Skip to main content
SpringerLink
Log in

A Hybrid Analysis for Security Protocols with State

  • Conference paper
Book cover Integrated Formal Methods (IFM 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8739))

Included in the following conference series:

Abstract

Cryptographic protocols rely on message-passing to coordinate activity among principals. Many richly developed tools, based on well-understood foundations, are available for the design and analysis of pure message-passing protocols. However, in many protocols, a principal uses non-local, mutable state to coordinate its local sessions. Crosssession state poses difficulties for protocol analysis tools.

We provide a framework for modeling stateful protocols, and a hybrid analysis method. We leverage theorem-proving—specifically, PVS—for reasoning about computations over state. An “enrich-by-need” approach—embodied by CPSA—focuses on the message-passing part. The Envelope Protocol, due to Mark Ryan furnishes a case study.

This work partially supported by the US National Security Agency, and partially supported by the National Science Foundation under grant CNS-1116557.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Blanchet, B.: Analyzing security protocols with secrecy types and logic programs. Journal of the ACM 52(1), 102–146 (2005)

    Article  MATH  MathSciNet  Google Scholar 

  2. Ables, K., Ryan, M.D.: Escrowed data and the digital envelope. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 246–256. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Arapinis, M., Ritter, E., Ryan, M.D.: Statverif: Verification of stateful processes. In: Computer Security Foundations Symposium (CSF), pp. 33–47. IEEE (2011)

    Google Scholar 

  4. Blanchet, B.: An efficient protocol verifier based on Prolog rules. In: 14th Computer Security Foundations Workshop, pp. 82–96. IEEE CS Press (June 2001)

    Google Scholar 

  5. Cortier, V., Keighren, G., Steel, G.: Automatic analysis of the security of XOR-based key management schemes. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 538–552. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  6. Cortier, V., Steel, G.: A generic security API for symmetric key management on cryptographic devices. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 605–620. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  7. Cremers, C., Mauw, S.: Operational semantics and verification of security protocols. Springer (2012)

    Google Scholar 

  8. Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: A derivation system and compositional logic for security protocols. Journal of Computer Security 13(3), 423–482 (2005)

    Google Scholar 

  9. Datta, A., Franklin, J., Garg, D., Kaynar, D.: A logic of secure systems and its application to trusted computing. In: 30th IEEE Symposium on Security and Privacy, pp. 221–236. IEEE (2009)

    Google Scholar 

  10. Delaune, S., Kremer, S., Ryan, M.D., Steel, G.: A formal analysis of authentication in the TPM. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 111–125. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  11. Delaune, S., Kremer, S., Ryan, M.D., Steel, G.: Formal analysis of protocols based on TPM state registers. In: IEEE Symposium on Computer Security Foundations. IEEE CS Press (June 2011)

    Google Scholar 

  12. Fröschle, S., Sommer, N.: Reasoning with past to prove PKCS#11 keys secure. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 96–110. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  13. Gürgens, S., Rudolph, C., Scheuermann, D., Atts, M., Plaga, R.: Security evaluation of scenarios based on the TCG’s TPM specification. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 438–453. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Guttman, J.D.: State and progress in strand spaces: Proving fair exchange. Journal of Automated Reasoning 48(2), 159–195 (2012)

    Article  MATH  MathSciNet  Google Scholar 

  15. Guttman, J.D.: Establishing and preserving protocol security goals. Journal of Computer Security (2014)

    Google Scholar 

  16. Herzog, J.: Applying protocol analysis to security device interfaces. IEEE Security & Privacy 4(4), 84–87 (2006)

    Article  Google Scholar 

  17. Jacobs, B., Hasuo, I.: Semantics and logic for security protocols. Journal of Computer Security 17(6), 909–944 (2009)

    Google Scholar 

  18. Liskov, M.D., Rowe, P.D., Thayer, F.J.: Completeness of CPSA. Technical Report MTR110479, The MITRE Corporation (March 2011), http://www.mitre.org/publications/technical-papers/completeness-of-cpsa

  19. Meier, S., Cremers, C., Basin, D.: Efficient construction of machine-checked symbolic protocol security proofs. Journal of Computer Security 21(1), 41–87 (2013)

    Google Scholar 

  20. Mödersheim, S.: Abstraction by set-membership: verifying security protocols and web services with databases. In: ACM Conference on Computer and Communications Security, pp. 351–360 (2010)

    Google Scholar 

  21. Owre, S., Rushby, J.M., Shankar, N.: PVS: A prototype verification system. In Deepak Kapur, editor, 11th International Conference on Automated Deduction (CADE). In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 748–752. Springer, Heidelberg (1992), http://pvs.csl.sri.com

    Google Scholar 

  22. Ramsdell, J.D.: Deducing security goals from shape analysis sentences. The MITRE Corporation (April 2012), http://arxiv.org/abs/1204.0480

  23. Ramsdell, J.D.: Proving security goals with shape analysis sentences. Technical Report MTR130488, The MITRE Corporation (September 2013), http://arxiv.org/abs/1403.3563

  24. Ramsdell, J.D., Guttman, J.D.: CPSA: A cryptographic protocol shapes analyzer (2009), http://hackage.haskell.org/package/cpsa

  25. Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7(2/3), 191–230 (1999)

    Google Scholar 

  26. Youn, P., Adida, B., Bond, M., Clulow, J., Herzog, J., Lin, A., Rivest, R., Anderson, R.: Robbing the bank with a theorem prover. In: Security Protocols Workshop (2007), http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-644.pdf

Download references

Author information

Authors and Affiliations

  1. The MITRE Corporation and Worcester Polytechnic Institute, Worcester, USA

    John D. Ramsdell, Daniel J. Dougherty, Joshua D. Guttman & Paul D. Rowe

Authors
  1. John D. Ramsdell
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel J. Dougherty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joshua D. Guttman
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Paul D. Rowe
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to John D. Ramsdell .

Editor information

Editors and Affiliations

  1. Complutense University of Madrid, Madrid, Spain

    Elvira Albert

  2. McMaster University, Hamilton, Ontario, Canada

    Emil Sekerinski

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Ramsdell, J.D., Dougherty, D.J., Guttman, J.D., Rowe, P.D. (2014). A Hybrid Analysis for Security Protocols with State. In: Albert, E., Sekerinski, E. (eds) Integrated Formal Methods. IFM 2014. Lecture Notes in Computer Science(), vol 8739. Springer, Cham. https://doi.org/10.1007/978-3-319-10181-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10181-1_17

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10180-4

  • Online ISBN: 978-3-319-10181-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation