Li Zhou,Xia Yin,Zhiliang Wang

DOI: https://doi.org/10.1109/icstw.2011.18

2011-01-01

Abstract:Protocol security testing is an important technique to ensure the security of communication protocols. However, methods considering both effective detection to specification vulnerabilities and efficient testing on protocol implementations are not well developed. In this paper, we present a general method for protocol security testing including protocol verification with SPIN model checker and protocol testing with formal testing language TTCN-3. We use threat model to model malicious entities and import the classification of information security to achieve a complete analysis of security requirements for protocol verification. We also develop a SPIN Trail to TTCN-3(st2ttcn) conversion tool to generate test cases automatically from counter examples obtained from model checking. As a case study, we apply our approach to the security testing of Source Address Validation Improvements (SAVI) protocol. We test two versions of SAVI-DHCP protocol. Security vulnerabilities have been found and tested in corresponding implementations.

Tieming Chen,Zhenbo Yu,Shijian Li,Bo Chen

DOI: https://doi.org/10.1155/2016/8797568

IF: 2.336

2016-01-01

Journal of Sensors

Abstract:Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN) and wireless body area networks (WBAN), formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the nodemobility related specification for modeling location-based node activity. Then, the traditional Dolev Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

Shamim Ripon,Sumaya Mahbub,K. M. Intiaz-ud-Din

DOI: https://doi.org/10.7763/IJET.2013.V5.553

2014-03-08

Abstract:The advancement of mobile and wireless communication technologies in recent years introduced various adaptive protocols to adapt the need for secured communications. Security is a crucial success factor for any communication protocols, especially in mobile environment due to its ad hoc behavior. Formal verification plays an important role in development and application of safety critical systems. Formalized exhausted verification techniques to analyze the security and the safety properties of communications protocols increase and confirm the protocol confidence. SPIN is a powerful model checker that verifies the correctness of distributed communication models in a rigorous and automated fashion. This short paper proposes a SPIN based formal verification approach of a security adaptive protocol suite. The protocol suite includes a neighbor discovery mechanism and routing protocol. Both parts of the protocol suite are modeled into SPIN and exhaustively checked various temporal properties which ensure the applicability of the protocol suite in real-life applications.

Networking and Internet Architecture

Kangfeng Ye,Roberto Metere,Poonam Yadav

2024-10-01

Abstract:Current formal verification of security protocols relies on specialized researchers and complex tools, inaccessible to protocol designers who informally evaluate their work with emulators. This paper addresses this gap by embedding symbolic analysis into the design process. Our approach implements the Dolev-Yao attack model using a variant of CSP based on Interaction Trees (ITrees) to compile protocols into animators -- executable programs that designers can use for debugging and inspection. To guarantee the soundness of our compilation, we mechanised our approach in the theorem prover Isabelle/HOL. As traditionally done with symbolic tools, we refer to the Diffie-Hellman key exchange and the Needham-Schroeder public-key protocol (and Lowe's patched variant). We demonstrate how our animator can easily reveal the mechanics of attacks and verify corrections. This work facilitates security integration at the design level and supports further security property analysis and software-engineered integrations.

Cryptography and Security,Logic in Computer Science

Thi Minh Chau Le,Xuan Thang Pham,Vinh Thinh Le

DOI: https://doi.org/10.54644/jte.2024.1523

2024-02-28

Journal of Technical Education Science

Abstract:In the dynamic field of Internet security, verifying and analyzing security protocols is crucial for ensuring secure and effective communication. This paper presents an analysis of leading tools used for the verification, falsification, and analysis of security protocols, focusing particularly on Scyther and Tamarin. We examine the methodologies, capabilities, and applications of these tools in various contexts, including cloud computing and IoT, highlighting their unique approaches and contributions to the field. The paper starts with an examination of the Scyther tool, emphasizing its innovative approach to automated falsification and verification, and its application in multi-protocol analysis. We then transition to exploring the use of Scyther in verifying key agreement protocols in cloud computing. A comparative analysis of Scyther and Tamarin is also presented, shedding light on their effectiveness in identifying security properties and revealing the strengths and weaknesses of different protocols. This is further enriched by a detailed look at the unbounded verification capabilities of Scyther. Additionally, the paper covers the capabilities of the Tamarin prover, exploring its advanced features in symbolic analysis, its ability to handle complex security properties, and its application in verifying protocol implementations. Through this paper, we aim to provide a comprehensive overview of the current landscape in security protocol verification, offering insights into the methodologies, challenges, and future directions in this essential area of research.

