Formal Modelling of Network Security Properties (Extended Abstract)

Gyesik Lee
2013 Interdisciplinary Research Theory and Technology   unpublished
Designing and implementing security protocols are errorprone. Moreover, security protocols are supposed to work securely even over insecure networks. Recent research progress has shown that applying formal methods can help in designing and implementing security protocols. The main objective of this paper is to present a general idea of using formal methods in the verification of security protocols. In particular, we show how to formally model intruders and security properties such as secrecy.
more » ... rmal Model-ling of Network Security Properties 3 as nonces and session keys, a set R of role name symbols, a set F of function symbols for such as global constants or hash functions. Given a language, terms are defined inductively. If t 1 and t 2 are terms, (t 1 , t 2 ) stands for composition of pairs and {t 1 } t2 for encryption of t 1 by using t 2 . It is assumed that encryption is perfect. There is a set E of equations over terms which specify identities among terms such as equations respecting Diffie-Hellman key assignments, etc. Given a language, a protocol specification, shortly a protocol, P describes the behaviour of each of the roles such as initiator, responder, key server, etc. In the specification, the behaviour of each role is formalised as a transition system describing how to create messages, how to react to the received messages, and how to manipulate them. It can be assumed that any agent in a role r could see the pattern of any message: nonces, agent names, session keys, pairs, encrypted messages, etc. Therefore, agent including the intruder can infer new knowledge from his initial knowledge together with the received messages. The knowledge inference can be inferred formally as follows:
doi:10.14257/astl.2013.29.05 fatcat:mimb6kjvcrd6zlarml26kkrxle