A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space

Yongjian Li; Hongjian Jiang; Yongxin Zhao

doi:10.1007/978-3-031-64626-3_18

A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space

Yongjian Li
, Hongjian Jiang
, Yongxin Zhao^*

^*Corresponding author for this work

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Security protocols are essential to ensure privacy, integrity, and authentication. However, to guarantee the security objectives of a protocol, formal tools are necessary. Currently, existing formal tools employ specific input languages to model protocols. Typically, protocols are presented in strand space specification format in textbooks, which depict the messages shared among trusted communication participants during a correct protocol operation. Strand space specifications prioritize conciseness and readability over formal preciseness, and their formal semantics are only considered and clarified in specific contexts. Therefore, a gap exists between strand space specifications and the modelling languages of formal tools. To address this issue, we propose a verified security scheme with the operational semantics of strand space. We successfully tested our framework on several typical protocol benchmarks using the model checker Murphi and identified potential attacks on them. In summary, our framework offers an innovative and comprehensible scheme for model checking security protocols.

Original language	English
Title of host publication	Theoretical Aspects of Software Engineering - 18th International Symposium, TASE 2024, Proceedings
Editors	Wei-Ngan Chin, Zhiwu Xu
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	306-323
Number of pages	18
ISBN (Print)	9783031646256
DOIs	https://doi.org/10.1007/978-3-031-64626-3_18
State	Published - 2024
Event	18th International Symposium on Theoretical Aspects of Software Engineering, TASE 2024 - Guiyang, China Duration: 29 Jul 2024 → 1 Aug 2024

Publication series

Name	Lecture Notes in Computer Science
Volume	14777 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	18th International Symposium on Theoretical Aspects of Software Engineering, TASE 2024
Country/Territory	China
City	Guiyang
Period	29/07/24 → 1/08/24

Access to Document

10.1007/978-3-031-64626-3_18

Cite this

Li, Y., Jiang, H., & Zhao, Y. (2024). A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space. In W.-N. Chin, & Z. Xu (Eds.), Theoretical Aspects of Software Engineering - 18th International Symposium, TASE 2024, Proceedings (pp. 306-323). (Lecture Notes in Computer Science; Vol. 14777 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-64626-3_18

Li, Yongjian ; Jiang, Hongjian ; Zhao, Yongxin. / A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space. Theoretical Aspects of Software Engineering - 18th International Symposium, TASE 2024, Proceedings. editor / Wei-Ngan Chin ; Zhiwu Xu. Springer Science and Business Media Deutschland GmbH, 2024. pp. 306-323 (Lecture Notes in Computer Science).

@inproceedings{08926de8d8b441faa8d1b16b3070fe3c,

title = "A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space",

abstract = "Security protocols are essential to ensure privacy, integrity, and authentication. However, to guarantee the security objectives of a protocol, formal tools are necessary. Currently, existing formal tools employ specific input languages to model protocols. Typically, protocols are presented in strand space specification format in textbooks, which depict the messages shared among trusted communication participants during a correct protocol operation. Strand space specifications prioritize conciseness and readability over formal preciseness, and their formal semantics are only considered and clarified in specific contexts. Therefore, a gap exists between strand space specifications and the modelling languages of formal tools. To address this issue, we propose a verified security scheme with the operational semantics of strand space. We successfully tested our framework on several typical protocol benchmarks using the model checker Murphi and identified potential attacks on them. In summary, our framework offers an innovative and comprehensible scheme for model checking security protocols.",

author = "Yongjian Li and Hongjian Jiang and Yongxin Zhao",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; 18th International Symposium on Theoretical Aspects of Software Engineering, TASE 2024 ; Conference date: 29-07-2024 Through 01-08-2024",

year = "2024",

doi = "10.1007/978-3-031-64626-3\_18",

language = "英语",

isbn = "9783031646256",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "306--323",

editor = "Wei-Ngan Chin and Zhiwu Xu",

booktitle = "Theoretical Aspects of Software Engineering - 18th International Symposium, TASE 2024, Proceedings",

address = "德国",

}

Li, Y, Jiang, H & Zhao, Y 2024, A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space. in W-N Chin & Z Xu (eds), Theoretical Aspects of Software Engineering - 18th International Symposium, TASE 2024, Proceedings. Lecture Notes in Computer Science, vol. 14777 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 306-323, 18th International Symposium on Theoretical Aspects of Software Engineering, TASE 2024, Guiyang, China, 29/07/24. https://doi.org/10.1007/978-3-031-64626-3_18

A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space. / Li, Yongjian; Jiang, Hongjian; Zhao, Yongxin.
Theoretical Aspects of Software Engineering - 18th International Symposium, TASE 2024, Proceedings. ed. / Wei-Ngan Chin; Zhiwu Xu. Springer Science and Business Media Deutschland GmbH, 2024. p. 306-323 (Lecture Notes in Computer Science; Vol. 14777 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space

AU - Li, Yongjian

AU - Jiang, Hongjian

AU - Zhao, Yongxin

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

PY - 2024

Y1 - 2024

N2 - Security protocols are essential to ensure privacy, integrity, and authentication. However, to guarantee the security objectives of a protocol, formal tools are necessary. Currently, existing formal tools employ specific input languages to model protocols. Typically, protocols are presented in strand space specification format in textbooks, which depict the messages shared among trusted communication participants during a correct protocol operation. Strand space specifications prioritize conciseness and readability over formal preciseness, and their formal semantics are only considered and clarified in specific contexts. Therefore, a gap exists between strand space specifications and the modelling languages of formal tools. To address this issue, we propose a verified security scheme with the operational semantics of strand space. We successfully tested our framework on several typical protocol benchmarks using the model checker Murphi and identified potential attacks on them. In summary, our framework offers an innovative and comprehensible scheme for model checking security protocols.

AB - Security protocols are essential to ensure privacy, integrity, and authentication. However, to guarantee the security objectives of a protocol, formal tools are necessary. Currently, existing formal tools employ specific input languages to model protocols. Typically, protocols are presented in strand space specification format in textbooks, which depict the messages shared among trusted communication participants during a correct protocol operation. Strand space specifications prioritize conciseness and readability over formal preciseness, and their formal semantics are only considered and clarified in specific contexts. Therefore, a gap exists between strand space specifications and the modelling languages of formal tools. To address this issue, we propose a verified security scheme with the operational semantics of strand space. We successfully tested our framework on several typical protocol benchmarks using the model checker Murphi and identified potential attacks on them. In summary, our framework offers an innovative and comprehensible scheme for model checking security protocols.

UR - https://www.scopus.com/pages/publications/105001431078

U2 - 10.1007/978-3-031-64626-3_18

DO - 10.1007/978-3-031-64626-3_18

M3 - 会议稿件

AN - SCOPUS:105001431078

SN - 9783031646256

T3 - Lecture Notes in Computer Science

SP - 306

EP - 323

BT - Theoretical Aspects of Software Engineering - 18th International Symposium, TASE 2024, Proceedings

A2 - Chin, Wei-Ngan

A2 - Xu, Zhiwu

PB - Springer Science and Business Media Deutschland GmbH

T2 - 18th International Symposium on Theoretical Aspects of Software Engineering, TASE 2024

Y2 - 29 July 2024 through 1 August 2024

ER -

Li Y, Jiang H, Zhao Y. A Formally Verified Scheme for Security Protocols with the Operational Semantics of Strand Space. In Chin WN, Xu Z, editors, Theoretical Aspects of Software Engineering - 18th International Symposium, TASE 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. p. 306-323. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-64626-3_18