Linard Arquint,Felix A. Wolf,Joseph Lallemand,Ralf Sasse,Christoph Sprenger,Sven N. Wiesner,David Basin,Peter Müller

DOI: https://doi.org/10.48550/arXiv.2212.04171

2022-12-08

Abstract:We provide a framework consisting of tools and metatheorems for the end-to-end verification of security protocols, which bridges the gap between automated protocol verification and code-level proofs. We automatically translate a Tamarin protocol model into a set of I/O specifications expressed in separation logic. Each such specification describes a protocol role's intended I/O behavior against which the role's implementation is then verified. Our soundness result guarantees that the verified implementation inherits all security (trace) properties proved for the Tamarin model. Our framework thus enables us to leverage the substantial body of prior verification work in Tamarin to verify new and existing implementations. The possibility to use any separation logic code verifier provides flexibility regarding the target language. To validate our approach and show that it scales to real-world protocols, we verify a substantial part of the official Go implementation of the WireGuard VPN key exchange protocol.

Cryptography and Security,Programming Languages

WANG Wei

DOI: https://doi.org/10.3969/j.issn.1671-0428.2011.10.011

IF: 5.105

2011-01-01

Computers & Security

Abstract:Formal method is a powerful tool of analysis and verification of security properties of security protocols.In this paper,based on the first-order theorem prover ProVerif researched deeply,we analyzed the simplified Authentication Protocol Needham-Schroeder by formal method.

Xiangyu Luo,Yan Chen,Ming Gu,Lijun Wu

DOI: https://doi.org/10.1109/nswctc.2009.384

2009-01-01

Abstract:Formal verification approaches can guarantee the correctness of security protocols. In this paper we take the well-known Needham-Schroeder public-key authentication protocol as an example, to show how we can apply the symbolic model checker for multiagent systems MCTK, which is developed by us, to the verification of security protocols. One temporal epistemic property is checked successfully both in the original version and the Lowe's revised version of the Needham-Schroeder protocol. The experimental result shows that our method is an effective way to the verification of security protocol.

xiao yinyin,su kaile,ma zhenyuan,hu ruo

DOI: https://doi.org/10.13245/j.hust.2013.07.015

2013-01-01

Abstract:The important properties of SET(secure electronic transaction)payment protocols were verified and improved by a knowledge reasoning method ISL(instantiation space logic)and its tool SPV(security protocol verifier).The method could verify the correctness of protocols in unbounded number of sessions compared with model checking method.By comparison with theorems or proved methods,the method was testified fully automatically.A model more closed to the original protocols was proposed by simplifying complex messages of protocols under the ISL and choosing the protocol steps rationally,without affecting the important security properties.The SPV formal description of the model and its properties(secrecy and authentication) was given,and the verification results and effectiveness were showed.The protocols were improved according to the unsatisfied epistemic specifications,and the improvement resolved the authentication problem between the cardholder and pay-gate in the protocols.

韩进,蔡圣闻,王崇峻,赖海光,谢俊元

2010-01-01

Journal of Computer Research and Development

Abstract:The security protocol model is the basis of the security protocol analysis and verification. Existing modeling methods have some shortcomings, such as high complexity, bad reusability, and so on. A typed π calculus-π(superscript t) calculus is presented in this paper, and its type rules and evaluation rules are also given. It is proved that π(superscript t) calculus is a safely typed system. π(superscript t) calculus can be used to build formal models of security protocols and their attackers. NRL protocol is taken for an example to show how to build a security protocol model based on π(superscript t) calculus. The attacker model for a security protocol is also presented in this paper. The action ability which the attacker model based on π(superscript t) calculus has is proved the same to the D-Y attacker model. So the correctness of the results which come from verifying the security protocol models based on π(superscript t) calculus is promised. The security protocol modeling approach based on π(superscript t) calculus can give more detailed description of the semantics of protocol data and the knowledge of participators. Compared with other kinds of methods, this method has better usability and high reusability and can provide more analysis support. The analysis result shows that the method can detect flaws of a security protocol in its modeling process.

