G.: Analyzing a library of security protocols using Casper and FDR. In: Proc. FMSP 1999 (Formal Methods and Security Protocols) (1999)
Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of Bounded Security Protocols. In: Proc. FMSP 1999 (Formal Methods and Security Protocols) (1999)
Fábrega, F.J.T., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7, 191–230 (1999)
Fiore, M., Abadi, M.: Computing Symbolic Models for Verifying Cryptographic Protocols. In: Proc. CSFW 2001. IEEE Computer Society Press, Los Alamitos (2001)
Huima, A.: Efficient infinite-state analysis of security protocols. In: Proc. FLOC 1999 Workshop on Formal Methods and Security Protocols, FMSP 1999 (1999)
ITU-T Recommendation H.530: Symmetric Security Procedures for H.510 (Mobility for H.323 Multimedia Systems and Services) (2002)
Jacquemard, F., Rusinowitch, M., Vigneron, L.: Compiling and Verifying Security Protocols. In: Parigot, M., Voronkov, A. (eds.) LPAR 2000. LNCS (LNAI), vol. 1955, pp. 131–160. Springer, Heidelberg (2000)
Lowe, G.: Casper: a Compiler for the Analysis of Security Protocols. Journal of Computer Security 6(1), 53–84 (1998)
Meadows, C.: Analysis of the Internet Key Exchange Protocol Using the NRL Protocol Analyzer. In: Proc. 1999 IEEE Symposium on Security and Privacy (1999)
Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc. CCS 2001, pp. 166–175. ACM Press, New York (2001)
Mitchell, J.C., Mitchell, M., Stern, U.: Automated Analysis of Cryptographic Protocols Using Murphi. In: Proc. 1997 IEEE Symposium on Security and Privacy (1997)
Paulson, L.C.: The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security 6(1), 85–128 (1998)
Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modelling and Analysis of Security Protocols. Addison-Wesley, Reading (2000)
Song, D., Berezin, S., Perrig, A.: Athena: a novel approach to efficient automatic security protocol analysis. Journal of Computer Security 9, 47–74 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Basin, D., Mödersheim, S., Viganò, L. (2003). An On-the-Fly Model-Checker for Security Protocol Analysis. In: Snekkenes, E., Gollmann, D. (eds) Computer Security – ESORICS 2003. ESORICS 2003. Lecture Notes in Computer Science, vol 2808. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39650-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-39650-5_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20300-1
Online ISBN: 978-3-540-39650-5
eBook Packages: Springer Book Archive