Pitfalls in Formal Reasoning about Security Protocols

被引：2

作者：

Moebius, Nina ^{[1
]}

Stenzel, Kurt ^{[1
]}

Reif, Wolfgang ^{[1
]}

机构：

[1] Univ Augsburg, Inst Software & Syst Engn, D-8900 Augsburg, Germany

来源：

FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS | 2010年

关键词：

formal verification; security protocols;

D O I：

10.1109/ARES.2010.36

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Formal verification can give more confidence in the security of cryptographic protocols. Application specific security properties like "The service provider does not loose money" can give even more confidence than standard properties like secrecy or authentication. However, it is surprisingly easy to get a meaningful property slightly wrong. The result is that an insecure protocol can be 'proven' secure. We illustrate the problem with a very small application, a copy card, that has only five different messages. The example is taken from a paper where the protocol is secure, but the proved property slightly wrong. We propose to solve the problem by incorporating more of the real-world application into the formal model.

引用

页码：248 / 253

页数：6

共 50 条

[21] Equational Reasoning About Quantum Protocols
Gay, Simon J.
Puthoor, Ittoop V.
REVERSIBLE COMPUTATION, RC 2015, 2015, 9138 : 155 - 170
[22] Reasoning about active network protocols
Bhattacharjee, S
Calvert, KL
Zegura, EW
SIXTH INTERNATIONAL CONFERENCE ON NETWORK PROTOCOLS, PROCEEDINGS, 1998, : 31 - 40
[23] Formal reasoning about causality analysis
Brandt, Jens
Schneider, Klaus
THEOREM PROVING IN HIGHER ORDER LOGICS, PROCEEDINGS, 2008, 5170 : 118 - 133
[24] A LOGIC FOR REASONING ABOUT SECURITY
GLASGOW, J
MACEWEN, G
PANANGADEN, P
ACM TRANSACTIONS ON COMPUTER SYSTEMS, 1992, 10 (03): : 226 - 264
[25] Formal Security Analysis of Vehicle Diagnostic Protocols
Lauser, Timm
Krauss, Christoph
18TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY & SECURITY, ARES 2023, 2023,
[26] A new formal analysis method for security protocols
Lu Yang
Xiao Junmo
Liu Jing
Advanced Computer Technology, New Education, Proceedings, 2007, : 724 - 729
[27] Formal Verification of Security Protocols: ProVerif and Extensions
Yao, Jiangyuan
Xu, Chunxiang
Li, Deshun
Lin, Shengjun
Cao, Xingcan
ARTIFICIAL INTELLIGENCE AND SECURITY, ICAIS 2022, PT II, 2022, 13339 : 500 - 512
[28] Panel on languages for formal specification of security protocols
Meadows, C
10TH COMPUTER SECURITY FOUNDATIONS WORKSHOP, PROCEEDINGS, 1997, : 96 - 96
[29] Security and Privacy of Protocols and Software with Formal Methods
Biondi, Fabrizio
Legay, Axel
LEVERAGING APPLICATIONS OF FORMAL METHODS, VERIFICATION AND VALIDATION: FOUNDATIONAL TECHNIQUES, PT I, 2016, 9952 : 883 - 892
[30] Formal verification logic for hybrid security protocols
Newe, T
Coffey, T
COMPUTER SYSTEMS SCIENCE AND ENGINEERING, 2003, 18 (01): : 17 - 25

← 1 2 3 4 5 →