XU Dong-Hong,QI Yong,HOU Di

DOI: https://doi.org/10.3969/j.issn.1002-137X.2007.10.018

2007-01-01

Computer Science

Abstract:Under the situations of effective approach being lack to evaluate the security properties of security protocols, an approach is proposed to construct the security protocol based on SPI calculus or similar process algebra in this pa- per.Applying this approach,the formal description of security protocol can be described effectively,furthermore,the SPI calculus can be implemented.However,there is no any traces to illustrate how to find or design an adapted tool to authenticate the correction of the security properties of the security protocol.In this paper we introduce SPRITE, SPRITE is a tool based on SPI calculus that can guarantee whether is the model and process describing right or not,and design the concrete ways to implement the reflection from abstract SPI calculus to concrete Java code.The approach is illustrated by a typed one way authentication protocol WOO-LAM security protocol.The authentication tool SPRITE generate concrete Java code that can be simple and concrete to describe the security property.It is more adapt to man- kind's understand not just to adapt computer interpretation.

Ge Yi,Huang Wenchao,Xiong Yan

DOI: https://doi.org/10.19734/j.issn.1001-3695.2022.08.0446

2023-01-01

Abstract:With the development of formal analysis technology of security protocols, automatic verification using tools has been realized, but modeling still needs to rely on manual modeling by professionals, which is difficult and costly and limits the further spread of formal analysis technology.In order to improve the automation of formal modeling, this paper proposed a scheme of formal assistant modeling based on security protocol code.Firstly, the method used taint analysis to obtain communication processes and record the cryptographic primitive operations.Then, it constructed the protocol communication state machine according to the sequential relationship between communication processes.Finally, it generated a formal model according to the syntax of Tamarin, a mainstream formal analysis tool for security protocols.Experimental results show that this scheme can gene-rate the key parts of the formal model and improves the degree of automation of the formal modeling, which contributes to the spread of formal analysis technology.

Fusheng Wu,Jinhui Liu,Yanbin Li,Mingtao Ni

DOI: https://doi.org/10.1049/2024/2634744

2024-06-14

IET Information Security

Abstract:The π‐calculus is a basic theory of mobile communication based on the notion of interaction, which, is aimed at analyzing and modeling the behaviors of communication processes in communicating and mobile systems, and is widely applied to the security analysis of cryptographic protocol's design and implementation. But the π‐calculus does not provide seamless logical security analysis, so the logical flaws in the design and the implementation of a cryptographic protocol cannot be discovered in time. This paper introduces logical rules and logical proofs, binary tree, and the KMP algorithm and proposes a new extension of the π‐calculus theory, a logical security analysis method, and an algorithm. The aim is to analyze whether there are logical flaws in the design and the implementation of a cryptographic protocol, to ensure the security of the cryptographic protocol when it is encoded into software and implemented. This paper presents the logical security proof and analysis of the TLS1.3 protocol's interactional implementation process. Empirical results show that the additional extension theory, the logical security analysis method, and the algorithm can effectively analyze whether there are logical flaws in the design and the implementation of a cryptographic protocol.

computer science, information systems, theory & methods

Guoqiang Li,Bochao Liu,Xin Li,Mizuhito Ogawa

2005-01-01

Abstract:Trace analysis, one of the formal methods to verify security protocols, represents every possible runs of the protocols as traces and analyzes whether any unsafe state is reachable. However, the number of states is inflnite because we assume the intruder can generate inflnite messages. In this paper, a typed process calculus inspired by the spi calculus is proposed to model the protocol and the security properties. Then based on the the type information, a parametric system with flnite states is generated and enjoys sound and complete simulation property of the former system.

