Sound Security Protocol Transformations

Abstract: Abstract. We propose a class of protocol transformations, which can be used to (1) develop (families of) security protocols by refinement and (2) abstract existing protocols to increase the efficiency of verification tools. We prove the soundness of these transformations with respect to an expressive security property specification language covering secrecy and authentication properties. Our work clarifies and significantly extends the scope of earlier work in this area. We illustrate the usefulness of our app… Show more

“…In the strictly typed setting without message variables of [28], we proved the simpler substitution property f (tθ) = f (t)f (θ). In combination with Theorem 1, (1) follows directly for θ = f (θ).…”

“…Extending Hui and Lowe's work [22], we proposed in [28] a rich class of protocol abstractions and proved its soundness for a wide range of security properties. We used a type system to uniformly transform all terms of a given type (e.g., a pattern in a role specification and its instance during execution) whereas [22] only covers ground terms.…”

“…For example, ProVerif [9,10] translates models in the applied pi calculus to a set of Horn clauses, SATMC [6] reduces protocol verification to SAT solving, and Paulson [29] models protocols as inductively defined trace sets. Finally, some abstractions aim at speeding up verification by simplifying protocols within a given protocol model before feeding them to verifiers [22,28]. Our work belongs to this class of front-end abstractions.…”

“…We validated our approach using SATMC. The work in [28] exhibits several limitations. (1) We did not support untyped variables, which are required to capture type flaw attacks and to accurately model DiffieHellman exchanges or ticket forwarding.…”

“…We also extend abstractions f to formulas φ ∈ L P of our property language by applying f to all terms occurring in φ (see [28] for a formal definition).…”

Abstractions for Security Protocol Verification

“…In the strictly typed setting without message variables of [28], we proved the simpler substitution property f (tθ) = f (t)f (θ). In combination with Theorem 1, (1) follows directly for θ = f (θ).…”

“…Extending Hui and Lowe's work [22], we proposed in [28] a rich class of protocol abstractions and proved its soundness for a wide range of security properties. We used a type system to uniformly transform all terms of a given type (e.g., a pattern in a role specification and its instance during execution) whereas [22] only covers ground terms.…”

“…For example, ProVerif [9,10] translates models in the applied pi calculus to a set of Horn clauses, SATMC [6] reduces protocol verification to SAT solving, and Paulson [29] models protocols as inductively defined trace sets. Finally, some abstractions aim at speeding up verification by simplifying protocols within a given protocol model before feeding them to verifiers [22,28]. Our work belongs to this class of front-end abstractions.…”

“…We validated our approach using SATMC. The work in [28] exhibits several limitations. (1) We did not support untyped variables, which are required to capture type flaw attacks and to accurately model DiffieHellman exchanges or ticket forwarding.…”

“…We also extend abstractions f to formulas φ ∈ L P of our property language by applying f to all terms occurring in φ (see [28] for a formal definition).…”

Abstractions for Security Protocol Verification

Sound Security Protocol Transformations

Abstractions for security protocol verification