Bruno Blanchet

DOI: https://doi.org/10.4204/EPTCS.373.2

2022-11-22

Abstract:ProVerif is a widely used security protocol verifier. Internally, ProVerif uses an abstract representation of the protocol by Horn clauses and a resolution algorithm on these clauses, in order to prove security properties of the protocol or to find attacks. In this paper, we present an overview of ProVerif and discuss some specificities of its resolution algorithm, related to the particular application domain and the particular clauses that ProVerif generates. This paper is a short summary that gives pointers to publications on ProVerif in which the reader will find more details.

Cryptography and Security

ZHANG Yu-qing,WANG Lei,XIAO Guo-zhen,WU Jian-ping

2000-01-01

Journal of Software

Abstract:It is an important and hard problem in the area of computer network security to analyze cryptographic protocols. A methodology is presented using a model checke r of formal methods, SMV (symbolic model verifier), to analyze the well known Ne edham-Schroeder Public-Key Protocol. The SMV is used to discover an attack upo n the protocol, which has never been discovered by BAN logic. Finally, the proto col is adapted, and then the SMV is used to show that the new protocol is secure .

Sergiu Bursuc,Christian Johansen,Shiwei Xu

DOI: https://doi.org/10.48550/arXiv.1701.08676

2017-01-30

Cryptography and Security

Abstract:Automated verification of security protocols based on dynamic root of trust, typically relying on protected hardware such as TPM, involves several challenges that we address in this paper. We model the semantics of trusted computing platforms (including CPU, TPM, OS, and other essential components) and of associated protocols in a classical process calculus accepted by ProVerif. As part of the formalization effort, we introduce new equational theories for representing TPM specific platform states and dynamically loaded programs. Formal models for such an extensive set of features cannot be readily handled by ProVerif, due especially to the search space generated by unbounded extensions of TPM registers. In this context we introduce a transformation of the TPM process, that simplifies the structure of the search space for automated verification, while preserving the security properties of interest. This allows to run ProVerif on our proposed models, so we can derive automatically security guarantees for protocols running in a dynamic root of trust context.

Linard Arquint,Malte Schwerhoff,Vaibhav Mehta,Peter Müller

DOI: https://doi.org/10.1145/3576915.3623105

2023-09-10

Abstract:Security protocols are essential building blocks of modern IT systems. Subtle flaws in their design or implementation may compromise the security of entire systems. It is, thus, important to prove the absence of such flaws through formal verification. Much existing work focuses on the verification of protocol *models*, which is not sufficient to show that their *implementations* are actually secure. Verification techniques for protocol implementations (e.g., via code generation or model extraction) typically impose severe restrictions on the used programming language and code design, which may lead to sub-optimal implementations. In this paper, we present a methodology for the modular verification of strong security properties directly on the level of the protocol implementations. Our methodology leverages state-of-the-art verification logics and tools to support a wide range of implementations and programming languages. We demonstrate its effectiveness by verifying memory safety and security of Go implementations of the Needham-Schroeder-Lowe, Diffie-Hellman key exchange, and WireGuard protocols, including forward secrecy and injective agreement for WireGuard. We also show that our methodology is agnostic to a particular language or program verifier with a prototype implementation for C.

Cryptography and Security,Programming Languages

Vincent Cheval,Steve Kremer,Itsaka Rakotonirina

DOI: https://doi.org/10.46298/theoretics.24.4

2024-03-12

Abstract:Automated verification has become an essential part in the security evaluation of cryptographic protocols. In this context privacy-type properties are often modelled by indistinguishability statements, expressed as behavioural equivalences in a process calculus. In this paper we contribute both to the theory and practice of this verification problem. We establish new complexity results for static equivalence, trace equivalence and labelled bisimilarity and provide a decision procedure for these equivalences in the case of a bounded number of protocol sessions. Our procedure is the first to decide trace equivalence and labelled bisimilarity exactly for a large variety of cryptographic primitives -- those that can be represented by a subterm convergent destructor rewrite system. We also implemented the procedure in a new tool, DeepSec. We showed through extensive experiments that it is significantly more efficient than other similar tools, while at the same time raises the scope of the protocols that can be analysed.

