Yuelei XIAO,Zhixiang ZHU,Yong ZHANG

DOI: https://doi.org/10.13682/j.issn.2095-6533.2015.05.003

2015-01-01

Abstract:By analyzing the process of security protocols,the definition of driving module (DM) is introduced,and then regular and penetrator DMs are formed according to the Strand Space Model (SSM).Based on this,a DM-based model checking method is proposed.Theoretical analysis indicates that this method is prefect in terms of searching breadth and depth,and can avoid the state space explosion problem.Therefore,this method can be used not only to get the attack scenarios of a flawed security protocol,but also to prove that an unflawed security protocol is secure.Moreover,the Otway-Rees protocol and the TLS protocol are analyzed based on this method.As a result,various attack scenarios of the Otway-Rees protocol are discovered and two secure improved Otway-Rees protocols are put forward,and therefore the TLS protocol is proved to be secure.

Weiwen Xu,Xinda Lu

2003-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:This paper develops a way of verifying authentication protocols using model checking. Model checking has been proven to be a very useful technique for verifying hardware designs. By modeling circuits as finite-state machines, and exploring all possible execution traces, model checking can find a number of errors in real world designs. Like hardware designs, authentication protocols are very subtle, and can also have bugs which are difficult to find. Specially, this paper presents a simpler model for modeling and verifying authentication protocols, which not only adapts to the situation with multi-pairs of participants but also efficiently reduces the sizes of the state space and avoids states explosion problem mentioned in previous literatures. Also this paper implements the model using Model Checker Spin. Needham-Schroeder Public Key protocol and TMN protocol examples are illustrated to show how this framework is applied.

Guoqiang Li,Bochao Liu,Xin Li,Mizuhito Ogawa

2005-01-01

Abstract:Trace analysis, one of the formal methods to verify security protocols, represents every possible runs of the protocols as traces and analyzes whether any unsafe state is reachable. However, the number of states is inflnite because we assume the intruder can generate inflnite messages. In this paper, a typed process calculus inspired by the spi calculus is proposed to model the protocol and the security properties. Then based on the the type information, a parametric system with flnite states is generated and enjoys sound and complete simulation property of the former system.

Guoqiang Li,Mizuhito Ogawa

DOI: https://doi.org/10.1007/978-3-540-75596-8_36

2007-01-01

Abstract:A fair non-repudiation protocol should guarantee, (1) when a sender sends a message to a receiver, neither the sender nor the receiver can deny having participated in this communication; (2) no principals can obtain evidence while the other principals cannot do so. This paper extends the model in our previous work [12], and gives a sound and complete on-the-fly model checking method for fair non-repudiation protocols under the assumption of a bounded number of sessions. We also implement the method using Maude. Our experiments automatically detect flaws of several fair non-repudiation protocols.

Weiqiang Kong,Kazuhiro Ogata,Kokichi Futatsugi

2005-01-01

Abstract:We describe how to model-check observational transition systems, or OTSs with Maude. Maude is a specification and programming language based on rewriting logic. We describe how to write OTSs in Maude and how to model-check them with the Maude LTL model-checker. We demonstrate our method using a case study - model- checking a workflow system that deals with travel expense reimbursement. The main goal of our analysis is to check whether the existence of security consideration will prevent completion of the execution of the workflow.

Yuhong Zhao,Franz J. Rammig

DOI: https://doi.org/10.1109/isorc.2012.28

2012-01-01

Abstract:This paper presents a lightweight verification technique, which is applicable to dependable real-time systems, provided that the (abstract) model and the (concrete) implementation of the system under test are given in advance. In addition to the usual quality assurance techniques at design time (e.g., formal verification) and at implementation time (e.g., testing), we provide a special form of model checking at run time. That is, we check the correctness of an actual system execution by means of exploring a partial model space covering the current execution trace. In doing so, concrete state information is observed from time to time while the system to be checked is running. This runtime information is used to guide model checking to reduce the model space to be explored. In this sense, we call this method online model checking. Since we do not directly check the execution trace itself, our online checking at model level is capable of checking a running system some steps ahead of the actual state of execution. In this paper, we describe online model checking as well as the underlying system architecture in general, explain the basic algorithm and its extension to improve performance, and provide experimental results.

