Abstract

Security protocols are communication protocols that are used when agents communicate sensitive information in hostile environments. They are meant to achieve security goals such as the secrecy of a piece of communicated information or the authenticity of an agent's identity. Their two main characteristics are the use of cryptographic operations such as encryption or digital signatures and the assumption that communication takes place in the presence of a malicious intruder. It is therefore necessary to make sure that the protocol design is correct and will thus achieve its security goals even when under attack by the intruder. Design verification for security protocols is no easy task; a successful attack on the Needham-Shroeder authentication protocol was discovered 17 years after the protocol had been published. We present a, framework for the specification and analysis of security protocols. The specification language is close to the standard "arrow" notation used by protocol designers and practitioners, however, we add some constructs to declare persistent and fresh knowledge for agents. The analysis that we conduct consists of two stages: Modeling and verification. The model we use for protocols is based on game-semantics, in which the emphasis is put on interaction. The protocol is modeled as a game between the intruder and agents. Verification amounts to finding successful strategies for either the agent or the intruder. For instance, if the protocol goal is to achieve fairness in exchanges between possibly cheating agents, then the verification algorithm searches the game tree to insure that each non-cheating agent is not put at a disadvantage with respect to other agents. In order to he able to specify a wide range of security properties of strategies, we propose a logic having modal, temporal and linear characteristics. The logic is also equipped with a tableau-based proof system that serves as a basis for a model checking algorithm. To validate our approach, we designed and implemented a software environment that verifies protocol specifications against required properties. We use this environment to conduct case studies.