Cryptography and Security

Jakub Szefer,Tianwei Zhang,Ruby B. Lee

DOI: https://doi.org/10.48550/arXiv.1807.01854

2018-07-05

Abstract:We present a new and practical framework for security verification of secure architectures. Specifically, we break the verification task into external verification and internal verification. External verification considers the external protocols, i.e. interactions between users, compute servers, network entities, etc. Meanwhile, internal verification considers the interactions between hardware and software components within each server. This verification framework is general-purpose and can be applied to a stand-alone server, or a large-scale distributed system. We evaluate our verification method on the CloudMonatt and HyperWall architectures as examples.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Li Li,Jun Sun,Yang Liu,Meng Sun,Jin Song Dong

DOI: https://doi.org/10.1109/TSE.2017.2712621

IF: 7.4

2018-01-01

IEEE Transactions on Software Engineering

Abstract:Nowadays, protocols often use time to provide better security. For instance, critical credentials are often associated with expiry dates in system designs. However, using time correctly in protocol design is challenging, due to the lack of time related formal specification and verification techniques. Thus, we propose a comprehensive analysis framework to formally specify as well as automatically ...

R Pradeep,N.R Sunitha,V Ravi,Sushma Verma

DOI: https://doi.org/10.1109/icccnt45670.2019.8944623

2019-07-01

Abstract:Designing a perfect security protocol is a difficult task and requires a good effort and knowledge of Cryptography which is an art of secret writing. In order to achieve high reliability of security protocols, the testing technique is not suitable, because the testing technique has got many drawbacks. To achieve high reliability of security protocols, proving the correctness of security protocols is very much essential. To prove and verify the correctness of security protocols the Formal Verification technique is the best solution because it provides the mathematical proof for the correctness of security protocols. TACACS+ (Terminal Access Controller Access-Control System Plus) [6] is one the important security protocol used by most of the Cisco network communication devices to provide Authentication, Authorization, and Accountability (popularly known as AAA services) services to the host devices. In the proposed work, the TACACS+ security protocol is formally verified using the Model Checking technique. Using the Scyther [12] model checker the Confidentiality and Authentication security properties of TACACS+ security protocol is successfully verified.

Litao Zhou,Jianxing Qin,Qinshi Wang,Andrew W. Appel,Qinxiang Cao

2023-10-26

Abstract:Program verifiers for imperative languages such as C may be annotation-based, in which assertions and invariants are put into source files and then checked, or tactic-based, where proof scripts separate from programs are interactively developed in a proof assistant such as Coq. Annotation verifiers have been more automated and convenient, but some interactive verifiers have richer assertion languages and formal proofs of soundness. We present VST-A, an annotation verifier that uses the rich assertion language of VST, leverages the formal soundness proof of VST, but allows users to describe functional correctness proofs intuitively by inserting assertions. VST-A analyzes control flow graphs, decomposes every C function into control flow paths between assertions, and reduces program verification problems into corresponding straightline Hoare triples. Compared to existing foundational program verification tools like VST and Iris, in VST-A, such decompositions and reductions are allowed to be nonstructural, which makes VST-A more flexible to use. VST-A's decomposition and reduction is defined in Coq, proved sound in Coq, and computed in a call-by-value way in Coq. The soundness proof for reduction is totally logical, independent of the complicated semantic model (and soundness proof) of VST's Hoare triple. Because of the rich assertion language, not all reduced proof goals can be automatically checked, but the system allows users to prove residual proof goals using the full power of the Coq proof assistant.

Programming Languages

Yulun Wu,Bohua Zhan,Bican Xia

2024-03-20

Abstract:We present the design and implementation of a tool for semi-automatic verification of functional specifications of operating system modules. Such verification tasks are traditionally done in interactive theorem provers, where the functionalities of the module are specified at abstract and concrete levels using data such as structures, algebraic datatypes, arrays, maps and so on. In this work, we provide encodings to SMT for these commonly occurring data types. This allows verification conditions to be reduced into a form suitable for SMT solvers. The use of SMT solvers combined with a tactic language allows semi-automatic verification of the specification. We apply the tool to verify functional specification for key parts of the uC-OS/II operating system, based on earlier work giving full verification of the system in Coq. We demonstrate a large reduction in the amount of human effort due to increased level of automation.

Symbolic Computation,Logic in Computer Science