Chao-jing TANG,Zhi-yong LU,Chao FENG

DOI: https://doi.org/10.3969/j.issn.0372-2112.2014.06.022

2014-01-01

Abstract:This paper proposes a logic for verifying security protocols in the computational model ,which can describe the computation and communication actions precisely .We present a cryptographically sound proof system on the logic and can formalize the various security properties for encryption algorithms directly .During the research ,several unsoundness of the formalization with the computational protocol compositional logic in prior work is discovered ,and corresponding solutions are proposed .By proving the security properties for the Needham-Schroeder-Lowe protocol ,the power of the logic is demonstrated .Being different from most of the current verification approaches ,this logic reasons about the security of protocols from the security of cryptographic algorithms forwardly ,and is both easy to use and cryptographically sound .

LIU Ying-jie,YAO Zheng-an

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.23.057

2007-01-01

Abstract:This paper presents a new logic which can be used to analyze security protocols.There is no necessity to idealize protocols when analyzing authentication protocols,which can avoid analysis errors caused by informal idealization.The new logic can be used to analyze accountability and fairness in electronic commerce protocols including the real-world protocols.The process of analyzing protocols is concise and can be implemented automatically.

Michael Burrows,Martin Abadi,Roger Needham

DOI: https://doi.org/10.1145/77648.77649

1990-02-01

ACM Transactions on Computer Systems

Abstract:Authentication protocols are the basis of security in many distributed systems, and it is therefore essential to ensure that these protocols function correctly. Unfortunately, their design has been extremely error prone. Most of the protocols found in the literature contain redundancies or security flaws. A simple logic has allowed us to describe the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication. We have been able to explain a variety of authentication protocols formally, to discover subtleties and errors in them, and to suggest improvements. In this paper we present the logic and then give the results of our analysis of four published protocols, chosen either because of their practical importance or because they serve to illustrate our method.

computer science, theory & methods

M Benerecetti,F Giunchiglia

DOI: https://doi.org/10.1007/978-0-387-35533-7_25

2000-01-01

Abstract:In this paper we show how model checking can be used for the verification of security protocols using a logic of belief. We model principals as processes able to have beliefs. The idea underlying the approach is to treat separately the temporal evolution and the belief aspects of principals. Therefore, when we consider the temporal evolution, belief formulae are treated as atomic propositions; while the fact that principal A has beliefs about another principal B is modeled as the fact that A has access to a representation of B as a process. As a motivating example, we use the framework proposed to formalize the Andrew protocol.

Luo JunZhou,Yang Ming

DOI: https://doi.org/10.1007/s11432-007-0015-8

2007-01-01

Science in China Series F Information Sciences

Abstract:Security protocol is specified as the procedure of challenge-response, which uses applied cryptography to confirm the existence of other principals and fulfill some data negotiation such as session keys. Most of the existing analysis methods, which either adopt theorem proving techniques such as state exploration or logic reasoning techniques such as authentication logic, face the conflicts between analysis power and operability. To solve the problem, a new efficient method is proposed that provides SSM semantics-based definition of secrecy and authentication goals and applies authentication logic as fundamental analysis techniques, in which secrecy analysis is split into two parts: Explicit-information-Leakage and Implicit-Information-Leakage, and correspondence analysis is concluded as the analysis of the existence relationship of Strands and the agreement of Strand parameters. This new method owns both the power of the Strand Space Model and concision of authentication logic.

Yongjian Li,Hongjian Jiang,Yongxin Zhao

DOI: https://doi.org/10.1007/978-3-031-64626-3_18

2024-01-01

Abstract:Security protocols are essential to ensure privacy, integrity, and authentication. However, to guarantee the security objectives of a protocol, formal tools are necessary. Currently, existing formal tools employ specific input languages to model protocols. Typically, protocols are presented in strand space specification format in textbooks, which depict the messages shared among trusted communication participants during a correct protocol operation. Strand space specifications prioritize conciseness and readability over formal preciseness, and their formal semantics are only considered and clarified in specific contexts. Therefore, a gap exists between strand space specifications and the modelling languages of formal tools. To address this issue, we propose a verified security scheme with the operational semantics of strand space. We successfully tested our framework on several typical protocol benchmarks using the model checker Murphi and identified potential attacks on them. In summary, our framework offers an innovative and comprehensible scheme for model checking security protocols.

Y Lee,XY Chen,XQ Tong,JZ Luo

DOI: https://doi.org/10.1109/tencon.2002.1181249

2002-01-01

Abstract:The security of communication protocols needs to be considered in a distributed network system, and the formal analysis is one of most important methods in evaluating the security of a protocol. However there is a lack of effective formal analysis tools in analyzing the security of a protocol. In this paper we raise a formal logic used for analyzing security of a protocol, the Select Accept Dynamic Logic. and describe successfully the attack act to the communication protocols - the TMN (Tatebayashi et al. (1990)) protocol and the Needham-Schroeder (1978) protocol - with this logic. The Select Accept Dynamic Logic will provide a new effective tool for the analysis of protocols.

