Role based specification and security analysis of cryptographic protocols using asynchronous product automata

Sigrid Gürgens; Peter Ochsenschläger; Carsten Rudolph

doi:10.1109/DEXA.2002.1045943

Role based specification and security analysis of cryptographic protocols using asynchronous product automata

Sigrid Gürgens, Peter Ochsenschläger, Carsten Rudolph

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

12 Citations (Scopus)

Abstract

Cryptographic protocols are formally specified as a system of protocol agents using asynchronous product automata (APA). APA are a universal and very flexible operational description concept for communicating automata. Their specification, analysis and verification is supported by the SH-verification tool (SHVT). The local state of each agent is structured in several components describing its knowledge of keys, its "view" of the protocol and the goals to be reached within the protocol. Communication is modeled by adding messages to and removing them from a shared state component network. Cryptography is modeled by symbolic functions with certain properties. In addition to the regular protocol agents an intruder is specified, which has no access to the agents' local states but to the network. The intruder may intercept messages and create new ones based on his initial knowledge and on what he can extract from intercepted messages. Violations of the security goals can be found by state space analysis performed by the SHVT. The method is demonstrated using the symmetric Needham-Schroeder protocol, and an attack is presented that does not involve compromised session keys. Our approach defers from others in that protocol specifications do not use implicit assumptions, thus protocol security does not depend on whether some implicit assumptions made are reasonable for a particular environment. Therefore, our protocol specifications explicitly provide relevant information for secure implementations.

Original language	English
Title of host publication	Proceedings - 13th International Workshop on Database and Expert Systems Applications, DEXA 2002
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	473-479
Number of pages	7
Volume	2002-January
ISBN (Electronic)	0769516688
DOIs	https://doi.org/10.1109/DEXA.2002.1045943
Publication status	Published - 1 Jan 2002
Externally published	Yes
Event	International Workshop on Trust and Privacy in Digital Business 2002 - Aix-en-Provence, France Duration: 2 Sept 2002 → 6 Sept 2002 https://ieeexplore.ieee.org/xpl/conhome/8104/proceeding (Proceedings)

Conference

Conference	International Workshop on Trust and Privacy in Digital Business 2002
Abbreviated title	TrustBus 2002
Country/Territory	France
City	Aix-en-Provence
Period	2/09/02 → 6/09/02
Other	Held within the "International Conference on Database and Expert Systems Applications 2002"
Internet address	https://ieeexplore.ieee.org/xpl/conhome/8104/proceeding (Proceedings)

Keywords

Access protocols
Algorithm design and analysis
Authentication
Automata
Cryptographic protocols
Cryptography
Information security
Performance analysis
Power system modeling
State-space methods

Access to Document

10.1109/DEXA.2002.1045943

Cite this

Gürgens, S., Ochsenschläger, P., & Rudolph, C. (2002). Role based specification and security analysis of cryptographic protocols using asynchronous product automata. In Proceedings - 13th International Workshop on Database and Expert Systems Applications, DEXA 2002 (Vol. 2002-January, pp. 473-479). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/DEXA.2002.1045943

@inproceedings{61196dd80d0047d0aed7c8be8b6c5d9d,

title = "Role based specification and security analysis of cryptographic protocols using asynchronous product automata",

abstract = "Cryptographic protocols are formally specified as a system of protocol agents using asynchronous product automata (APA). APA are a universal and very flexible operational description concept for communicating automata. Their specification, analysis and verification is supported by the SH-verification tool (SHVT). The local state of each agent is structured in several components describing its knowledge of keys, its {"}view{"} of the protocol and the goals to be reached within the protocol. Communication is modeled by adding messages to and removing them from a shared state component network. Cryptography is modeled by symbolic functions with certain properties. In addition to the regular protocol agents an intruder is specified, which has no access to the agents' local states but to the network. The intruder may intercept messages and create new ones based on his initial knowledge and on what he can extract from intercepted messages. Violations of the security goals can be found by state space analysis performed by the SHVT. The method is demonstrated using the symmetric Needham-Schroeder protocol, and an attack is presented that does not involve compromised session keys. Our approach defers from others in that protocol specifications do not use implicit assumptions, thus protocol security does not depend on whether some implicit assumptions made are reasonable for a particular environment. Therefore, our protocol specifications explicitly provide relevant information for secure implementations.",

keywords = "Access protocols, Algorithm design and analysis, Authentication, Automata, Cryptographic protocols, Cryptography, Information security, Performance analysis, Power system modeling, State-space methods",

author = "Sigrid G{\"u}rgens and Peter Ochsenschl{\"a}ger and Carsten Rudolph",

year = "2002",

month = jan,

day = "1",

doi = "10.1109/DEXA.2002.1045943",

language = "English",

volume = "2002-January",

pages = "473--479",

booktitle = "Proceedings - 13th International Workshop on Database and Expert Systems Applications, DEXA 2002",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

