SeVe: automatic tool for verification of security protocols

Security protocols play more and more important roles with wide use in many applications nowadays. Cur- rently, there are many tools for specifying and verifying secu- rity protocols such as Casper/FDR, ProVerif, or AVISPA. In these tools, the intruder's ability, which either needs to be specified e...

Full description

Saved in:
Bibliographic Details
Published inFrontiers of Computer Science Vol. 6; no. 1; pp. 57 - 75
Main Authors LUU, Anh Tuan, SUN, Jun, LIU, Yang, DONG, Jin Song, LI, Xiaohong, QUAN, Thanh Tho
Format Journal Article
LanguageEnglish
Published Heidelberg Higher Education Press 01.02.2012
SP Higher Education Press
Springer Nature B.V
Subjects
Algorithms
Authentication
AVISPA
Computer Science
Electronic voting systems
model checking
Modules
Privacy
process analysis toolkit (PAT)
Research Article
secrecy
Secrecy aspects
Security
security protocols
Semantics
Toolkits
Verification
安全协议
攻击能力
电子投票系统
知识推理
语义模型
验证工具
默认设置
security protocols
privacy
model checking
process analysis toolkit (PAT)
secrecy
authentication
Online AccessGet full text

Cover

More Information
Summary:Security protocols play more and more important roles with wide use in many applications nowadays. Cur- rently, there are many tools for specifying and verifying secu- rity protocols such as Casper/FDR, ProVerif, or AVISPA. In these tools, the intruder's ability, which either needs to be specified explicitly or set by default, is not flexible in some circumstances. Moreover, whereas most of the existing tools focus on secrecy and authentication properties, few supports privacy properties like anonymity, receipt freeness, and coer- cion resistance, which are crucial in many applications such as in electronic voting systems or anonymous online transac- tions. In this paper, we introduce a framework for specifying security protocols in the labeled transition system (LTS) se- mantics model, which embeds the knowledge of the par- ticipants and parameterizes the ability of an attacker. Us- ing this model, we give the formal definitions for three types of privacy properties based on trace equivalence and knowledge reasoning. The formal definitions for some other security properties, such as secrecy and authentica- tion, are introduced under this framework, and the veri- fication algorithms are also given. The results of this pa- per are embodied in the implementation of a SeVe mod- ule in a process analysis toolkit (PAT) model checker, which supports specifying, simulating, and verifying se- curity protocols. The experimental results show that a SeVe module is capable of verifying many types of secu- rity protocols and complements the state-of-the-art securityverifiers in several aspects. Moreover, it also proves the abil- ity in building an automatic verifier for security protocols re- lated to privacy type, which are mostly verified by hand now.
Bibliography:security protocols, model checking, processanalysis toolkit (PAT), authentication, secrecy, privacy
11-5731/TP
Security protocols play more and more important roles with wide use in many applications nowadays. Cur- rently, there are many tools for specifying and verifying secu- rity protocols such as Casper/FDR, ProVerif, or AVISPA. In these tools, the intruder's ability, which either needs to be specified explicitly or set by default, is not flexible in some circumstances. Moreover, whereas most of the existing tools focus on secrecy and authentication properties, few supports privacy properties like anonymity, receipt freeness, and coer- cion resistance, which are crucial in many applications such as in electronic voting systems or anonymous online transac- tions. In this paper, we introduce a framework for specifying security protocols in the labeled transition system (LTS) se- mantics model, which embeds the knowledge of the par- ticipants and parameterizes the ability of an attacker. Us- ing this model, we give the formal definitions for three types of privacy properties based on trace equivalence and knowledge reasoning. The formal definitions for some other security properties, such as secrecy and authentica- tion, are introduced under this framework, and the veri- fication algorithms are also given. The results of this pa- per are embodied in the implementation of a SeVe mod- ule in a process analysis toolkit (PAT) model checker, which supports specifying, simulating, and verifying se- curity protocols. The experimental results show that a SeVe module is capable of verifying many types of secu- rity protocols and complements the state-of-the-art securityverifiers in several aspects. Moreover, it also proves the abil- ity in building an automatic verifier for security protocols re- lated to privacy type, which are mostly verified by hand now.
security protocols
Document accepted on :2011-09-30
model checking
secrecy
Document received on :2011-07-20
privacy
process analysis toolkit (PAT)
authentication
ISSN:1673-7350
2095-2228
1673-7466
2095-2236
DOI:10.1007/s11704-012-2903-3