Pitfalls in Formal Reasoning about Security Protocols

被引：2

作者：

Moebius, Nina ^{[1
]}

Stenzel, Kurt ^{[1
]}

Reif, Wolfgang ^{[1
]}

机构：

[1] Univ Augsburg, Inst Software & Syst Engn, D-8900 Augsburg, Germany

来源：

FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS | 2010年

关键词：

formal verification; security protocols;

D O I：

10.1109/ARES.2010.36

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Formal verification can give more confidence in the security of cryptographic protocols. Application specific security properties like "The service provider does not loose money" can give even more confidence than standard properties like secrecy or authentication. However, it is surprisingly easy to get a meaningful property slightly wrong. The result is that an insecure protocol can be 'proven' secure. We illustrate the problem with a very small application, a copy card, that has only five different messages. The example is taken from a paper where the protocol is secure, but the proved property slightly wrong. We propose to solve the problem by incorporating more of the real-world application into the formal model.

引用

页码：248 / 253

页数：6

共 50 条

[21] Formal modeling and verification of security protocols on cloud computing systems based on UML 2.3
Fang, Kunding
Li, Xiaohong
Hao, Jianye
Feng, Zhiyong
2016 IEEE TRUSTCOM/BIGDATASE/ISPA, 2016, : 852 - 859
[22] A Practical Approach to Formal Methods: An Eclipse Integrated Development Environment (IDE) for Security Protocols
Garcia, Remi
Modesti, Paolo
ELECTRONICS, 2024, 13 (23):
[23] Towards formal verification of IoT protocols: A Review
Hofer-Schmitz, Katharina
Stojanovic, Branka
COMPUTER NETWORKS, 2020, 174
[24] Automatic Verification of Simulatability in Security Protocols
Araragi, Tadashi
Pereira, Olivier
FOURTH INTERNATIONAL SYMPOSIUM ON INFORMATION ASSURANCE AND SECURITY, PROCEEDINGS, 2008, : 275 - +
[25] A Short Introduction to Two Approaches in Formal Verification of Security Protocols: Model Checking and Theorem Proving
Pourpouneh, Mohsen
Ramezanian, Rasoul
ISECURE-ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2016, 8 (01): : 3 - 24
[26] Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification
Gritzalis, S
Spinellis, D
Georgiadis, P
COMPUTER COMMUNICATIONS, 1999, 22 (08) : 697 - 709
[27] Formal verification and testing of protocols
Avresky, DR
COMPUTER COMMUNICATIONS, 1999, 22 (07) : 681 - 690
[28] Formal Methods for Payment Protocols
Basin, David
PROCEEDINGS OF THE 2023 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, ASIA CCS 2023, 2023, : 326 - 326
[29] Formal reasoning about synthetic biology using higher-order-logic theorem proving
Abed, Sa'ed
Rashid, Adnan
Hasan, Osman
IET SYSTEMS BIOLOGY, 2020, 14 (05) : 271 - 283
[30] Advancing the Automation Capability of Verifying Security Protocols
Wang, Wansen
Huang, Wenchao
Meng, Zhaoyi
Xiong, Yan
Su, Cheng
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2024, 21 (06) : 5059 - 5070

← 1 2 3 4 5 →