Yong-Gen GU,Yu-Xi FU,Han ZHU

DOI: https://doi.org/10.3321/j.issn:0254-4164.2007.02.012

2007-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:The analysis and verification of security protocols are very important techniques to guarantee the security properties and the application requirements. Formal methods and automated tools are both necessary and efficient for these purposes. Security protocols are typical distributed concurrent systems, while process calculus is a powerful tool to model distributed concurrent systems. With strong ability of description and formal semantics, process calculus can precisely characterize the interaction between different participants of a security protocol. However, it inherently lack support of data structure. So the authors add a message inference system into process calculus. In this paper, a formal model is proposed for the secrecy analysis of security protocols based on process calculus with message inference. Using this model, the authors define two concepts: one-step reachability and multi-step reachability. Secrecy property can be formally defined and analyzed based on these reachability relations. By a case of study, the authors analyze the TMN protocol in the model. At last, the future direction to perfect the model is pointed.

YG Gu,YX Fu,GQ Li

DOI: https://doi.org/10.1109/pdcat.2005.48

2005-01-01

Abstract:The spi calculus has been proved useful for reasoning about security protocols. It is however difficult to mechanize the equivalence checking in that framework due to the complexity caused by name passing communications. The paper proposes a calculus for the analysis of the security protocols (SPC for short) as a simplification of the spi calculus. SPC can explicitly express environment knowledge, protocol participants and their knowledge. We present its syntax and semantics, and specify some security properties in terms of equivalence relations. Finally two examples of formal verification is given.

Zhitang Li,Yunfeng Xie,Weiming Li

DOI: https://doi.org/10.1117/12.689087

2006-01-01

Abstract:The design of security protocols is difficult and extremely complicated. In this paper, we presents a framework for modeling security protocol, UML extension for security protocol (USP), which makes it possible to the development of security protocols in an intuitive and visual way. For further security analysis of USP model, we refer to a precisely defined semantics of behavioral aspects. The formal semantics of a simplified fragment of UML builds on dynamic semantics of UML State Machines. As a case study, Denning-Sacco protocol will be described with USP. Moreover, the security protocol described with USP can be converted to an implementation or connected with existing formal analysis framework if appropriate converter tools are available.

Fusheng Wu,Jinhui Liu,Yanbing Li,Mingtao Ni

2023-11-01

Abstract:The pi calculus is a basic theory of mobile communication based on the notion of interaction, which, aimed at analyzing and modelling the behaviors of communication process in communicating and mobile systems, is widely applied to the security analysis of cryptographic protocol's design and implementation. But the pi calculus does not provide perfect logic security analysis, so the logic flaws in the design and the implementation of a cryptographic protocol can not be discovered in time. The aim is to analyze whether there are logic flaws in the design and the implementation of a cryptographic protocol, so as to ensure the security of the cryptographic protocol when it is encoded into a software and implemented. This paper introduces logic rules and proofs, binary tree and the KMP algorithm, and proposes a new extension the pi calculus theory, a logic security analysis framework and an algorithm. This paper presents the logic security proof and analysis of TLS1.3 protocol's interactional implementation process. Empirical results show that the new extension theory, the logic security analysis framework and the algorithm can effectively analyze whether there are logic flaws in the design and the implementation of a cryptographic protocol. The security of cryptographic protocols depends not only on cryptographic primitives, but also on the coding of cryptographic protocols and the environment in which they are implemented. The security analysis framework of cryptographic protocol implementation proposed in this paper can ensure the security of protocol implementation.

Cryptography and Security,Logic in Computer Science

Xin-xin Liu,Shao-hua Tang

DOI: https://doi.org/10.3969/j.issn.1000-565X.2013.01.012

2013-01-01

Abstract:In order to implement the formal analysis and verification of the security for automated trust negotiation (ATN), this paper takes the formal analysis methods of security protocols as references and proposes a novel approach to ATN modeling and security verification with the help of the process algebra applied π calculus. In this approach, ATN is formalized as the parallel composition of two processes corresponding to two negotiators, and the process of a negotiator is the static modeling of its certificates and authorization policies. The ATN security is defined as the observational equivalence of the applied π calculus so as to verify not only the security of the authorization policy enforcement but also the privacy of negotiators. With the help of the automatic protocol analyzer ProVerif, the security of ATN is automatically analyzed. Experimental results show that the proposed approach helps to implement automatic security verification with high feasibility and efficiency.