Tieming Chen,Zhenbo Yu,Shijian Li,Bo Chen

DOI: https://doi.org/10.1155/2016/8797568

IF: 2.336

2016-01-01

Journal of Sensors

Abstract:Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN) and wireless body area networks (WBAN), formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the nodemobility related specification for modeling location-based node activity. Then, the traditional Dolev Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

Xiangyu Luo,Yan Chen,Ming Gu,Lijun Wu

DOI: https://doi.org/10.1109/nswctc.2009.384

2009-01-01

Abstract:Formal verification approaches can guarantee the correctness of security protocols. In this paper we take the well-known Needham-Schroeder public-key authentication protocol as an example, to show how we can apply the symbolic model checker for multiagent systems MCTK, which is developed by us, to the verification of security protocols. One temporal epistemic property is checked successfully both in the original version and the Lowe's revised version of the Needham-Schroeder protocol. The experimental result shows that our method is an effective way to the verification of security protocol.

张玉清,吴建平,李星

DOI: https://doi.org/10.3969/j.issn.1002-137X.2001.08.012

2001-01-01

Abstract:Model checking can aid the design,analysis,and verification of the cryptographic protocols used over open networks and distributed systems. In this paper we give a survey of the state of model checking to the analysis of cryptographic protocols. We attempt to outline some of the major threads of research in this area ,and also to make a suggestion of future work. These conclusions will facilitate the development of using model checker for analysis of cryptographic protocols.

Sebastian Mödersheim,Luca Viganò

DOI: https://doi.org/10.1007/978-3-642-03829-7_6

2009-01-01

Abstract:We introduce the Open-source Fixed-point Model Checker OFMC for symbolic security protocol analysis, which extends the On-the-fly Model Checker (the previous OFMC). The native input language of OFMC is the AVISPA Intermediate Format IF. OFMC also supports AnB, a new Alice-and-Bob-style language that extends previous similar languages with support for algebraic properties of cryptographic operators and with a simple notation for different kinds of channels that can be used both as assumptions and as protocol goals. AnB specifications are automatically translated to IF.OFMC performs both protocol falsification and bounded session verification by exploring, in a demand-driven way, the transition system resulting from an IF specification. OFMC’s effectiveness is due to the integration of a number of symbolic, constraint-based techniques, which are correct and terminating. The two major techniques are the lazy intruder, which is a symbolic representation of the intruder, and constraint differentiation, which is a general search-reduction technique that integrates the lazy intruder with ideas from partial-order reduction. Moreover, OFMC allows one to analyze security protocols with respect to an algebraic theory of the employed cryptographic operators, which can be specified as part of the input. We also sketch the ongoing integration of fixed-point-based techniques for protocol verification for an unbounded number of sessions.

Michele Boreale,Maria Grazia Buscemi

DOI: https://doi.org/10.1016/j.tcs.2005.03.044

IF: 1.002

2005-06-01

Theoretical Computer Science

Abstract:In security protocols, message exchange between the intruder and honest participants induces a form of state explosion which makes protocol models infinite. We propose a general method for automatic analysis of security protocols based on the notion of frame, essentially a rewrite system plus a set of distinguished terms called messages. Frames are intended to model generic crypto-systems. Based on frames, we introduce a process language akin to Abadi and Fournet's applied pi. For this language, we define a symbolic operational semantics that relies on unification and provides finite and effective protocol models. Next, we give a method to carry out trace analysis directly on the symbolic model. We spell out a regularity condition on the underlying frame, which guarantees completeness of our method for the considered class of properties, including secrecy and various forms of authentication. We show how to instantiate our method to some of the most common crypto-systems, including shared- and public-key encryption, hashing and Diffie–Hellman key exchange.

computer science, theory & methods

ZHANG Yu-qing,WANG Lei,XIAO Guo-zhen,WU Jian-ping

2000-01-01

Journal of Software

Abstract:It is an important and hard problem in the area of computer network security to analyze cryptographic protocols. A methodology is presented using a model checke r of formal methods, SMV (symbolic model verifier), to analyze the well known Ne edham-Schroeder Public-Key Protocol. The SMV is used to discover an attack upo n the protocol, which has never been discovered by BAN logic. Finally, the proto col is adapted, and then the SMV is used to show that the new protocol is secure .

You Li,Kaiyu Hou,Hai Zhou,Yan Chen

DOI: https://doi.org/10.1145/3405837.3411377

2020-01-01

Abstract:Model checking techniques can verify correctness properties by exhaustively traversing the state space of a formal model. A large number of works [1, 4, 5] done by networking researchers use model checking. Each of the works comes with one or more formal models, which constitutes a valuable asset for the networking security research community. Nevertheless, we find these works do not fully exploit the potentials of their models.

