Abstract
We introduce the Open-source Fixed-point Model Checker OFMC for symbolic security protocol analysis, which extends the On-the-fly Model Checker (the previous OFMC). The native input language of OFMC is the AVISPA Intermediate Format IF. OFMC also supports AnB, a new Alice-and-Bob-style language that extends previous similar languages with support for algebraic properties of cryptographic operators and with a simple notation for different kinds of channels that can be used both as assumptions and as protocol goals. AnB specifications are automatically translated to IF.
OFMC performs both protocol falsification and bounded session verification by exploring, in a demand-driven way, the transition system resulting from an IF specification. OFMC’s effectiveness is due to the integration of a number of symbolic, constraint-based techniques, which are correct and terminating. The two major techniques are the lazy intruder, which is a symbolic representation of the intruder, and constraint differentiation, which is a general search-reduction technique that integrates the lazy intruder with ideas from partial-order reduction. Moreover, OFMC allows one to analyze security protocols with respect to an algebraic theory of the employed cryptographic operators, which can be specified as part of the input. We also sketch the ongoing integration of fixed-point-based techniques for protocol verification for an unbounded number of sessions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Cortier, V.: Deciding knowledge in security protocols under (many more) equational theories. In: Proceedings of CSFW 2005, pp. 62–76. IEEE Computer Society Press, Los Alamitos (2005)
Amadio, R.M., Lugiez, D.: On the reachability problem in cryptographic protocols. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 380–394. Springer, Heidelberg (2000)
Andova, S., Cremers, C., Gjøsteen, K., Mauw, S., Mjølsnes, S., Radomirović, S.: A framework for compositional verification of security protocols. Information and Computation 206, 425–459 (2008)
Arapinis, M., Delaune, S., Kremer, S.: From one session to many: Dynamic tags for security protocols. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS, vol. 5330, pp. 128–142. Springer, Heidelberg (2008)
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Héam, P.-C., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Armando, A., Carbone, R., Compagna, L.: LTL Model Checking for Security Protocols. In: Proceedings of CSF 2007, pp. 385–396. IEEE Computer Society Press, Los Alamitos (2007)
AVISPA. Deliverable 2.3: The Intermediate Format (2003), http://www.avispa-project.org
AVISPA. Deliverable 7.4: Assessment of the AVISPA Tool v. 3 (2005), http://www.avispa-project.org
The AVISPA Library of Protocols, http://www.avispa-project.org/library
Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press, Cambridge (1998)
Basin, D., Mödersheim, S., Viganò, L.: Algebraic intruder deductions. In: Sutcliffe, G., Voronkov, A. (eds.) LPAR 2005. LNCS (LNAI), vol. 3835, pp. 549–564. Springer, Heidelberg (2005)
Basin, D., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. International Journal of Information Security 4(3), 181–208 (2005)
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of CSFW 2001, pp. 82–96. IEEE Computer Society Press, Los Alamitos (2001)
Blum, A.L., Furst, M.L.: Fast planning through planning graph analysis. Artificial Intelligence 90, 281–300 (1997)
Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Automatic validation of protocol narration. In: Proceedings of CSFW 2003, pp. 126–140. IEEE Computer Society Press, Los Alamitos (2003)
Boichut, Y., Héam, P.-C., Kouchnarenko, O.: Tree automata for detecting attacks on protocols with algebraic cryptographic primitives. In: Proceedings of the INFINITY 2007 Workshop (2007) (to appear in ENTCS)
Boreale, M.: Symbolic trace analysis of cryptographic protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 667–681. Springer, Heidelberg (2001)
Boreale, M., Buscemi, M.G.: A framework for the analysis of security protocols. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 483–498. Springer, Heidelberg (2002)
Bradner, S., Mankin, A., Schiller, J.: A framework for purpose built keys (PBK). Work in Progress (June 2003), Internet Draft: draft-bradner-pbk-frame-06.txt
Butler, F., Cervesato, I., Jaggard, A., Scedrov, A.: A formal analysis of some properties of Kerberos 5 using MSR. In: Proceedings of CSFW 2002, pp. 175–190. IEEE Computer Society Press, Los Alamitos (2002)
Cervesato, I., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: Relating Strands and Multiset Rewriting for Security Protocol Analysis. In: Proceedings of CSFW 2000, pp. 35–51. IEEE Computer Society Press, Los Alamitos (2000)
Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: Deciding the security of protocols with diffie-hellman exponentiation and products in exponents. In: Pandya, P.K., Radhakrishnan, J. (eds.) FSTTCS 2003. LNCS, vol. 2914, pp. 124–135. Springer, Heidelberg (2003)
Chevalier, Y., Vigneron, L.: A Tool for Lazy Verification of Security Protocols. In: Proceedings of ASE 2001, pp. 373–376. IEEE Computer Society Press, Los Alamitos (2001)
Chevalier, Y., Vigneron, L.: Automated unbounded verification of security protocols. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 324–337. Springer, Heidelberg (2002)
Corin, R., Etalle, S.: An improved constraint-based system for the verification of security protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 326–341. Springer, Heidelberg (2002)
Cortier, V., Delaune, S.: Safely composing security protocols. Formal Methods in System Design 34(1), 1–36 (2009)
Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security 14(1), 1–43 (2006)
