Skip to main content
SpringerLink
Log in
SpringerLink
Log in

The Open-Source Fixed-Point Model Checker for Symbolic Analysis of Security Protocols

  • Chapter
Foundations of Security Analysis and Design V (FOSAD 2009, FOSAD 2007, FOSAD 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5705))

Abstract

We introduce the Open-source Fixed-point Model Checker OFMC for symbolic security protocol analysis, which extends the On-the-fly Model Checker (the previous OFMC). The native input language of OFMC is the AVISPA Intermediate Format IF. OFMC also supports AnB, a new Alice-and-Bob-style language that extends previous similar languages with support for algebraic properties of cryptographic operators and with a simple notation for different kinds of channels that can be used both as assumptions and as protocol goals. AnB specifications are automatically translated to IF.

OFMC performs both protocol falsification and bounded session verification by exploring, in a demand-driven way, the transition system resulting from an IF specification. OFMC’s effectiveness is due to the integration of a number of symbolic, constraint-based techniques, which are correct and terminating. The two major techniques are the lazy intruder, which is a symbolic representation of the intruder, and constraint differentiation, which is a general search-reduction technique that integrates the lazy intruder with ideas from partial-order reduction. Moreover, OFMC allows one to analyze security protocols with respect to an algebraic theory of the employed cryptographic operators, which can be specified as part of the input. We also sketch the ongoing integration of fixed-point-based techniques for protocol verification for an unbounded number of sessions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Cortier, V.: Deciding knowledge in security protocols under (many more) equational theories. In: Proceedings of CSFW 2005, pp. 62–76. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  2. Amadio, R.M., Lugiez, D.: On the reachability problem in cryptographic protocols. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 380–394. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Andova, S., Cremers, C., Gjøsteen, K., Mauw, S., Mjølsnes, S., Radomirović, S.: A framework for compositional verification of security protocols. Information and Computation 206, 425–459 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  4. Arapinis, M., Delaune, S., Kremer, S.: From one session to many: Dynamic tags for security protocols. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS, vol. 5330, pp. 128–142. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  5. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Héam, P.-C., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  6. Armando, A., Carbone, R., Compagna, L.: LTL Model Checking for Security Protocols. In: Proceedings of CSF 2007, pp. 385–396. IEEE Computer Society Press, Los Alamitos (2007)

    Google Scholar 

  7. AVISPA. Deliverable 2.3: The Intermediate Format (2003), http://www.avispa-project.org

  8. AVISPA. Deliverable 7.4: Assessment of the AVISPA Tool v. 3 (2005), http://www.avispa-project.org

  9. The AVISPA Library of Protocols, http://www.avispa-project.org/library

  10. Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press, Cambridge (1998)

    Book  MATH  Google Scholar 

  11. Basin, D., Mödersheim, S., Viganò, L.: Algebraic intruder deductions. In: Sutcliffe, G., Voronkov, A. (eds.) LPAR 2005. LNCS (LNAI), vol. 3835, pp. 549–564. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Basin, D., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. International Journal of Information Security 4(3), 181–208 (2005)

    Article  Google Scholar 

  13. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of CSFW 2001, pp. 82–96. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  14. Blum, A.L., Furst, M.L.: Fast planning through planning graph analysis. Artificial Intelligence 90, 281–300 (1997)

    Article  MATH  Google Scholar 

  15. Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Automatic validation of protocol narration. In: Proceedings of CSFW 2003, pp. 126–140. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  16. Boichut, Y., Héam, P.-C., Kouchnarenko, O.: Tree automata for detecting attacks on protocols with algebraic cryptographic primitives. In: Proceedings of the INFINITY 2007 Workshop (2007) (to appear in ENTCS)

    Google Scholar 

  17. Boreale, M.: Symbolic trace analysis of cryptographic protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 667–681. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. Boreale, M., Buscemi, M.G.: A framework for the analysis of security protocols. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 483–498. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  19. Bradner, S., Mankin, A., Schiller, J.: A framework for purpose built keys (PBK). Work in Progress (June 2003), Internet Draft: draft-bradner-pbk-frame-06.txt

  20. Butler, F., Cervesato, I., Jaggard, A., Scedrov, A.: A formal analysis of some properties of Kerberos 5 using MSR. In: Proceedings of CSFW 2002, pp. 175–190. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  21. Cervesato, I., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: Relating Strands and Multiset Rewriting for Security Protocol Analysis. In: Proceedings of CSFW 2000, pp. 35–51. IEEE Computer Society Press, Los Alamitos (2000)

    Google Scholar 

  22. Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: Deciding the security of protocols with diffie-hellman exponentiation and products in exponents. In: Pandya, P.K., Radhakrishnan, J. (eds.) FSTTCS 2003. LNCS, vol. 2914, pp. 124–135. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  23. Chevalier, Y., Vigneron, L.: A Tool for Lazy Verification of Security Protocols. In: Proceedings of ASE 2001, pp. 373–376. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  24. Chevalier, Y., Vigneron, L.: Automated unbounded verification of security protocols. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 324–337. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  25. Corin, R., Etalle, S.: An improved constraint-based system for the verification of security protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 326–341. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  26. Cortier, V., Delaune, S.: Safely composing security protocols. Formal Methods in System Design 34(1), 1–36 (2009)

    Article  MATH  Google Scholar 

  27. Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security 14(1), 1–43 (2006)

    Article  Google Scholar 

  28. Cousot, P.: Abstract interpretation. Symposium on Models of Programming Languages and Computation. ACM Computing Surveys 28(2), 324–328 (1996)

    Google Scholar 

  29. Cremers, C.J.F.: The scyther tool: Verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  30. Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: Secure protocol composition. In: Proceedings of the 2003 ACM workshop on Formal methods in security engineering, pp. 11–23. ACM Press, New York (2003)

    Chapter  Google Scholar 

  31. Delaune, S., Kremer, S., Ryan, M.D.: Composition of password-based protocols. In: Proceedings of CSF 2008, pp. 239–251. IEEE Computer Society Press, Los Alamitos (2008)

    Google Scholar 

  32. Denker, G., Millen, J.K., Rueß, H.: The CAPSL Integrated Protocol Environment. Technical Report SRI-CSL-2000-02, SRI International, Menlo Park, CA (2000)

    Google Scholar 

  33. Dierks, T., Allen, C.: RFC2246 – The TLS Protocol Version 1 (January 1999)

    Google Scholar 

  34. Dolev, D., Yao, A.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 2(29) (1983)

    Google Scholar 

  35. Durgin, N., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: Undecidability of Bounded Security Protocols. In: Proceedings of the FLOC’99 Workshop on Formal Methods and Security Protocols, FMSP 1999 (1999)

    Google Scholar 

  36. Even, S., Goldreich, O.: On the security of multi-party ping pong protocols. In: Proceedings of FOCS 1983, pp. 34–39. IEEE Computer Society Press, Los Alamitos (1983)

    Google Scholar 

  37. Fiore, M., Abadi, M.: Computing Symbolic Models for Verifying Cryptographic Protocols. In: Proceedings of CSFW 2001, pp. 160–173. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  38. Genet, T., Klay, F.: Rewriting for cryptographic protocol verification. In: McAllester, D. (ed.) CADE 2000. LNCS, vol. 1831, pp. 271–290. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  39. Goubault-Larrecq, J.: A method for automatic cryptographic protocol verification. In: Rolim, J.D.P. (ed.) IPDPS-WS 2000. LNCS, vol. 1800, pp. 977–984. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  40. Guttman, J.D.: Authentication tests and disjoint encryption: a design method for security protocols. Journal of Computer Security 3–4(12), 409–433 (2004)

    Google Scholar 

  41. Guttman, J.D.: Cryptographic protocol composition via the authentication tests. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 303–317. Springer, Heidelberg (2009)

    Google Scholar 

  42. Hankes Drielsma, P., Mödersheim, S., Viganò, L., Basin, D.: Formalizing and analyzing sender invariance. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 80–95. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  43. Huima, A.: Efficient Infinite-State Analysis of Security Protocols. In: Proceedings of the FLOC 1999 Workshop on Formal Methods and Security Protocols, FMSP 1999 (1999)

    Google Scholar 

  44. ITU-T Recommendation H.530: Symmetric Security Procedures for H.510 (Mobility for H.323 Multimedia Systems and Services) (2002)