Joshua Guttman

DOI: https://doi.org/10.4204/EPTCS.8.5

2009-11-11

Abstract:A model-theoretic approach can establish security theorems for cryptographic protocols. Formulas expressing authentication and non-disclosure properties of protocols have a special form. They are quantified implications for all xs . (phi implies for some ys . psi). Models (interpretations) for these formulas are *skeletons*, partially ordered structures consisting of a number of local protocol behaviors. Realized skeletons contain enough local sessions to explain all the behavior, when combined with some possible adversary behaviors. We show two results. (1) If phi is the antecedent of a security goal, then there is a skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there is a homomorphism from A_phi to B. (2) A protocol enforces for all xs . (phi implies for some ys . psi) iff every realized homomorphic image of A_phi satisfies psi. Hence, to verify a security goal, one can use the Cryptographic Protocol Shapes Analyzer CPSA (TACAS, 2007) to identify minimal realized skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in each of these shapes, then the goal holds.

Cryptography and Security,Logic in Computer Science

Meng-Jun LI,Zhou-Jun LI,Huo-Wang CHEN

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.09.022

2006-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Based on analyzing and pointing out the limitations for constructing counter-examples of the security protocol's Horn logic model and its verification method proposed by Bruno Blanchet and Martin Abadi, the security protocol's extended Horn logic model and the modified-version verification method are presented such that the counter-examples are able to be constructed from them automatically. In the authors' verifier SPVT developed based on the functional programming language Objective Caml, these algorithms are implemented and their correctness are proved.

Yuelei XIAO,Zhixiang ZHU,Yong ZHANG

DOI: https://doi.org/10.13682/j.issn.2095-6533.2015.05.003

2015-01-01

Abstract:By analyzing the process of security protocols,the definition of driving module (DM) is introduced,and then regular and penetrator DMs are formed according to the Strand Space Model (SSM).Based on this,a DM-based model checking method is proposed.Theoretical analysis indicates that this method is prefect in terms of searching breadth and depth,and can avoid the state space explosion problem.Therefore,this method can be used not only to get the attack scenarios of a flawed security protocol,but also to prove that an unflawed security protocol is secure.Moreover,the Otway-Rees protocol and the TLS protocol are analyzed based on this method.As a result,various attack scenarios of the Otway-Rees protocol are discovered and two secure improved Otway-Rees protocols are put forward,and therefore the TLS protocol is proved to be secure.

Chen-Xiao MAO,Wen-Jian LUO,Xu-Fa WANG

DOI: https://doi.org/10.3321/j.issn:0254-4164.2007.06.006

2007-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:In the field of security protocol formal verification, it is a new challenge to analyze security protocol guessing attacks. CKT5 logic, used as the base, is significantly extended in several aspects. Both public key cryptography and Vernam encryption are added to symmetric key cryptography of the original logic, which makes it more powerful in expressing security protocols. Perfect encryption hypothesis is not obeyed any more, and a series of definitions and rules are given to allow principals to guess and verify passwords. Theorems and lemmas given in this paper can describe features of on-line guessing attacks, and simplify the analysis procedure of guessing attacks. The extended logic can be used to analyze guessing attacks on security protocols including on-line guessing attacks.

MY Mao,ZC Chen,HC He

DOI: https://doi.org/10.1109/icmlc.2005.1527381

2005-01-01

Abstract:In these years, universal logic has developed greatly. As a kind of concrete universal logic, authentic logic is used to analyze the security of cryptographic protocols. This paper firstly puts forward relational conceptions and gives the structure's expression of object-oriented universal logic. Then authors analyze the logic structure's expression of authentic logic with the example: BAN logic. Using the conceptions of general correlation and general self-correlation, authors discuss the applicability and correlation of authentic logic. This work can contribute to perfecting authentic logic in artificial intelligence reasoning, and offering a new expression way of universal logic.

Shafi Goldwasser,Silvio Micali,Andrew Chi-chih Yao

DOI: https://doi.org/10.1007/978-1-4757-0602-4_20

1982-01-01

Abstract:The design of cryptographic protocols using trapdoor and one-way functions has received considerable attention in the past few years [1–8]. More recently, attention has been paid to provide rigorous correctness proofs based on simple mathematical assumptions, for example, in coin flipping (Blum [1]), mental poker (Goldwasser and Micali [4]). It is perhaps reasonable to speculate at this time that all cryptographic protocols can eventually be designed to be provably secure under simple assumptions, such as factoring large numbers or inverting RSA functions are computationally intractable in the appropriate sense.