Qurat ul Ain Nizamani,Emilio Tuosto

DOI: https://doi.org/10.4204/EPTCS.7.5

2009-10-21

Abstract:Model checking is an automatic verification technique to verify hardware and software systems. However it suffers from state-space explosion problem. In this paper we address this problem in the context of cryptographic protocols by proposing a security property-dependent heuristic. The heuristic weights the state space by exploiting the security formulae; the weights may then be used to explore the state space when searching for attacks.

Cryptography and Security,Logic in Computer Science,Programming Languages

Massimo Benerecetti,Fausto Giunchiglia

DOI: https://doi.org/10.1007/3-540-45484-5_1

2000-01-01

Abstract:Model checking is a very successful technique which has been applied in the design and verification of finite state concurrent reactive processes. This technique can be lifted to be applicable to multiagent systems. Our approach allows us to reuse the technology and tools developed in model checking, to design and verify multiagent systems in a modular and incremental way, and also to have a very efficient model checking algorithm. The paper investigates the applicability of our multiagent model checking framework to the analysis of a relevant class of multiagent protocols, namely security protocols.

Daniela Lepri,Peter Csaba Ölveczky,Erika Ábrahám

DOI: https://doi.org/10.4204/EPTCS.36.7

2010-09-22

Abstract:This paper presents a transformational approach for model checking two important classes of metric temporal logic (MTL) properties, namely, bounded response and minimum separation, for nonhierarchical object-oriented Real-Time Maude specifications. We prove the correctness of our model checking algorithms, which terminate under reasonable non-Zeno-ness assumptions when the reachable state space is finite. These new model checking features have been integrated into Real-Time Maude, and are used to analyze a network of medical devices and a 4-way traffic intersection system.

Logic in Computer Science

Kevin Morio,Robert Künnemann

DOI: https://doi.org/10.1145/3658644.3690197

2024-09-05

Abstract:There exists a verification gap between formal protocol specifications and their actual implementations, which this work aims to bridge via monitoring for compliance to the formal specification. We instrument the networking and cryptographic library the application uses to obtain a stream of events. This is possible even without source code access. We then use an efficient algorithm to match these observations to traces that are valid in the specification model. In contrast to prior work, our algorithm can handle non-determinism and thus, multiple sessions. It also achieves a low overhead, which we demonstrate on the WireGuard reference implementation and a case study from prior work. We find that the reference Tamarin model for WireGuard can be used with little change: We only need to specify wire formats and correct some small inaccuracies that we discovered while conducting the case study. We also provide a soundness result for our algorithm that ensures it accepts only event streams that are valid according to the specification model.

Cryptography and Security

刘锋,李舟军,李梦君,宋震,张艳

DOI: https://doi.org/10.3969/j.issn.1007-130x.2004.02.009

2004-01-01

Abstract:SMV is a symbolic model checking tool based on linear temporal logic. In this paper we verify the Needham-Schroeder protocol by SMV, and finally find out an attack sequence which is achieved by replaying messages.

LI Xiehua,YANG Shutang,LI Jianhua,ZHU Hongwen

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.13.001

2007-01-01

Abstract:This paper proposes a new checking model based on the authentication tests for security protocol analysis.With the model,each component of the ciphertext is verified to determine its originator,so that the replayed attack can be detected in time.The combination of the check model and authentication tests can overcome the deficiency of the original authentication tests in detecting message replay attacks.The proof of neuman-stubblebine protocol shows that the checking model can detect the type flaw attack efficiently,while the original authentication tests cannot.

Sabina Szymoniak,Olga Siedlecka-Lamch,Mirosław Kurkowski

DOI: https://doi.org/10.1007/978-3-319-92459-5_28

IF: 5.493

2018-01-01

Computer Networks

Abstract:In many verification approaches for security protocols analysis time aspects are omitted. According to this in our work we try to show how these problems are important in this area. To do this we present new ideas as well as methods for calculating and checking several types of time parameters that characterize some time aspects during and after the protocol’s execution. As an example we present the timed analysis in the case of the timed version of the well known the NSPKL protocol (Needham Schroeder Public Key Protocol revised by Lowe). The experimental results obtained using a proprietary tool are also shown. Using this, during the running of the protocol, the “presence” of the Intruder can be followed by observing incorrect time of the protocol execution. As we will see, both those too short and too long allows this.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture