A formal specification and verification framework for timed security protocols

Nowadays, protocols often use time to provide better security. For instance, critical credentials are often associated with expiry dates in system designs. However, using time correctly in protocol design is challenging, due to the lack of time related formal specification and verification technique...

Full description

Saved in:
Bibliographic Details
Main Authors: Li, Li, Sun, Jun, Liu, Yang, Sun, Meng, Dong, Jin-Song
Other Authors: School of Computer Science and Engineering
Format: Article
Language:English
Published: 2020
Subjects:
Online Access:https://hdl.handle.net/10356/141485
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-141485
record_format dspace
spelling sg-ntu-dr.10356-1414852020-06-08T17:09:01Z A formal specification and verification framework for timed security protocols Li, Li Sun, Jun Liu, Yang Sun, Meng Dong, Jin-Song School of Computer Science and Engineering Engineering::Computer science and engineering Timed Security Protocol Timed Applied $\pi$ -Calculus Nowadays, protocols often use time to provide better security. For instance, critical credentials are often associated with expiry dates in system designs. However, using time correctly in protocol design is challenging, due to the lack of time related formal specification and verification techniques. Thus, we propose a comprehensive analysis framework to formally specify as well as automatically verify timed security protocols. A parameterized method is introduced in our framework to handle timing parameters whose values cannot be decided in the protocol design stage. In this work, we first propose timed applied π-calculus as a formal language for specifying timed security protocols. It supports modeling of continuous time as well as application of cryptographic functions. Then, we define its formal semantics based on timed logic rules, which facilitates efficient verification against various authentication and secrecy properties. Given a parameterized security protocol, our method either produces a constraint on the timing parameters which guarantees the security property satisfied by the protocol, or reports an attack that works for any parameter value. The correctness of our verification algorithm has been formally proved. We evaluate our framework with multiple timed and untimed security protocols and successfully find a previously unknown timing attack in Kerberos V. 2020-06-08T17:09:01Z 2020-06-08T17:09:01Z 2018 Journal Article Li, L., Sun, J., Liu, Y., Sun, M., & Dong, J.-S. (2018). A formal specification and verification framework for timed security protocols. IEEE Transactions on Software Engineering, 44(8), 725 - 746. doi:10.1109/TSE.2017.2712621 0098-5589 https://hdl.handle.net/10356/141485 10.1109/TSE.2017.2712621 2-s2.0-85051654899 8 44 725 746 en IEEE Transactions on Software Engineering © 2018 IEEE. All rights reserved.
institution Nanyang Technological University
building NTU Library
country Singapore
collection DR-NTU
language English
topic Engineering::Computer science and engineering
Timed Security Protocol
Timed Applied $\pi$ -Calculus
spellingShingle Engineering::Computer science and engineering
Timed Security Protocol
Timed Applied $\pi$ -Calculus
Li, Li
Sun, Jun
Liu, Yang
Sun, Meng
Dong, Jin-Song
A formal specification and verification framework for timed security protocols
description Nowadays, protocols often use time to provide better security. For instance, critical credentials are often associated with expiry dates in system designs. However, using time correctly in protocol design is challenging, due to the lack of time related formal specification and verification techniques. Thus, we propose a comprehensive analysis framework to formally specify as well as automatically verify timed security protocols. A parameterized method is introduced in our framework to handle timing parameters whose values cannot be decided in the protocol design stage. In this work, we first propose timed applied π-calculus as a formal language for specifying timed security protocols. It supports modeling of continuous time as well as application of cryptographic functions. Then, we define its formal semantics based on timed logic rules, which facilitates efficient verification against various authentication and secrecy properties. Given a parameterized security protocol, our method either produces a constraint on the timing parameters which guarantees the security property satisfied by the protocol, or reports an attack that works for any parameter value. The correctness of our verification algorithm has been formally proved. We evaluate our framework with multiple timed and untimed security protocols and successfully find a previously unknown timing attack in Kerberos V.
author2 School of Computer Science and Engineering
author_facet School of Computer Science and Engineering
Li, Li
Sun, Jun
Liu, Yang
Sun, Meng
Dong, Jin-Song
format Article
author Li, Li
Sun, Jun
Liu, Yang
Sun, Meng
Dong, Jin-Song
author_sort Li, Li
title A formal specification and verification framework for timed security protocols
title_short A formal specification and verification framework for timed security protocols
title_full A formal specification and verification framework for timed security protocols
title_fullStr A formal specification and verification framework for timed security protocols
title_full_unstemmed A formal specification and verification framework for timed security protocols
title_sort formal specification and verification framework for timed security protocols
publishDate 2020
url https://hdl.handle.net/10356/141485
_version_ 1681058173733044224