Operational Semantics And Verification Of Security Protocols

Operational Semantics and Verification of Security Protocols

Author : Cas Cremers

Publisher : Springer Science & Business Media

Page : 176 pages

File Size : 10,59 MB

Release : 2012-10-30

Category : Computers

ISBN : 3540786368

Get eBook

Book Description

Security protocols are widely used to ensure secure communications over insecure networks, such as the internet or airwaves. These protocols use strong cryptography to prevent intruders from reading or modifying the messages. However, using cryptography is not enough to ensure their correctness. Combined with their typical small size, which suggests that one could easily assess their correctness, this often results in incorrectly designed protocols. The authors present a methodology for formally describing security protocols and their environment. This methodology includes a model for describing protocols, their execution model, and the intruder model. The models are extended with a number of well-defined security properties, which capture the notions of correct protocols, and secrecy of data. The methodology can be used to prove that protocols satisfy these properties. Based on the model they have developed a tool set called Scyther that can automatically find attacks on security protocols or prove their correctness. In case studies they show the application of the methodology as well as the effectiveness of the analysis tool. The methodology’s strong mathematical basis, the strong separation of concerns in the model, and the accompanying tool set make it ideally suited both for researchers and graduate students of information security or formal methods and for advanced professionals designing critical security protocols.



The Modelling and Analysis of Security Protocols

Author : Peter Ryan

Publisher : Addison-Wesley Professional

Page : 324 pages

File Size : 21,16 MB

Release : 2001

Category : Computers

ISBN :

Get eBook

Book Description

An introduction to CSP - Modelling security protocols in CSP - Expressing protocol goals - Overview of FDR - Casper - Encoding protocols and intruders for FDR - Theorem proving - Simplifying transformations - Other approaches - Prospects and wider issues.





Foundations of Security Analysis and Design

Author : Riccardo Focardi

Publisher : Springer

Page : 406 pages

File Size : 21,83 MB

Release : 2003-06-30

Category : Computers

ISBN : 3540456082

Get eBook

Book Description

Security is a rapidly growing area of computer science, with direct and increasing relevance to real life applications such as Internet transactions, electronic commerce, information protection, network and systems integrity, etc. This volume presents thoroughly revised versions of lectures given by leading security researchers during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design, FOSAD 2000, held in Bertinoro, Italy in September. Mathematical Models of Computer Security (Peter Y.A. Ryan); The Logic of Authentication Protocols (Paul Syversen and Iliano Cervesato); Access Control: Policies, Models, and Mechanisms (Pierangela Samarati and Sabrina de Capitani di Vimercati); Security Goals: Packet Trajectories and Strand Spaces (Joshua D. Guttman); Notes on Nominal Calculi for Security and Mobility (Andrew D. Gordon); Classification of Security Properties (Riccardo Focardi and Roberto Gorrieri).



Logics and Languages for Reliability and Security

Author : Javier Esparza

Publisher : IOS Press

Page : 336 pages

File Size : 48,78 MB

Release : 2010

Category : Computers

ISBN : 160750099X

Get eBook

Book Description

Software-intensive systems are today an integral part of many everyday products. Whilst they provide great benefits regarding ease of use and allow for new applications, they also impose enormous responsibilities. It is vital to ensure that such applicati



Game Semantics for the Specification and Analysis of Security Protocols

Author : Mohamed Saleh

Publisher :

Page : 0 pages

File Size : 19,66 MB

Release : 2008

Category :

ISBN :

Get eBook

Book Description

Security protocols are communication protocols that are used when agents communicate sensitive information in hostile environments. They are meant to achieve security goals such as the secrecy of a piece of communicated information or the authenticity of an agent's identity. Their two main characteristics are the use of cryptographic operations such as encryption or digital signatures and the assumption that communication takes place in the presence of a malicious intruder. It is therefore necessary to make sure that the protocol design is correct and will thus achieve its security goals even when under attack by the intruder. Design verification for security protocols is no easy task; a successful attack on the Needham-Shroeder authentication protocol was discovered 17 years after the protocol had been published. We present a, framework for the specification and analysis of security protocols. The specification language is close to the standard "arrow" notation used by protocol designers and practitioners, however, we add some constructs to declare persistent and fresh knowledge for agents. The analysis that we conduct consists of two stages: Modeling and verification. The model we use for protocols is based on game-semantics, in which the emphasis is put on interaction. The protocol is modeled as a game between the intruder and agents. Verification amounts to finding successful strategies for either the agent or the intruder. For instance, if the protocol goal is to achieve fairness in exchanges between possibly cheating agents, then the verification algorithm searches the game tree to insure that each non-cheating agent is not put at a disadvantage with respect to other agents. In order to he able to specify a wide range of security properties of strategies, we propose a logic having modal, temporal and linear characteristics. The logic is also equipped with a tableau-based proof system that serves as a basis for a model checking algorithm. To validate our approach, we designed and implemented a software environment that verifies protocol specifications against required properties. We use this environment to conduct case studies.





Formal Verification of Advanced Families of Security Protocols

Author : Cyrille Wiedling

Publisher :

Page : 0 pages

File Size : 25,81 MB

Release : 2014

Category :

ISBN :

Get eBook

Book Description

Formal methods have been used to analyze security protocols and several tools have even been developed to tackle automatically different proof techniques and ease the verification of such protocols. However, for electronic voting and APIs, current tools tend to reach their limits because they can't handle some cryptographic primitives, or the security properties, involved in those protocols. We work on two cases studies of existing and deployed systems: a Norwegian e-voting protocol and a CNRS boardroom voting protocol. We analyze them using the applied pi-calculus model and we discuss in details about their security properties, in different corruption scenarios. Even including several reusable results, these proofs are complex and, therefore, expose a real need for automation. Thus, we focus on a possible lead in direction of this needed automation: type-systems. We build upon a recent work describing a new type-system designed to deal with equivalence properties, in order to apply this on the verification of equivalence-based properties in electronic voting like ballot-secrecy. We present an application of this method through Helios, a well-known e-voting system. Another family of advanced security protocols are APIs: secure interfaces devoted to allow access to some information stored into a secured trusted hardware without leaking it outside. Recet work seems to show that these interfaces are also vulnerable. In this thesis, we provide a new design for APIs, including revocation. In addition, we include a formal analysis of this API showing that a malicious combination of API's commands does not leak any key, even when the adversary may brute-force some of them.





Formal Aspects in Security and Trust

Author : Pierpaolo Degano

Publisher : Springer Science & Business Media

Page : 340 pages

File Size : 10,42 MB

Release : 2009-04-09

Category : Business & Economics

ISBN : 364201464X

Get eBook

Book Description

This book constitutes the thoroughly refereed post-workshop proceedings of the 5th International Workshop on Formal Aspects in Security and Trust, FAST 2008, held under the auspices of IFIP WG 1.7 in Malaga, Spain, in October 2008 as a satellite event of 13th European Symposium on Research in Computer Security. The 20 revised papers presented were carefully reviewed and selected from 59 submissions. The papers focus of formal aspects in security, trust and reputation, security protocol design and analysis, logics for security and trust, trust-based reasoning, distributed trust management systems, digital asset protection, data protection, privacy and id management issues, information flow analysis, language-based security, security and trust aspects in ubiquitous computing, validation/analysis tools, Web/grid services security/trust/privacy, security and risk assessment, resource and access control, as well as case studies.