基于SAT的安全协议惰性形式化分析方法

doi:10.11959/j.issn.1000-436x.2014.11.013

Journal on Communications ›› 2014, Vol. 35 ›› Issue (11): 117-125.doi: 10.11959/j.issn.1000-436x.2014.11.013

• security protocol • Previous Articles Next Articles

SAT-based lazy formal analysis method for security protocols

Chun-xiang GU^1,²,Huan-xiao WANG¹,Yong-hui ZHENG^1,²,Dan XIN¹,Nan LIU^1,²

¹ Institute for Network Security，PLA Information Engineering University，Zhengzhou 450001，China
² State Key Laboratory of Mathematical Engineering and Advanced Computing，Wuxi 214125，China

Online:2014-11-25 Published:2017-06-20
Supported by:
Henan Provincial Science and Technology Innovation Fund for Outstanding Young;Foundation and Research in Cutting-edge Technologies in the Project of Henan Province

Abstract

Abstract:

A SAT-based security protocol formalization analysis method named SAT-LMC is proposed.The method introduces optimized the initial state and transformational rules with “lazy” idea.The efficiency of detection is significantly improved.Moreover，by adding support for strong type flaw attack defect，the attack detection becomes more comprehensive.A security protocol analysis tool is implemented based on the method; a type flaw attack is detected for protocol Otway-Rees.For OAuth2.0 protocol，analysis shows that there is a kind of man-in-the-middle attack of the authorization code in some application scenarios.

Key words: security protocols, formalization analysis, Boolean satisfiability problem, lazy analyze, type flaw attack

Chun-xiang GU,Huan-xiao WANG,Yong-hui ZHENG,Dan XIN,Nan LIU. SAT-based lazy formal analysis method for security protocols[J]. Journal on Communications, 2014, 35(11): 117-125.

Figures/Tables 4

References 14

[1]	SUN S T ， HAWKEY K ， BEZNOSOV K . Systematically breaking and fixing OpenID security:formal analysis，semi-automated empirical evaluation，and practical countermeasures[J]. Computers & Security， 2012，31(4): 465-483.
[2]	TASSANAVIBOON A ， GONG G . OAuth and ABE based authorization in semi-trusted cloud computing:aauth[A]. Proceedings of the second international workshop on Data intensive computing in the clouds[C]. ACM， 2011. 41-50.
[3]	ARMANDO A ， COMPAGNA L . SATMC:A SAT-based model checker for security protocols[M]. Logics in Artificial Intelligence. Springer Berlin Heidelberg， 2004. 730-733.
[4]	ARMANDO A ， BASIN D ， BOICHUT Y ，et al. The AVISPA tool for the automated validation of internet security protocols and applications[A]. Computer Aided Verification[C]. Springer Berlin Heidelberg， 2005. 281-285.
[5]	BRADLEY A R . SAT-based model checking without unrolling[A]. Verification，Model Checking，and Abstract Interpretation[C]. Springer Berlin Heidelberg， 2011. 70-87.
[6]	VIZEL Y ， GRUMBERG O ， SHOHAM S . Lazy abstraction and SAT-based reachability in hardware model checking[A]. Proceedings of the 12th Conference on Formal Methods in Computer-Aided Design[C]. 2012. 173-181.
[7]	JOHNSON S ， WILSON G ， TANG Y ，et al. SATMC:A Monte Carlo Markov chain approach to SED fitting[A]. American Astronomical Society Meeting Abstracts[C]. 2013.221.
[8]	LOWE G . An attack on the Needham-Schroeder public-key authentication protocol[J]. Information Processing Letters， 1995，56(3): 131-133.
[9]	ZORN G . Microsoft PPP CHAP extensions，version 2[EB/OL]. . 2000
[10]	BIRRELL A D ， NELSON B J . Implementing remote procedure calls[J]. ACM Transactions on Computer Systems-TOCS， 1984，2(1): 39-59.
[11]	HAMMER-LAHAV D E ， HARDT D.The OAuth2 . 0 Authorization Protocol[R]. IETF Internet Draft， 2011.
[12]	HEATHER J ， LOWE G ， SCHNEIDER S . How to prevent type flaw attacks on security protocols[J]. Journal of Computer Security， 2003，11(2): 217-244.
[13]	DOLEV D ， YAO A C . On the security of public key protocols[A]. Proceedings of the IEEE 22nd Annual Symposium on Foundations of Computer Science[C]. Nashville，TN， 1981, 350-357.
[14]	DAWS C ， OLIVERO A ， TRIPAKIS S ，et al. The Tool KRONOS[M]. Springer Berlin Heidelberg， 1996. 208-219.

Metrics

Recommended 0

No Suggested Reading articles found!

符号	定义
A→B :Message	实体A向实体B发送消息Message
{Message}_K	使用密钥K加密消息Message
{Message1.Message2}	Message1与Message2连接
new()	生成一个具有随机性的变量值
cons (k，S)	将变量k放入集合S中
in (k，S)	从集合 S 中按堆栈的顺序取出一个元素并赋值给k
delete (k，S)	将k从集合S中删除
ik (m)	攻击者知道消息m
msg (j，s，r，m)	在协议的第j步，实体s向实体r发送了消息m
secret(m，[s₁，…，s_i])	消息m在实体[s₁，…，s_i]之间秘密保存
witness (s，r，o，m)	实体s将变量o赋值为m，并请求与实体r认证
request (r，s，o，m，c)	在会话c中，实体r接收变量o的值为m并实现与s的认证

协议	检测状态/个	发现攻击路径	时间消耗/s
Otway-Rees	71/11	N/TFA	0.56/0.22
NSPK^[8]	21/8	MITM/MITM	0.31/0.14
CHAPv2^[9]	547/125	N/N	1.78/0.92
RPC^[10]	13/11	N/TFA	0.29/0.25
OAuth2.0^[11]	12214/8562	N/M	4.53/3.13

SAT-based lazy formal analysis method for security protocols

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 14

Related Articles 5

Metrics

Recommended 0

[1]	. SAT-based lazy formal analysis method for security protocols [J]. Journal on Communications, 2014, 35(11): 13-116.
[2]	. SIM: a secure IP protocol for MANET [J]. Journal on Communications, 2013, 34(Z1): 15-125.
[3]	Rong-sen LI,Wen-hua DOU. SIM: a secure IP protocol for MANET [J]. Journal on Communications, 2013, 34(Z1): 116-125.
[4]	Li-li YAN,Dai-yuan PENG,Yue-xiang GAO. Analysis and improvement of sensor networks security protocol [J]. Journal on Communications, 2011, 32(5): 139-145.
[5]	Chao FENG,Quan ZHANG,Chao-jing TANG. Computationally sound mechanized proofs for Diffie-Hellman key exchange protocols [J]. Journal on Communications, 2011, 32(10): 118-126.