Cryptographic protocol security analysis based on bounded constructing algorithm

1 Introduction 1.1 Background Cryptographic protocols have been used to provide security services for many applications on the open communication environment. More and more cryptographic protocols will be designed to solve the increasing security requirem…     

一种时间相关安全协议的自动验证工具

设计并实现了一个时间相关安全协议的自动验证工具。工具以一种时间相关安全协议逻辑TCPL为基础,以XML语言为描述方式,采用构造分层逻辑树的方法,完成了对安全协议目标的自动验证。实现结果表明,该工具简化了安全协议的证明过程,提高了效率,具有较好的实用性。     

SPA:新的高效安全协议分析系统

研制高效的自动分析系统是密码协议安全性分析的一项关键任务,然而由于密码协议的分析非常复杂,存在大量未解决的问题,使得很多现有分析系统在可靠性和效率方面仍存在许多局限性．该文基于一种新提出的密码协议代数模型和安全性分析技术,设计并实现了一个高效的安全协议安全性自动分析系统(Security Protocol Analyzer,SPA)．首先对协议安全目标进行规范,然后从初始状态出发,采用有效的搜索算法进行分析证明,试图发现针对协议的安全漏洞．使用该系统分析了10多个密码协议的安全性,发现了一个未见公开的密码协议攻击实例．实验数据显示,该系统与现有分析工具相比,具有较高的分析可靠性和效率,可作为网络系统安全性评测以及密码协议设计的有效辅助工具．     

TMN密码协议的SMV分析

MV是分析有限状态系统的一种工具,三方密码协议运行模式分析法是分析密码协议的有效方法之一,为了说明这种方法的可行性,使用三方密码协议运行模式分析法,并借助状态探测工具SMV分析了TMN密码协议,并成功地找到了对TMN协议的19种攻击。     

Unification Modulo Homomorphic Encryption

Encryption ‘distributing over pairs’ is a technique employed in several cryptographic protocols. We show that unification is decidable for an equational theory HE specifying such an encryption. The method consists in transforming any given problem in such a way, that the resulting problem can be solved by combining a graph-based reasoning on its equations involving the homomorphisms, with a syntactic reasoning on its pairings. We show HE-unification to be NP-hard and in EXPTIME. We also indicate, briefly, how to extend HE-unification to Cap unification modulo HE, that can be used as a tool for modeling and analyzing cryptographic protocols where encryption follows the ECB mode, i.e., is done block-wise on messages.     

Neuman-Stubblebine协议的串空间模型及分析

串空间模型是一种新兴的密码协议形式化分析工具,其理论中理想和诚实概念的提出大大减少了协议的证明步骤.首次利用串空间理论从机密性和认证性两个方面对Neuman-Stubblebine协议进行了分析.分析结果证明该协议是安全的,而且理想对公开密钥算法和对称密钥算法产生的协议的分析都是有效的.     

Yahalom-Paulson协议的串空间模型与分析

串空间模型是一种新兴的密码协议形式化分析工具,其理论中理想和诚实概念的提出大大减少了协议的证明步骤。首次利用串空间理论从机密性和认证性两个方面对Yahalom-Paulson协议进行了分析。分析结果证明该协议是安全的。     

Security by typing

We present an approach for analyzing cryptographic protocols that are subject to attack from an active intruder who takes advantage of knowledge of the protocol rules. The approach uses a form of type system in which types are communication steps and typing constraints characterize all the messages available to the intruder. This reduces verification of authentication and secrecy properties to a typing problem in our type system. We present the typing rules, prove soundness of a type inference algorithm, and establish the correctness of the typing rules with respect to the protocol execution and intruder actions. The protocol specifications used in the approach can be automatically extracted from the conventional, informal cryptographic protocol notation commonly found in the literature. To validate the approach, we implement our algorithm in a tool called DYMNA, which is a practical and efficient environment for the specification and analysis of cryptographic protocols.     

设计密码协议的若干原则与方法

传统的密码协议设计主要考虑理想环境下运行的安全性。为了设计实用安全的密码协议,首先对理想环境下密码协议中存在的主要攻击进行研究和总结,提出四条协议设计原则,以避免常见的设计缺陷;然后通过对消息完整性的研究,提出一种协议转换算法,可将理想环境下安全的密码协议转换为现实环境下安全的密码协议,并证明算法的安全性。该转换算法的提出,有助于设计在现实环境下运行安全的密码协议。     

Algebra model and security analysis for cryptographic protocols

With the rapid growth of the Internet and the World Wide Web a large number of cryptographic protocols have been deployed in distributed systems for various application requirements, and security problems of distributed systems have become very important issues. There are some natural problems: does the protocol have the right properties as dictated by the requirements of the system? Is it still secure that multiple secure cryptographic protocols are concurrently executed? How shall we analy…     

一种基于规划理论的密码协议形式模型

将规划理论引入到密码协议形式化分析领域,结合密码协议在实际网络环境中的运行特点和规律,提出了密码协议攻击规划理论;建立了一种对密码协议进行安全性验证的形式化模型,即密码协议攻击规划问题模型;给出了模型的一阶语法、形式定义及相关运算语义.同时,分析了Dolev-Yao模型的不足之处,基于基本消息元素策略对其进行了改进;并通过增强应用语义来保证改进模型的可行性,从而避免了"状态空间爆炸"问题的发生,提高了密码协议攻击规划问题模型的完备性;并给出了基于该模型的NS公钥协议分析实例.提出的密码协议形式模型是证伪的,目的在于对密码协议进行验证,并查找协议中可能存在的漏洞,既可以方便地进行手工推导证明,也非常易于自动化实现.     