毛中全,刘楠,顾纯祥,祝跃飞

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.13.054

2008-01-01

Abstract:This paper proposes a formal model based on state transition system. Dolev-Yao intruder model are assumed, and based on state transition system, message and event are semantically encoded, protocol rule are defined by rewrite relation, and security properties are descripted by event set. It proposes inspection strategy for security properties. The model can give accurate formal specifications for security protocols, and is easy to realize automatic analysis.

Li Li,Jun Sun,Yang Liu,Meng Sun,Jin Song Dong

DOI: https://doi.org/10.1109/TSE.2017.2712621

IF: 7.4

2018-01-01

IEEE Transactions on Software Engineering

Abstract:Nowadays, protocols often use time to provide better security. For instance, critical credentials are often associated with expiry dates in system designs. However, using time correctly in protocol design is challenging, due to the lack of time related formal specification and verification techniques. Thus, we propose a comprehensive analysis framework to formally specify as well as automatically ...

Yan Xiong,Cheng Su,Wenchao Huang,Fuyou Miao,Wansen Wang,Hengyi Ouyang

DOI: https://doi.org/10.48550/arxiv.1807.00669

2018-01-01

Abstract:Current formal approaches have been successfully used to find design flaws in many security protocols. However, it is still challenging to automatically analyze protocols due to their large or infinite state spaces. In this paper, we propose a novel framework that can automatically verifying security protocols without any human intervention. Experimental results show that SmartVerif automatically verifies security protocols that cannot be automatically verified by existing approaches. The case study also validates the effectiveness of our dynamic strategy.

宋震,张艳,李舟军,陈火旺

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.08.007

2003-01-01

Computer Science

Abstract:Security protocols use cryptography system to complete the tasks of principal identity authentication andseccion key distribution. The correctness of security protocols is of vital importance to ensure the security of the Inter-net application. Formal methods have been proved to be a valid approach to analyze and verify security protocols. Thispaper briefly introduces the three main styles in the field of security protocol analysis and their representative work.After that,it points out the future deveopment direction.

Bruno Montalto

DOI: https://doi.org/10.3929/ethz-a-010349801

Abstract:Security protocols are distributed programs designed to ensure secure communication in a network controlled by an adversary. They are widely used today for securing on-line services such as personal communication and electronic voting. Their design is notoriously error-prone, and a great deal of research has been devoted to their analysis. In this thesis we provide two main contributions towards the automated analysis of such protocols: algorithms for the symbolic analysis of equivalence properties, and a symbolic probabilistic framework for security protocol analysis. We consider the problem of verifying two equivalence properties relevant in protocol analysis: static equivalence and trace equivalence. Both notions model the property that an attacker cannot distinguish between two protocol executions, and they have been used to model security goals such as off-line guessing, electronic voting anonymity, and RFID untraceability. Static equivalence is concerned with an attacker who passively eavesdrop on a network and then tries to distinguish between possible executions by performing off-line computations. Trace equivalence is used in the analysis of security properties against an attacker who may participate actively in protocol execution. We present an efficient decision procedure for static equivalence under equational theories generated by subterm convergent rewriting systems. This class of theories encompasses the most common cryptographic primitives, including symmetric and asymmetric encryption and decryption, hash functions and digital signatures. Our algorithm achieves a better asymptotic complexity than competing algorithms, albeit with a narrower scope. We discuss its implementation in the FAST tool and show that it indeed performs much more efficiently than other existing tools for the same task. We also present a procedure for deciding the trace equivalence of bounded simple processes under equational theories generated by convergent rewriting systems and for which a finitary unification algorithm exists. Although we do not have a termination result, our procedure is correct for the largest class of equational theories handled by any existing procedure for deciding trace equivalence and, together with the work by Cheval et. al [64], it is the only one to handle non-trivial else branches. Finally, we introduce a symbolic probabilistic framework for the analysis of security protocols. Our framework provides a general method for expressing weak-

Computer Science

Yu Dong

2003-01-01

Abstract:Rapid development of networks and communications make security a more crucial problem. To provide security for different systems many communication security protocols are proposed.In this paper,illustrate the formal verific ation requirement for security protocols, also describe several formal verification techniques and set forth the relative merit of each in detail.And the challenges with which formal verification techniques faced are discussed .The researches on these aspects and directions of development are presented.

Tingyuan Li,Xiaodong Liu,Zhiguang Qin,Xuanfang Zhang

DOI: https://doi.org/10.1109/DBTA.2009.26

2009-01-01

Abstract:BAN logic can prove whether a protocol can reach expected target and find some flaws in the protocol. The paper analyzed constitute of BAN logic and analysis steps. On the basis of the above work, BAN logic was used to construct an ideal model of the Otway-Rees protocol and the security of the protocol was analyzed with the initial hypothesis and the logic postulate. The paper also pointed out various kinds of demerit of BAN logic and discussed some possible improvement.