Synthesis of attack actions using model checking for the verification of security protocols

Security and Communication Networks

Volumn 4, Issue 2, 2011, Pages 147-161

  Basagiannis, Stylianos ^a   Katsaros, Panagiotis ^a   Pombortsis, Andrew ^a  

^a ARISTOTLE UNIVERSITY OF THESSALONIKI   (Greece)

Author keywords

Cryptographic protocols; Intruder modeling; Model checking

Indexed keywords

CRYPTOGRAPHY; DENIAL-OF-SERVICE ATTACK; NETWORK SECURITY;

CRYPTOGRAPHIC PROTOCOLS; INTRUDER MODELS; POTENTIAL ATTACK; PROTOCOL CORRECTNESS; SAFETY VIOLATIONS; SECURITY ANALYSIS TOOLS; SECURITY PROPERTIES; SECURITY PROTOCOLS;

MODEL CHECKING;

EID: 79251535326     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.119     Document Type: Article

References (37)

1. Dolev D, Yao A. On the security of public-key protocols. IEEE Transactions on Information Theory 1983; 29 (2): 198-208.
2. Basagiannis S, Katsaros P, Pombortsis A. Intrusion attack tactics for the model checking of e-commerce security guarantees. In Proceedings of the 26th International Conference on Computer Safety, Reliability and Security (SAFECOMP), Nuremberg, Germany, LNCS 4680, Springer Verlag, 2007; 238-251
3. The Spin Model Checker: Primer and Reference Manual Addison-Wesley, ISBN 0-321-22862-6.
4. The SPIN model checker official website, available at (last accessed 12/12/2008).
5. Obaidat MS. A methodology for improving computer access security. Computers & Security 1993; 12: 657-662.
6. Roscoe AW. The Theory and Practice of Concurrency. Prentice Hall: Upper Saddle River NJ, USA, 1998.
7. Yi Qian, Kejie Lu, Bo Rong, Tipper D. A design of optimal key management scheme for secure and survivable wireless sensor networks. Security and Communication Networks 2008; 1(1): 75-82.
8. Kremer S, Markowitch O, Zhou J. An intensive survey of fair non-repudiation protocols. Computer Communications 2002; 25(17): 1606-1621.
9. Holzmann GJ. Design and Validation of Computer Protocols. Prentice-Hall: Upper Saddle River, NJ, USA, 1991.
10. Hamdi M, Boudriga N. Computer and network security risk management: theory, challenges, and countermeasures. International Journal of Communication Systems 2005; 18(8): 763-793.
11. Meadows CA. Formal verification of cryptographic protocols: a survey. Advances in Cryptology-International Conference on the Theory and Application of Cryptology (ASIACRYPT), LNCS 917, Springer-Verlag, 1995; 133-150.
12. Cremers CJF. Feasibility of multi-protocol attacks. In Proceedings of the First International Conference on Availability, Reliability and Security, IEEE Computer Society Press, 2006.
13. Basagiannis S, Katsaros P, Pombortsis A, Alexiou N. A probabilistic attacker model for quantitative verification of DoS security threats. In Proceedings of the 32nd Annual International Computer and Applications Software (COMPSAC), Turku, Finland, 2008.
14. Moskowitz R, Nikander P, Jokela P, Henderson T. Host Identity Protocol. Internet Engineering Task Force, 2008; RFC5201.
15. Rivest RL, Shamir A. Payword and Micromint: two simple micropayment schemes. In Proceedings of the Fourth International Workshop on Security Protocols, LNCS 1189, Springer-Verlag, 1996; 69-87.
16. Millen JK, Clark SC, Freedman SB. The interrogator: protocol security analysis. IEEE Transactions on Software Engineering 1987; 13(2): 274-288.
17. Clarke EM, Jha S, Marrero W. Verifying security protocols with Brutus. ACM Transactions on Software Engineering and Methodology 2000; 9(4): 443-487.
18. Mitchell JC, Mitchell M, Stern U. Automated analysis of cryptographic protocols using Murφ, In Proceedings of the IEEE Symposium on Research in Security and Privacy, IEEE Computer Society, 1997; 141-153.
19. Roscoe AW. Modeling and verifying key-exchange protocols using CSP and FDR, In Proceedings of the 8th IEEE Computer Security Foundations Workshop, IEEE Computer Society, 1995; 98-107.
20. Woo TYC, Lam SS. A semantic model for authentication protocols. In Proceedings of the IEEE Symposium on Research in Security and Privacy, 1993.
21. Shmatikov V, Mitchell JC. Finite-state analysis of two contract signing protocols. Theoretical Computer Science 2002; 283: 419-450.
22. Burrows M, Abadi M, Needham R. A logic of authentication. ACM Transaction on Computer Systems 1990; 8(1): 18-36.
23. Nessett Dan M. A critique of the Burrows, Abadi and Needham logic. ACMSIGOPS Operating Systems Review 1990; 24(2): 35-38.
24. Basin D, Modersheim S, Vigano L. OFMC: a symbolic model-checker for security protocols. International Journal of Information Security 2005; 4(3): 181-208.
25. Lowe G. Casper: a compiler for the analysis of security protocols. In Proceedings of the IEEE Computer Security Foundations Workshop, IEEE Computer Society, 1997; 18-30.
26. Meadows C, Kemmerer R, Millen J. Three systems for cryptographic protocol analysis. Journal of Cryptology 1994; 7(2): 79-130.
27. Gritzalis S, Spinellis D, Georgiadis P. Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification. Computer Communications 1999; 22: 697-709.
28. AVISPA: automated validation of Internet security protocols and applications, 2003. FET Open Project IST-2001-3925 2
29. Cederquist JG, Dashti MT. An intruder model for verifying liveness in security protocols. In Proceedings of the fourth ACM workshop on Formal Methods in Security (FMSE '06), Alexandria, Virginia, USA, 2006; 23-32
30. Lowe G. Towards a completeness result for model-checking of Security Protocols, In Proceedings of the 11th Computer Security Foundations Workshop. IEEE Computer Society Press, 1998.
31. Roscoe AW, Goldsmith M. The perfect spy for model-checking cryptoprotocols, In Proceedings of the Workshop on Design and Formal Verification of Security Protocols (DIMACS), 1997.
32. Clark J, Jacob J. A survey of authentication protocol literature: version 1.0, Technical Report, University of York, 1997.
33. Heather J, Lowe G, Schneider S. How to prevent type flaw attacks on security protocols, In Proceedings of the 13th IEEE Computer Security Foundations Workshop, IEEE Computer Society, 2000; 255-268.
34. Carlsen U. Cryptographic protocol flaws-Know your enemy, In Proceedings of the 7th IEEE Computer Security Foundations Workshop, IEEE Computer Society, 1994; 192-200.
35. Syverson P, Cervesato I. The logic of authentication protocols. In Proceedings of the 1st International School on Foundations of Security Analysis and Design (FOSAD 2000) LNCS 2171, Springer-Verlag, 2001, 63-137.
36. Liao Q, Cieslak DA, Striegel AD, Chawla NV. Using selective, short-term memory to improve resilience against DDoS exhaustion attacks. Security and Communication Networks. 2008; 1(4): 287-299.
37. Rivest RL. The MD5 Message-Digest Algorithm, Internet informational RFC 1321, 1992.