    Google Scholar 

  45. ITU-T Recommendation H.530, Corrigendum 1 (2003); Corrected version of [44]

    Google Scholar 

  46. Jacquemard, F., Rusinowitch, M., Vigneron, L.: Compiling and verifying security protocols. In: Parigot, M., Voronkov, A. (eds.) LPAR 2000. LNCS, vol. 1955, pp. 131–160. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  47. Johnson, D., Perkins, C., Arkko, J.: RFC3775 – Mobility Support in IPv6 (June 2004)

    Google Scholar 

  48. Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of CSFW 1997, pp. 31–43. IEEE Computer Society Press, Los Alamitos (1997)

    Google Scholar 

  49. Lowe, G.: Casper: a Compiler for the Analysis of Security Protocols. Journal of Computer Security 6(1), 53–84 (1998)

    Article  MathSciNet  Google Scholar 

  50. Maurer, U.M., Schmid, P.E.: A calculus for security bootstrapping in distributed systems. Journal of Computer Security 4(1), 55–80 (1996)

    Article  Google Scholar 

  51. Meadows, C.: The NRL Protocol Analyzer: An Overview. Journal of Logic Programming 26(2), 113–131 (1996)

    Article  MATH  Google Scholar 

  52. Millen, J.K., Muller, F.: Cryptographic protocol generation from CAPSL. Technical Report SRI-CSL-01-07, SRI International (2001)

    Google Scholar 

  53. Millen, J.K., Shmatikov, V.: Constraint Solving for Bounded-Process Cryptographic Protocol Analysis. In: Proceedings of CCS 2001, pp. 166–175. ACM Press, New York (2001)

    Google Scholar 

  54. Mödersheim, S.: Models and Methods for the Automated Analysis of Security Protocols. PhD Thesis, ETH Zurich (2007)

    Google Scholar 

  55. Mödersheim, S.: On the Relationships between Models in Protocol Verification. Information and Computation 206(2-4), 291–311 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  56. Mödersheim, S.: Algebraic Properties in Alice and Bob Notation. In: Proceedings of Ares 2009, pp. 433–440. IEEE Xplore (2009); Extended version: Technical Report RZ3709, IBM Zurich Research Lab (2008), domino.research.ibm.com/library/cyberdig.nsf

  57. Mödersheim, S., Viganò, L.: Secure Pseudonymous Channels. In: Proceedings of Esorics 2009 (to appear, 2009); Extended version: Technical Report RZ3724, IBM Zurich Research Lab (2009), domino.research.ibm.com/library/cyberdig.nsf

  58. Mödersheim, S., Viganò, L., Basin, D.: Constraint Differentiation: Search-Space Reduction for the Constraint-Based Analysis of Security Protocols. Journal of Computer Security (to appear)

    Google Scholar 

  59. Paulson, L.C.: The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security 6(1), 85–128 (1998)

    Article  Google Scholar 

  60. Peled, D.: Ten Years of Partial Order Reduction. In: Y. Vardi, M. (ed.) CAV 1998. LNCS, vol. 1427, pp. 17–28. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  61. Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modelling and Analysis of Security Protocols. Addison-Wesley, Reading (2000)

    Google Scholar 

  62. The Strand Space Method, http://www.mitre.org/tech/strands/

  63. Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM Zurich Research Laboratory, Switzerland

    Sebastian Mödersheim

  2. Department of Computer Science, University of Verona, Italy

    Luca Viganò

Authors
  1. Sebastian Mödersheim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luca Viganò
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Istituto di Scienze e Tecnologie dell’Informazione, Università degli Studi di Urbino “Carlo Bo”, Piazza della Repubblica 13, 61029, Urbino, Italy

    Alessandro Aldini

  2. IMDEA Software, UPM Facultad de Informatica, Campus Montegancedo, 28660, Boadilla del Monte, Madrid, Spain

    Gilles Barthe

  3. Dipartimento di Scienze dell’Informazione, Università degli Studi di Bologna, Mura Anteo Zamboni 7, 40127, Bologna, Italy

    Roberto Gorrieri

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Mödersheim, S., Viganò, L. (2009). The Open-Source Fixed-Point Model Checker for Symbolic Analysis of Security Protocols. In: Aldini, A., Barthe, G., Gorrieri, R. (eds) Foundations of Security Analysis and Design V. FOSAD FOSAD FOSAD 2009 2007 2008. Lecture Notes in Computer Science, vol 5705. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03829-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03829-7_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03828-0

  • Online ISBN: 978-3-642-03829-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation