Pitfalls in Formal Reasoning about Security Protocols

被引：2

作者：

Moebius, Nina ^{[1
]}

Stenzel, Kurt ^{[1
]}

Reif, Wolfgang ^{[1
]}

机构：

[1] Univ Augsburg, Inst Software & Syst Engn, D-8900 Augsburg, Germany

来源：

FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS | 2010年

关键词：

formal verification; security protocols;

D O I：

10.1109/ARES.2010.36

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Formal verification can give more confidence in the security of cryptographic protocols. Application specific security properties like "The service provider does not loose money" can give even more confidence than standard properties like secrecy or authentication. However, it is surprisingly easy to get a meaningful property slightly wrong. The result is that an insecure protocol can be 'proven' secure. We illustrate the problem with a very small application, a copy card, that has only five different messages. The example is taken from a paper where the protocol is secure, but the proved property slightly wrong. We propose to solve the problem by incorporating more of the real-world application into the formal model.

引用

页码：248 / 253

页数：6

共 50 条

[41] Safely composing security protocols
Véronique Cortier
Stéphanie Delaune
Formal Methods in System Design, 2009, 34 : 1 - 36
[42] Safely composing security protocols
Cortier, Veronique
Delaune, Stephanie
FORMAL METHODS IN SYSTEM DESIGN, 2009, 34 (01) : 1 - 36
[43] Developing Security Protocols by Refinement
Sprenger, Christoph
Basin, David
PROCEEDINGS OF THE 17TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'10), 2010, : 361 - 374
[44] Sessions and Separability in Security Protocols
Carbone, Marco
Guttman, Joshua D.
PRINCIPLES OF SECURITY AND TRUST, POST 2013, 2013, 7796 : 267 - 286
[45] Timed Analysis of Security Protocols
Szymoniak, Sabina
Siedlecka-Lamch, Olga
Kurkowski, Miroslaw
INFORMATION SYSTEMS ARCHITECTURE AND TECHNOLOGY - ISAT 2016 - PT II, 2017, 522 : 53 - 63
[46] DYNAMIC TAGS FOR SECURITY PROTOCOLS
Arapinis, Myrto
Delaune, Stephanie
Kremer, Steve
LOGICAL METHODS IN COMPUTER SCIENCE, 2014, 10 (02)
[47] Using formal reasoning on a model of tasks for FreeRTOS
Cheng, Shu
Woodcock, Jim
D'Souza, Deepak
FORMAL ASPECTS OF COMPUTING, 2015, 27 (01) : 167 - 192
[48] Formal Verification of e-Reputation Protocols
Kassem, Ali
Lafourcade, Pascal
Lakhnech, Yassine
FOUNDATIONS AND PRACTICE OF SECURITY (FPS 2014), 2015, 8930 : 247 - 261
[49] Formal Verification of Consensus Protocols: Survey and Perspective
Ge N.
He Y.-K.
Zhai S.-M.
Li X.-Z.
Zhang L.
Ruan Jian Xue Bao/Journal of Software, 2023, 34 (11): : 4989 - 5007
[50] On Formal Analysis of Cryptographic Protocols and Supporting Tool
Xiao Meihua
Jiang Yun
Liu Qiaowei
CHINESE JOURNAL OF ELECTRONICS, 2010, 19 (02): : 223 - 228

← 1 2 3 4 5 →