Skip to main content
Log in

Cryptographic protocol security analysis based on bounded constructing algorithm

  • Published:
Science in China Series F Aims and scope Submit manuscript

Abstract

An efficient approach to analyzing cryptographic protocols is to develop automatic analysis tools based on formal methods. However, the approach has encountered the high computational complexity problem due to reasons that participants of protocols are arbitrary, their message structures are complex and their executions are concurrent. We propose an efficient automatic verifying algorithm for analyzing cryptographic protocols based on the Cryptographic Protocol Algebra (CPA) model proposed recently, in which algebraic techniques are used to simplify the description of cryptographic protocols and their executions. Redundant states generated in the analysis processes are much reduced by introducing a new algebraic technique called Universal Polynomial Equation and the algorithm can be used to verify the correctness of protocols in the infinite states space. We have implemented an efficient automatic analysis tool for cryptographic protocols, called ACT-SPA, based on this algorithm, and used the tool to check more than 20 cryptographic protocols. The analysis results show that this tool is more efficient, and an attack instance not offered previously is checked by using this tool.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Dolev, D., Yao, A., On the security of public key protocols, IEEE Transactions on Information Theory, 1983, 29(2): 198–208.

    Article  MathSciNet  Google Scholar 

  2. Huai Jinpeng, Li Xianxian, Algebra model and security analysis for cryptographic protocols, Science in China, Series F, 2004, 47(2): 199–220.

    Article  MathSciNet  Google Scholar 

  3. Comon, H., Shmatikov, V., Is it possible to decide whether a cryptographic protocol is secure or not? Journal of Telecommunications and Information Technology, 2002, (4): 5–15.

  4. Lowe, G., Breaking and fixing the Needham-Schroeder public-key protocols using FDR, In Lecture Notes in Computer Science, Vol. 1055, Berlin: Springer-Verlag, 1996, 147–166.

    Google Scholar 

  5. Mitchell, J. C., Mitchell, M., Stern, U., Automated analysis of cryptographic protocols using murφ, in Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, CA: IEEE Computer Society Press, 1997.

    Google Scholar 

  6. Millen, J., The Interrogator model, in Proceedings of the 1995 IEEE Symposium on Security and Privacy, Washington, DC: IEEE Computer Society Press, 1995, 251–260.

    Google Scholar 

  7. Clarke, E., Jha, S., Marrero W., Verifying security protocols with Brutus, ACM Transactions on Software Engineering and Methodology, 2000, 9(4): 443–487.

    Article  Google Scholar 

  8. Durgin, N., Lincoln, P. et al., Undecidability of bounded security protocols, in Electronic Proceedings of the Workshop on Formal Methods and security protocols, 1999.

  9. Meadows, C., A model of computation for the NRL protocol analyzer, in Proceedings of the 1994 Computer Security Foundations Workshop, Franconia, New Hampshire: IEEE Computer Society Press, 1994.

    Google Scholar 

  10. Huima, A., Efficient infinite-state analysis of security protocols, in Proceedings FLOC Workshop on Formal Methods of Security Protocols, Italy, 1999.

  11. Song, D., Berezin, S., Perrig, A., Athena: a novel approach to efficient automatic security protocol analysis, Journal of Computer Security, 2001, 9(2): 47–74.

    Google Scholar 

  12. Thayer, F. F., Herzog, J. C., Guttman, J. D., Honest ideals on strand spaces, in Proceedings of 1998 Computer Security Foundations Workshop, June 1998.

  13. Paul, S., A taxonomy of replay attacks, in Proceedings of the Computer Security Foundations Workshop VII, Franconia NH, June 1994, 187–191.

  14. Boreale, M., Buscemi, M., Experimenting with STA, a Tool for Automatic Analysis of Security Protocols, Proc. of SAC ’02, Madrid: ACM Press, 2002, 281–285.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Li Xianxian.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Li, X., Huai, J. Cryptographic protocol security analysis based on bounded constructing algorithm. SCI CHINA SER F 49, 26–47 (2006). https://doi.org/10.1007/s11432-004-0512-y

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-004-0512-y

Keywords

Navigation