Cousot, P.: Abstract interpretation. Symposium on Models of Programming Languages and Computation. ACM Computing Surveys 28(2), 324–328 (1996)
Cremers, C.J.F.: The scyther tool: Verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)
Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: Secure protocol composition. In: Proceedings of the 2003 ACM workshop on Formal methods in security engineering, pp. 11–23. ACM Press, New York (2003)
Delaune, S., Kremer, S., Ryan, M.D.: Composition of password-based protocols. In: Proceedings of CSF 2008, pp. 239–251. IEEE Computer Society Press, Los Alamitos (2008)
Denker, G., Millen, J.K., Rueß, H.: The CAPSL Integrated Protocol Environment. Technical Report SRI-CSL-2000-02, SRI International, Menlo Park, CA (2000)
Dierks, T., Allen, C.: RFC2246 – The TLS Protocol Version 1 (January 1999)
Dolev, D., Yao, A.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 2(29) (1983)
Durgin, N., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: Undecidability of Bounded Security Protocols. In: Proceedings of the FLOC’99 Workshop on Formal Methods and Security Protocols, FMSP 1999 (1999)
Even, S., Goldreich, O.: On the security of multi-party ping pong protocols. In: Proceedings of FOCS 1983, pp. 34–39. IEEE Computer Society Press, Los Alamitos (1983)
Fiore, M., Abadi, M.: Computing Symbolic Models for Verifying Cryptographic Protocols. In: Proceedings of CSFW 2001, pp. 160–173. IEEE Computer Society Press, Los Alamitos (2001)
Genet, T., Klay, F.: Rewriting for cryptographic protocol verification. In: McAllester, D. (ed.) CADE 2000. LNCS, vol. 1831, pp. 271–290. Springer, Heidelberg (2000)
Goubault-Larrecq, J.: A method for automatic cryptographic protocol verification. In: Rolim, J.D.P. (ed.) IPDPS-WS 2000. LNCS, vol. 1800, pp. 977–984. Springer, Heidelberg (2000)
Guttman, J.D.: Authentication tests and disjoint encryption: a design method for security protocols. Journal of Computer Security 3–4(12), 409–433 (2004)
Guttman, J.D.: Cryptographic protocol composition via the authentication tests. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 303–317. Springer, Heidelberg (2009)
Hankes Drielsma, P., Mödersheim, S., Viganò, L., Basin, D.: Formalizing and analyzing sender invariance. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 80–95. Springer, Heidelberg (2007)
Huima, A.: Efficient Infinite-State Analysis of Security Protocols. In: Proceedings of the FLOC 1999 Workshop on Formal Methods and Security Protocols, FMSP 1999 (1999)
ITU-T Recommendation H.530: Symmetric Security Procedures for H.510 (Mobility for H.323 Multimedia Systems and Services) (2002)
ITU-T Recommendation H.530, Corrigendum 1 (2003); Corrected version of [44]
Jacquemard, F., Rusinowitch, M., Vigneron, L.: Compiling and verifying security protocols. In: Parigot, M., Voronkov, A. (eds.) LPAR 2000. LNCS, vol. 1955, pp. 131–160. Springer, Heidelberg (2000)
Johnson, D., Perkins, C., Arkko, J.: RFC3775 – Mobility Support in IPv6 (June 2004)
Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of CSFW 1997, pp. 31–43. IEEE Computer Society Press, Los Alamitos (1997)
Lowe, G.: Casper: a Compiler for the Analysis of Security Protocols. Journal of Computer Security 6(1), 53–84 (1998)
Maurer, U.M., Schmid, P.E.: A calculus for security bootstrapping in distributed systems. Journal of Computer Security 4(1), 55–80 (1996)
Meadows, C.: The NRL Protocol Analyzer: An Overview. Journal of Logic Programming 26(2), 113–131 (1996)
Millen, J.K., Muller, F.: Cryptographic protocol generation from CAPSL. Technical Report SRI-CSL-01-07, SRI International (2001)
Millen, J.K., Shmatikov, V.: Constraint Solving for Bounded-Process Cryptographic Protocol Analysis. In: Proceedings of CCS 2001, pp. 166–175. ACM Press, New York (2001)
Mödersheim, S.: Models and Methods for the Automated Analysis of Security Protocols. PhD Thesis, ETH Zurich (2007)
Mödersheim, S.: On the Relationships between Models in Protocol Verification. Information and Computation 206(2-4), 291–311 (2008)
Mödersheim, S.: Algebraic Properties in Alice and Bob Notation. In: Proceedings of Ares 2009, pp. 433–440. IEEE Xplore (2009); Extended version: Technical Report RZ3709, IBM Zurich Research Lab (2008), domino.research.ibm.com/library/cyberdig.nsf
Mödersheim, S., Viganò, L.: Secure Pseudonymous Channels. In: Proceedings of Esorics 2009 (to appear, 2009); Extended version: Technical Report RZ3724, IBM Zurich Research Lab (2009), domino.research.ibm.com/library/cyberdig.nsf
Mödersheim, S., Viganò, L., Basin, D.: Constraint Differentiation: Search-Space Reduction for the Constraint-Based Analysis of Security Protocols. Journal of Computer Security (to appear)
Paulson, L.C.: The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security 6(1), 85–128 (1998)
Peled, D.: Ten Years of Partial Order Reduction. In: Y. Vardi, M. (ed.) CAV 1998. LNCS, vol. 1427, pp. 17–28. Springer, Heidelberg (1998)
Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modelling and Analysis of Security Protocols. Addison-Wesley, Reading (2000)
The Strand Space Method, http://www.mitre.org/tech/strands/
Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Mödersheim, S., Viganò, L. (2009). The Open-Source Fixed-Point Model Checker for Symbolic Analysis of Security Protocols. In: Aldini, A., Barthe, G., Gorrieri, R. (eds) Foundations of Security Analysis and Design V. FOSAD FOSAD FOSAD 2009 2007 2008. Lecture Notes in Computer Science, vol 5705. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03829-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-03829-7_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03828-0
Online ISBN: 978-3-642-03829-7
eBook Packages: Computer ScienceComputer Science (R0)