Efficient Verification of Cryptographic Protocols with Dynamic Epistemic Logic

Abstract: The security of cryptographic protocols has always been an important issue. Although there are various verification schemes of protocols in the literature, efficiently and accurately verifying cryptographic protocols is still a challenging research task. In this work, we develop a formal method based on dynamic epistemic logic to analyze and describe cryptographic protocols. In particular, we adopt the action model to depict the execution process of the protocol. To verify the security, the intruder’s actions … Show more

“…In protocol security analysis simulations, only data transmission and protocol state transitions are modeled within the simulation system; by contrast, in static software security assessment, the properties of the instructions, libraries and instruction sequences are examined to identify potential vulnerabilities. In this sense, the two approaches work complementarily, but cannot be combined due to the fundamental differences in the modeling level and tools (e.g., Petri-Nets, Promela processes and messages, Scyther roles and claims or BAN constructs [105,106] vs. concrete software instructions. Typically, a protocol has first to be verified for correctness and security, and subsequently its implementations need to be checked, to ensure that protocol security guarantees are not undermined due to security issues in the code.…”

On the Design of IoT Security: Analysis of Software Vulnerabilities for Smart Grids

“…In protocol security analysis simulations, only data transmission and protocol state transitions are modeled within the simulation system; by contrast, in static software security assessment, the properties of the instructions, libraries and instruction sequences are examined to identify potential vulnerabilities. In this sense, the two approaches work complementarily, but cannot be combined due to the fundamental differences in the modeling level and tools (e.g., Petri-Nets, Promela processes and messages, Scyther roles and claims or BAN constructs [105,106] vs. concrete software instructions. Typically, a protocol has first to be verified for correctness and security, and subsequently its implementations need to be checked, to ensure that protocol security guarantees are not undermined due to security issues in the code.…”

On the Design of IoT Security: Analysis of Software Vulnerabilities for Smart Grids