Tools for cryptographic protocols analysis: A technical and experimental comparison

The tools for cryptographic protocols analysis based on state exploration are designed to be completely automatic and should carry out their job with a reasonable amount of computing and storage resources, even when run by users having a limited amount of expertise in the field. This paper compares four tools of this kind to highlight their features and ability to detect bugs under the same experimental conditions. To this purpose, the ability of each tool to detect known flaws in a uniform set of well-known cryptographic protocols has been checked. Results are also given on the relative performance of the tools when analysing several known-good protocols with an increasing number of parallel sessions.     

一种基于问题求解理论的密码协议形式模型

提出了一种基于问题求解理论的密码协议模型，给出了模型的基本语法以及基于ρ演算的形式语义，明确了模型推理过程中涉及到的一些关键性的概念和命题。该模型具有以下特点：能够对密码协议进行精确的形式化描述；具有合理可靠的可证明语义；对密码协议安全性的定义精确合理；便于实现自动化推理。所有这些均确保了基于该模型的密码协议安全性分析的合理性和有效性，为正确的分析密码协议的安全性提供了可靠依据。     

基于图元的事件图生成算法

与单轮运行情形不同,多轮并发运行的密码协议存在更为复杂的安全性问题。并发运行密码协议的形式化分析对象包括密码协议的多轮并发运行和多个密码协议的并发运行两种情形,且二者具有统一的形式化模型。基于扩展的串空间模型和Spi演算理论,提出用于并发运行密码协议安全属性验证的事件图模型。图元是事件图的构造单元,它满足消息事件之间的通信关系和前驱关系约束以及消息语句的新鲜性约束。定义消息事件之间、图元之间以及消息事件和图元之间的前缀、组合和选择运算,并给出事件图生成算法。     

Computationally sound implementations of equational theories against passive adversaries

In this paper we study the link between formal and cryptographic models for security protocols in the presence of passive adversaries. In contrast to other works, we do not consider a fixed set of primitives but aim at results for arbitrary equational theories. We define a framework for comparing a cryptographic implementation and its idealization with respect to various security notions. In particular, we concentrate on the computational soundness of static equivalence, a standard tool in cryptographic pi calculi. We present a soundness criterion, which for many theories is not only sufficient but also necessary. Finally, to illustrate our framework, we establish the soundness of static equivalence for the exclusive OR and a theory of ciphers and lists.     

一种多项式时间复杂度的密码协议秘密性验证方法

密码协议的秘密性验证是网络安全领域的一个难题,本文在提出协议行为结构的基础上,通过对协议行为及其结构的分析,提出了一种新的密码协议的秘密性验证算法,该算法的时间复杂度是多项式时间的,从而简化了秘密性验证过程,文中最后,作为实例,给出了TMN密码协议的秘密性验证。     

基于CCS的加密协议分析

加密协议的分析需要形式化的方法和工具.该文定义了加密协议描述语言PEP (principals+environment=protocol),并说明对于一类加密协议,其PEP描述可以转化为有穷的基本CCS进程,由此可以在基于CCS的CWB(concurrency workbench)工具中分析加密协议的性质.此方法的优点在于隐式地刻画攻击者的行为,试图通过模型检查(model checking)发现协议潜在的安全漏洞,找到攻击协议的途径.     

一种分析密码协议的新逻辑

提出了一种分析密码协议的新逻辑。针对信息安全的需要,给出了一套与加解密、签名等密码学操作有关的构造和推理规则,举例说明此逻辑在分析密码协议中的应用,并讨论了需要进一步研究的问题。     

Improving the security of industrial networks by means of formal verification

Computer networks are exposed to serious security threats that can even have catastrophic consequences from both the points of view of economy and safety if such networks control critical infrastructures, such as for example industrial plants. Security must then be considered as a fundamental issue starting from the earlier phases of the design of a system, and suitable techniques and tools should be adopted to satisfy the security-related requirements. The focus of this paper is on how formal methods can help in analysing the standard cryptographic protocols used to implement security-critical services such as authentication and secret keys distribution in critical environments. The analysis of the 802.11 shared key authentication protocol by S³A, a fully automatic software tool that is based on a formal approach, is illustrated as a case study, which also highlights the peculiarities of analysing protocols based on wireless channels.     

基于

Formal methods and tools are key aspects for the analysis of cryptographic protocols. In this paper, a formal language PEP (principals+environment=protocol) for the specification of cryptographic protocols is proposed. For some cryptographic protocols, their PEP specifications can be translated into finite basic CCS processes, so it is possible to analyze the security properties using CCS-based tools such as CWB (concurrency workbench). The advantage of the mothod proposed in this paper is that the actions of the attacker can be implicitly specified, and if the potential back door of the protocol analyzed exists, the attacking action trace can be explicitly found out by model checker.