Formal verification: an imperative step in the design of security protocols

Authors:
Tom Coffey;Reiner Dojen;Tomas Flanagan
Affiliations:
Data Communication Security Laboratory, Department of Electronic and Computer Engineering, University of Limerick, Limerick, Ireland;Data Communication Security Laboratory, Department of Electronic and Computer Engineering, University of Limerick, Limerick, Ireland;Data Communication Security Laboratory, Department of Electronic and Computer Engineering, University of Limerick, Limerick, Ireland
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking
Year:
2003

Citing 10
Cited 6

The Interrogator: Protocol Secuity Analysis

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
A logic of authentication

SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Optimal privacy and authentication on a portable communications system

ACM SIGOPS Operating Systems Review
The inductive approach to verifying cryptographic protocols

Journal of Computer Security
Using encryption for authentication in large networks of computers

Communications of the ACM
C Programming

Dr. Dobb's Journal
A logic for modeling the dynamics of beliefs in cryptographic protocols

ACSC '01 Proceedings of the 24th Australasian conference on Computer science
On the design of security protocols for mobile communications

ACISP '96 Proceedings of the First Australasian Conference on Information Security and Privacy
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION

DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Authentication and payment in future mobile systems

Journal of Computer Security

Analysis of a mobile communication security protocol

ISICT '03 Proceedings of the 1st international symposium on Information and communication technologies
The concept of layered proving trees and its application to the automation of security protocol verification

ACM Transactions on Information and System Security (TISSEC)
Determining a parallel session attack on a key distribution protocol using a model checker

Proceedings of the 6th International Conference on Advances in Mobile Computing and Multimedia
A logic-based verification framework for authentication protocols

International Journal of Internet Technology and Secured Transactions
Countering jamming attacks against an authentication and key agreement protocol for mobile satellite communications

Computers and Electrical Engineering
A new mobile payment system with formal verification

International Journal of Internet Technology and Secured Transactions

Quantified Score

Hi-index	0.00

Visualization

Abstract

Traditionally, security protocols have been designed and verified using informal techniques. However, the absence of formal verification can lead to security errors remaining undetected. Formal verification techniques, on the other hand, provide a systematic way of discovering protocol flaws.This paper discusses the process of formal verification using modal logics. The verification process is demonstrated by way of case studies on three security protocols, which are designed for use in mobile communications. Our formal analysis discovers all known flaws in the three chosen protocols. Further, a hitherto unknown flaw is identified in these protocols. This flaw causes a protocol failure, which can be exploited in an attack where an adversary impersonates a legitimate protocol participant. A new protocol, resistant to this attack, is proposed and formally verified, giving confidence in the correctness of the protocol.The result of these case studies, where formal verification successfully discovers all these flaws, demonstrates that using formal verification techniques is an imperative step in the design of security protocols.