English

Soft Constraint Programming to Analysing Security Protocols

Cryptography and Security 2018-02-27 v1 Artificial Intelligence

Abstract

Security protocols stipulate how the remote principals of a computer network should interact in order to obtain specific security goals. The crucial goals of confidentiality and authentication may be achieved in various forms, each of different strength. Using soft (rather than crisp) constraints, we develop a uniform formal notion for the two goals. They are no longer formalised as mere yes/no properties as in the existing literature, but gain an extra parameter, the security level. For example, different messages can enjoy different levels of confidentiality, or a principal can achieve different levels of authentication with different principals. The goals are formalised within a general framework for protocol analysis that is amenable to mechanisation by model checking. Following the application of the framework to analysing the asymmetric Needham-Schroeder protocol, we have recently discovered a new attack on that protocol as a form of retaliation by principals who have been attacked previously. Having commented on that attack, we then demonstrate the framework on a bigger, largely deployed protocol consisting of three phases, Kerberos.

Keywords

Cite

@article{arxiv.cs/0312025,
  title  = {Soft Constraint Programming to Analysing Security Protocols},
  author = {Giampaolo Bella and Stefano Bistarelli},
  journal= {arXiv preprint arXiv:cs/0312025},
  year   = {2018}
}

Comments

29 pages, To appear in Theory and Practice of Logic Programming (TPLP) Paper for Special Issue (Verification and Computational Logic)