Automatic testing equivalence verification of spi calculus specifications

Authors:
Luca Durante;Riccardo Sisto;Adriano Valenzano
Affiliations:
IEIIT---CNR, Torino, Italy;Politecnico di Torino, Torino, Italy;IEIIT---CNR, Torino, Italy
Venue:
ACM Transactions on Software Engineering and Methodology (TOSEM)
Year:
2003

Citing 19
Cited 15

The Interrogator: Protocol Secuity Analysis

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
A calculus of mobile processes, II

Information and Computation
Symbolic bisimulations

MFPS '92 Selected papers of the meeting on Mathematical foundations of programming semantics
A symbolic semantics for the &pgr;-calculus

Information and Computation
Using CSP to Detect Errors in the TMN Protocol

IEEE Transactions on Software Engineering
Verifying Authentication Protocols in CSP

IEEE Transactions on Software Engineering
A calculus for cryptographic protocols

Information and Computation
Towards a completeness result for model checking of security protocols

Journal of Computer Security
The inductive approach to verifying cryptographic protocols

Journal of Computer Security
Verifying security protocols with Brutus

ACM Transactions on Software Engineering and Methodology (TOSEM)
Proof Techniques for Cryptographic Processes

SIAM Journal on Computing
A bisimulation method for cryptographic protocols

Nordic Journal of Computing
A State-Exploration Technique for Spi-Calculus Testing Equivalence Verification

FORTE/PSTV 2000 Proceedings of the FIP TC6 WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XIII) and Protocol Specification, Testing and Verification (PSTV XX)
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
A Framework for the Analysis of Security Protocols

CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
Using state space exploration and a natural deduction style message derivation engine to verify security protocols

PROCOMET '98 Proceedings of the IFIP TC2/WG2.2,2.3 International Conference on Programming Concepts and Methods
Casper: A Compiler for the Analysis of Security Protocols

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Athena: a New Efficient Automatic Checker for Security Protocol Analysis

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Computing Symbolic Models for Verifying Cryptographic Protocols

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations

Improving the security of industrial networks by means of formal verification

Computer Standards & Interfaces
Extended pi-Calculi

ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Tools for cryptographic protocols analysis: A technical and experimental comparison

Computer Standards & Interfaces
Models and Proofs of Protocol Security: A Progress Report

CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Security protocols: principles and calculi tutorial notes

Foundations of security analysis and design IV
A testing theory for a higher-order cryptographic language

ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Trace equivalence decision: negative tests and non-determinism

Proceedings of the 18th ACM conference on Computer and communications security
Automatic detection of attacks on cryptographic protocols: a case study

DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Formally based semi-automatic implementation of an open security protocol

Journal of Systems and Software
Automated verification of equivalence properties of cryptographic protocols

ESOP'12 Proceedings of the 21st European conference on Programming Languages and Systems
Security protocol verification: symbolic and computational models

POST'12 Proceedings of the First international conference on Principles of Security and Trust
Reduction of equational theories for verification of trace equivalence: re-encryption, associativity and commutativity

POST'12 Proceedings of the First international conference on Principles of Security and Trust
First-order reasoning for higher-order concurrency

Computer Languages, Systems and Structures
Protocol implementation generator

NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Proving more observational equivalences with proverif

POST'13 Proceedings of the Second international conference on Principles of Security and Trust

Quantified Score

Hi-index	0.02

Visualization

Abstract

Testing equivalence is a powerful means for expressing the security properties of cryptographic protocols, but its formal verification is a difficult task because of the quantification over contexts on which it is based. Previous articles have provided insights into using theorem-proving for the verification of testing equivalence of spi calculus specifications. This article addresses the same verification problem, but uses a state exploration approach. The verification technique is based on the definition of an environment-sensitive, labeled transition system representing a spi calculus specification. Trace equivalence defined on such a transition system coincides with testing equivalence. Symbolic techniques are used to keep the set of traces finite. If a difference in the traces of two spi descriptions (typically a specification and the corresponding implementation of a protocol) is found, it can be used to automatically build the spi calculus description of an intruder process that can exploit the difference.