Proceedings Article10.1109/CSF.2007.24
LTL Model Checking for Security Protocols
Alessandro Armando,Roberto Carbone,Luca Compagna +2 more
- 06 Jul 2007
- pp 385-396
83
TL;DR: This paper proposes a general model for security protocols based on the set-rewriting formalism that allows for the specification of assumptions on principals and communication channels as well as complex security properties that are normally not handled by state-of-the-art protocol analysers.
read more
Abstract: Most model checking techniques for security protocols make a number of simplifying assumptions on the protocol and/or on its execution environment that prevent their applicability in some important cases. For instance, most techniques assume that communication between honest principals is controlled by a Dolev -Yao intruder, i.e. a malicious agent capable to overhear, divert, and fake messages. Yet we might be interested in establishing the security of a protocol that relies on a less unsecure channel (e.g. a confidential channel provided by some other protocol sitting lower in the protocol stack). In this paper we propose a general model for security protocols based on the set-rewriting formalism that, coupled with the use of LTL, allows for the specification of assumptions on principals and communication channels as well as complex security properties that are normally not handled by state-of-the-art protocol analysers. By using our approach we have been able to formalise all the assumptions required by the ASW protocol for optimistic fair exchange as well as some of its security properties. Besides the previously reported attacks on the protocol, we report a new attack on a patched version of the protocol.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps
Alessandro Armando,Roberto Carbone,Luca Compagna,Jorge Cuellar,Llanos Tobarra +4 more
- 27 Oct 2008
TL;DR: This paper provides formal models of the protocol corresponding to one of the most applied use case scenario (the SP-Initiated SSO with Redirect/POST Bindings) and of a variant of the Protocol implemented by Google and currently in use by Google's customers (the SAML-based SSO for Google Applications), and mechanically analysed these formal models with SATMC, a state-of-the-art model checker for security protocols.
Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties
Benedikt Schmidt,Simon Meier,Cas Cremers,David Basin +3 more
- 25 Jun 2012
TL;DR: A general approach for the symbolic analysis of security protocols that use Diffie-Hellman exponentiation to achieve advanced security properties using a novel constraint-solving algorithm that supports both falsification and verification, even in the presence of an unbounded number of protocol sessions.
An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations
Alessandro Armando,Roberto Carbone,Luca Compagna,Jorge Cuellar,Giancarlo Pellegrino,Alessandro Sorniotti +5 more
TL;DR: It is shown that the main emerging SSO protocols, namely SAML SSO and OpenID, suffer from an authentication flaw that allows a malicious service provider to hijack a client authentication attempt or force the latter to access a resource without its consent or intention.
83
Secure pseudonymous channels
Sebastian Mödersheim,Luca Viganò +1 more
- 21 Sep 2009
TL;DR: The meaning of channels is defined, three basic kinds of channels are considered--authentic, confidential, and secure--where agents may be identified by pseudonyms rather than by their real names, and the answer is negative.
Toward black-box detection of logic flaws in web applications
Giancarlo Pellegrino,Davide Balzarotti +1 more
- 01 Jan 2014
TL;DR: This paper proposes a novel black-box technique to detect logic vulnerabilities in web applications based on the automatic identification of a number of behavioral patterns starting from few network traces in which users interact with a certain application.
References
On the security of public key protocols
Danny Dolev,Andrew Chi-Chih Yao +1 more
TL;DR: Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.
Using encryption for authentication in large networks of computers
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Symbolic Model Checking without BDDs
Armin Biere,Alessandro Cimatti,Edmund M. Clarke,Yunshan Zhu +3 more
- 22 Mar 1999
TL;DR: This paper shows how boolean decision procedures, like Stalmarck's Method or the Davis & Putnam Procedure, can replace BDDs, and introduces a bounded model checking procedure for LTL which reduces model checking to propositional satisfiability.
The AVISPA tool for the automated validation of internet security protocols and applications
Alessandro Armando,David Basin,Yohan Boichut,Yannick Chevalier,Luca Compagna,Jorge Cuellar,P. Hankes Drielsma,Pierre-Cyrille Héam,Olga Kouchnarenko,Jacopo Mantovani,Sebastian Mödersheim,D. von Oheimb,Michaël Rusinowitch,J. Santiago,Mathieu Turuani,Luca Viganò,Laurent Vigneron +16 more
- 06 Jul 2005
TL;DR: AVISPA is a push-button tool for the automated validation of Internet security-sensitive protocols and applications that provides a modular and expressive formal language for specifying protocols and their security properties.
Breaking and Fixing the Needham−Schroeder Public−Key Protocol Using FDR
Gavin Lowe
- 01 Jan 1996
TL;DR: This paper uses FDR, a refinement checker for CSP to discover an attack upon the Needham-Schroeder Public-Key Protocol, which allows an intruder to impersonate another agent, and adapt the protocol, and uses FDR to show that the new protocol is secure, at least for a small system.
1.3K