Tieming Chen,Zhenbo Yu,Shijian Li,Bo Chen

DOI: https://doi.org/10.1155/2016/8797568

IF: 2.336

2016-01-01

Journal of Sensors

Abstract:Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN) and wireless body area networks (WBAN), formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the nodemobility related specification for modeling location-based node activity. Then, the traditional Dolev Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

Joshua Guttman

DOI: https://doi.org/10.4204/EPTCS.8.5

2009-11-11

Abstract:A model-theoretic approach can establish security theorems for cryptographic protocols. Formulas expressing authentication and non-disclosure properties of protocols have a special form. They are quantified implications for all xs . (phi implies for some ys . psi). Models (interpretations) for these formulas are *skeletons*, partially ordered structures consisting of a number of local protocol behaviors. Realized skeletons contain enough local sessions to explain all the behavior, when combined with some possible adversary behaviors. We show two results. (1) If phi is the antecedent of a security goal, then there is a skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there is a homomorphism from A_phi to B. (2) A protocol enforces for all xs . (phi implies for some ys . psi) iff every realized homomorphic image of A_phi satisfies psi. Hence, to verify a security goal, one can use the Cryptographic Protocol Shapes Analyzer CPSA (TACAS, 2007) to identify minimal realized skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in each of these shapes, then the goal holds.

Cryptography and Security,Logic in Computer Science

Yonggen Gu,Yuxi Fu,Yang Li,Xiaoju Dong

DOI: https://doi.org/10.1109/CIT.2005.12

2005-01-01

Abstract:Formal methods have proved useful in the analysis of security protocols. In this paper, we propose a generic model for symbolic analyzing security protocols (GSPM for short) that supports message passing semantics and constructs for modelling the behavior of protocol participants. GSPM is simple, but it is expressive enough to express security protocols and properties in a precise and faithful manner. In order to address that the execution of a protocol generates infinitely many paths, we use symbolic method. Based on GSPM, it is shown how security properties such as confidentiality, authentication, non-repudiation, fairness and anonymity can be described.

CHEN Qiang,HUANG Lian-sheng,ZHAO Xiu-wen

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.06.033

2006-01-01

Abstract:This paper presents a combined analysis method for security protocols.By specifying security protocols using Common Authentication Protocol Specification Language,then convert CAPSL specification into formal inputs for other analysis tools by connector.This method can utilize the advantage of various analysis tools and ensure the accuracy of formal analysis.Meanwhile,it is convenient for analyzer.We design two CAPSL connector and give an instance.

Yonggen Gu,Yuxi Fu,Farong Zhong,Han Zhu

DOI: https://doi.org/10.1007/11560326_9

2005-01-01

Abstract:Formal methods have proved useful in the analysis of security protocols. The paper proposes a generic model for the analysis of the security protocols (GSPM for short) that supports message passing semantics and constructs for modelling the behavior of agents. GSPM is simple, but it is expressive enough to express security protocols and properties in a precise and faithful manner. Using GSPM it is shown how security properties such as confidentiality, authentication, non-repudiation, fairness, and anonymity can be described. Finally an example of formal verification is illustrated.

