A comparison between strand spaces and multiset rewriting for security protocol analysis

Authors:
I. Cervesato;N. Durgin;P. Lincoln;J. Mitchell;A. Scedrov
Affiliations:
Advanced Engineering and Sciences Division, ITT Industries, Inc., Alexandria, VA;Computer Science Department, Stanford University, Stanford, CA;Computer Science Laboratory, SRI International, Menlo Park, CA;Computer Science Department, Stanford University, Stanford, CA;Mathematics Department, University of Pennsylvania, Philadelphia, PA
Venue:
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Year:
2002

Citing 7
Cited 6

Using encryption for authentication in large networks of computers

Communications of the ACM
A Meta-Notation for Protocol Analysis

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Mixed Strand Spaces

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Honest Functions and their Application to the Analysis of Cryptographic Protocols

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Athena: a New Efficient Automatic Checker for Security Protocol Analysis

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Relating Strands and Multiset Rewriting for Security Protocol Analysis

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
A Formal Analysis of Some Properties of Kerberos 5 Using MSR

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations

Multiset rewriting and the complexity of bounded security protocols

Journal of Computer Security
A comparison between strand spaces and multiset rewriting for security protocol analysis

Journal of Computer Security
A survey of algebraic properties used in cryptographic protocols

Journal of Computer Security
Distributed temporal logic for the analysis of security protocol models

Theoretical Computer Science
Honoring Carolyn Talcott's contributions to science

Formal modeling
Integrating automated and interactive protocol verification

FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust

Quantified Score

Hi-index	0.00

Visualization

Abstract

Formal analysis of security protocols is largely based on a set of assumptions commonly referred to as the Dolev-Yao model. Two formalisms that state the basic assumptions of this model are related here: strand spaces [FHG98] and multiset rewriting with existential quantification [CDL+ 99, DLMS99]. Strand spaces provide a simple and economical approach to state-based analysis of completed protocol runs by emphasizing causal interactions among protocol participants. The multiset rewriting formalism provides a very precise way of specifying finite-length protocols, with a bounded initialization phase but allowing unboundedly many instances of each protocol role, such as client, server, initiator, or responder. Although it is fairly intuitive that these two languages should be equivalent in some way, a number of modifications to each system are required to obtain a meaningful equivalence. We extend the strand formalism with a way of incrementally growing bundles in order to emulate an execution of a protocol with parametric strands. We omit the initialization part of the multiset rewriting setting, which formalizes the choice of initial data, such as shared public or private keys, and which has no counterpart in the strand space setting. The correspondence between the modified formalisms directly relates the intruder theory from the multiset rewriting formalism to the penetrator strands. The relationship we illustrate here between multiset rewriting specifications and strand spaces thus suggests refinements to both frameworks, and deepens our understanding of the Dolev-Yao model.