note = "International Workshop on Trust and Privacy in Digital Business 2002, TrustBus 2002 ; Conference date: 02-09-2002 Through 06-09-2002",

url = "https://ieeexplore.ieee.org/xpl/conhome/8104/proceeding",

}

Gürgens, S, Ochsenschläger, P & Rudolph, C 2002, Role based specification and security analysis of cryptographic protocols using asynchronous product automata. in Proceedings - 13th International Workshop on Database and Expert Systems Applications, DEXA 2002. vol. 2002-January, IEEE, Institute of Electrical and Electronics Engineers, pp. 473-479, International Workshop on Trust and Privacy in Digital Business 2002, Aix-en-Provence, France, 2/09/02. https://doi.org/10.1109/DEXA.2002.1045943

Role based specification and security analysis of cryptographic protocols using asynchronous product automata. / Gürgens, Sigrid; Ochsenschläger, Peter; Rudolph, Carsten.
Proceedings - 13th International Workshop on Database and Expert Systems Applications, DEXA 2002. Vol. 2002-January IEEE, Institute of Electrical and Electronics Engineers, 2002. p. 473-479.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Role based specification and security analysis of cryptographic protocols using asynchronous product automata

AU - Gürgens, Sigrid

AU - Ochsenschläger, Peter

AU - Rudolph, Carsten

PY - 2002/1/1

Y1 - 2002/1/1

N2 - Cryptographic protocols are formally specified as a system of protocol agents using asynchronous product automata (APA). APA are a universal and very flexible operational description concept for communicating automata. Their specification, analysis and verification is supported by the SH-verification tool (SHVT). The local state of each agent is structured in several components describing its knowledge of keys, its "view" of the protocol and the goals to be reached within the protocol. Communication is modeled by adding messages to and removing them from a shared state component network. Cryptography is modeled by symbolic functions with certain properties. In addition to the regular protocol agents an intruder is specified, which has no access to the agents' local states but to the network. The intruder may intercept messages and create new ones based on his initial knowledge and on what he can extract from intercepted messages. Violations of the security goals can be found by state space analysis performed by the SHVT. The method is demonstrated using the symmetric Needham-Schroeder protocol, and an attack is presented that does not involve compromised session keys. Our approach defers from others in that protocol specifications do not use implicit assumptions, thus protocol security does not depend on whether some implicit assumptions made are reasonable for a particular environment. Therefore, our protocol specifications explicitly provide relevant information for secure implementations.

AB - Cryptographic protocols are formally specified as a system of protocol agents using asynchronous product automata (APA). APA are a universal and very flexible operational description concept for communicating automata. Their specification, analysis and verification is supported by the SH-verification tool (SHVT). The local state of each agent is structured in several components describing its knowledge of keys, its "view" of the protocol and the goals to be reached within the protocol. Communication is modeled by adding messages to and removing them from a shared state component network. Cryptography is modeled by symbolic functions with certain properties. In addition to the regular protocol agents an intruder is specified, which has no access to the agents' local states but to the network. The intruder may intercept messages and create new ones based on his initial knowledge and on what he can extract from intercepted messages. Violations of the security goals can be found by state space analysis performed by the SHVT. The method is demonstrated using the symmetric Needham-Schroeder protocol, and an attack is presented that does not involve compromised session keys. Our approach defers from others in that protocol specifications do not use implicit assumptions, thus protocol security does not depend on whether some implicit assumptions made are reasonable for a particular environment. Therefore, our protocol specifications explicitly provide relevant information for secure implementations.

KW - Access protocols

KW - Algorithm design and analysis

KW - Authentication

KW - Automata

KW - Cryptographic protocols

KW - Cryptography

KW - Information security

KW - Performance analysis

KW - Power system modeling

KW - State-space methods

UR - http://www.scopus.com/inward/record.url?scp=18444375513&partnerID=8YFLogxK

U2 - 10.1109/DEXA.2002.1045943

DO - 10.1109/DEXA.2002.1045943

M3 - Conference Paper

AN - SCOPUS:18444375513

VL - 2002-January

SP - 473

EP - 479

BT - Proceedings - 13th International Workshop on Database and Expert Systems Applications, DEXA 2002

PB - IEEE, Institute of Electrical and Electronics Engineers

T2 - International Workshop on Trust and Privacy in Digital Business 2002

Y2 - 2 September 2002 through 6 September 2002

ER -

Gürgens S, Ochsenschläger P, Rudolph C. Role based specification and security analysis of cryptographic protocols using asynchronous product automata. In Proceedings - 13th International Workshop on Database and Expert Systems Applications, DEXA 2002. Vol. 2002-January. IEEE, Institute of Electrical and Electronics Engineers. 2002. p. 473-479 doi: 10.1109/DEXA.2002.1045943

Role based specification and security analysis of cryptographic protocols using asynchronous product automata

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this