Martín Abadi,Bruno Blanchet,Cédric Fournet

DOI: https://doi.org/10.48550/arXiv.1609.03003

2017-07-29

Abstract:We study the interaction of the programming construct "new", which generates statically scoped names, with communication via messages on channels. This interaction is crucial in security protocols, which are the main motivating examples for our work, it also appears in other programming-language contexts. We define the applied pi calculus, a simple, general extension of the pi calculus in which values can be formed from names via the application of built-in functions, subject to equations, and be sent as messages. (In contrast, the pure pi calculus lacks built-in functions, its only messages are atomic names.) We develop semantics and proof techniques for this extended language and apply them in reasoning about security protocols. This paper essentially subsumes the conference paper that introduced the applied pi calculus in 2001. It fills gaps, incorporates improvements, and further explains and studies the applied pi calculus. Since 2001, the applied pi calculus has been the basis for much further work, described in many research publications and sometimes embodied in useful software, such as the tool ProVerif, which relies on the applied pi calculus to support the specification and automatic analysis of security protocols. Although this paper does not aim to be a complete review of the subject, it benefits from that further work and provides better foundations for some of it. In particular, the applied pi calculus has evolved through its implementation in ProVerif, and the present definition reflects that evolution.

Cryptography and Security,Logic in Computer Science

Qian Zhang,Ying Jiang,Liping Ding

DOI: https://doi.org/10.48550/arXiv.1507.06769

2015-07-24

Cryptography and Security

Abstract:In this work, we propose a probabilistic value-passing CCS (Calculus of Communicating System) approach to model and analyze a typical network security scenario with one attacker and one defender. By minimizing this model with respect to probabilistic bisimulation and abstracting it through graph-theoretic methods, two algorithms based on backward induction are designed to compute Nash Equilibrium strategy and Social Optimal strategy respectively. For each algorithm, the correctness is proved and an implementation is realized. Finally, this approach is illustrated by a detailed case study.

Yonggen Gu,Guoqiang Li,Yuxi Fu

DOI: https://doi.org/10.1007/978-3-540-30497-5_136

2004-01-01

Abstract:The security for electronic payments is very important in electronic commerce. Many electronic payment protocols have been proposed recently to meet the security requirements. Since the design of a protocol is a difficult and error-prone task, the use of formal methods that allow for the verification of such protocols has received increasing attention. In this paper we take a look at the iKP from the point of view of the applied pi calculus. The iKP is described in the calculus and some security properties, mainly the authentication and anonymity properties, are verified.

Weilin CHEN,Hao ZHOU,Baohua ZHAO

DOI: https://doi.org/10.3321/j.issn:0253-987X.2008.12.010

2008-01-01

Abstract:Considering the data flow description in protocol security testing, mutation analysis is introduced based on constructed type algebra, and a new protocol security testing method is proposed. Mutant operators are designed based on protocol specification, security mutation formulas are generated from existing conformance testing expressions, and then practical security testing cases are transformed from these formulas. The steps of protocol security testing using the method are described. The method is well integrated with conformance testing to cover some known protocol security vulnerabilities, and has the ability to reveal potential problems.

Qin Li,Qingkai Zeng

DOI: https://doi.org/10.1109/nss.2009.12

2009-01-01

Abstract:We present a calculus of concurrent objects for specification and security analysis of ad hoc security protocols. The communicating nodes and the network are modeled by objects, while the interactions between them are modeled by asynchronous method invocations. The internal state of an object is represented by a constant method which can be overridden. The approach is complemented by a control flow analysis which can be used to automatically check properties such as security routing. The attacker model is integrated into the analysis as set values containing the knowledge of the attacker.

Li Zhou,Xia Yin,Zhiliang Wang

DOI: https://doi.org/10.1109/icstw.2011.18

2011-01-01

Abstract:Protocol security testing is an important technique to ensure the security of communication protocols. However, methods considering both effective detection to specification vulnerabilities and efficient testing on protocol implementations are not well developed. In this paper, we present a general method for protocol security testing including protocol verification with SPIN model checker and protocol testing with formal testing language TTCN-3. We use threat model to model malicious entities and import the classification of information security to achieve a complete analysis of security requirements for protocol verification. We also develop a SPIN Trail to TTCN-3(st2ttcn) conversion tool to generate test cases automatically from counter examples obtained from model checking. As a case study, we apply our approach to the security testing of Source Address Validation Improvements (SAVI) protocol. We test two versions of SAVI-DHCP protocol. Security vulnerabilities have been found and tested in corresponding implementations.