State Space Reduction with Message Inspection in Security Protocol Model Checking
📝 Abstract
Model checking is a widespread automatic formal analysis that has been successful in discovering flaws in security protocols. However existing possibilities for state space explosion still hinder analyses of complex protocols and protocol configurations. Message Inspection, is a technique that delimits the branching of the state space due to the intruder model without excluding possible attacks. In a preliminary simulation, the intruder model tags the eavesdropped messages with specific metadata that enable validation of feasibility of possible attack actions. The Message Inspection algorithm then decides based on these metadata, which attacks will certainly fail according to known security principles. Thus, it is a priori known that i.e. an encryption scheme attack cannot succeed if the intruder does not posses the right key in his knowledge. The simulation terminates with a report of the attack actions that can be safely removed, resulting in a model with a reduced state space.
💡 Analysis
Model checking is a widespread automatic formal analysis that has been successful in discovering flaws in security protocols. However existing possibilities for state space explosion still hinder analyses of complex protocols and protocol configurations. Message Inspection, is a technique that delimits the branching of the state space due to the intruder model without excluding possible attacks. In a preliminary simulation, the intruder model tags the eavesdropped messages with specific metadata that enable validation of feasibility of possible attack actions. The Message Inspection algorithm then decides based on these metadata, which attacks will certainly fail according to known security principles. Thus, it is a priori known that i.e. an encryption scheme attack cannot succeed if the intruder does not posses the right key in his knowledge. The simulation terminates with a report of the attack actions that can be safely removed, resulting in a model with a reduced state space.
📄 Content
State Space Reduction with Message Inspection in
Security Protocol Model Checking
Stylianos Basagiannis
Panagiotis Katsaros
Andrew Pombortsis
Department of Informatics, Aristotle University of Thessaloniki, 54124 Thessaloniki, Greece, {basags, katsaros, apombo}csd.auth.gr Abstract. Model checking is a widespread automatic formal analysis that has been successful in discovering flaws in security protocols. However existing possibilities for state space explosion still hinder analyses of complex protocols and protocol configurations. Message Inspection, is a technique that delimits the branching of the state space due to the intruder model without excluding possible attacks. In a preliminary simulation, the intruder model tags the eavesdropped messages with specific metadata that enable validation of feasibility of possible attack actions. The Message Inspection algorithm then decides based on these metadata, which attacks will certainly fail according to known security principles. Thus, it is a priori known that i.e. an encryption scheme attack cannot succeed if the intruder does not posses the right key in his knowledge. The simulation terminates with a report of the attack actions that can be safely removed, resulting in a model with a reduced state space. Keywords: security protocols, verification, model checking, intrusion attacks 1 Introduction Security analyses of existing cryptographic protocols have shown that protocols’ flaws can be revealed despite the cryptographic primitives used. While perfect encryptions by key-based cryptographic schemes or use of hash functions are considered techniques have been proved secure, the communication procedure may contain logical-based errors that can be exploited by an intruder model. In the related bibliography [1, 2] there are examples of protocols that were published with errors, which remained undiscovered for many years. Thus, formal ways of reasoning [3] for whether a given protocol meets its security goals is an absolute necessity. Model checking is a fully automatic analysis technique that has been successful in discovering flaws in communication protocols. However, ongoing research has not stopped to look for new ways to tackle the problem of state space explosion, which still prevents analyses of complex protocols and protocol configurations (e.g. higher bounds in the number of ongoing protocol sessions). In general-purpose model checking [4], state space explosion comes from the asynchronous composition of the modeled concurrent processes and the inherent symmetry redundancy of models in many different problem domains. Model checking security guarantees such as secrecy and authentication is based on the hardest possible assumptions for the dominance of the intruder over the communication between the protocol participants. These assumptions represent the general Dolev-Yao intruder model [5]: the intruder can intercept any message transmitted on a public communication channel and can also replace it with a message constructed from his initial knowledge and parts of the messages sent by the participants in the same or in other protocol sessions (intruder’s knowledge base). The new messages are created by applying one or more out of four (4) basic operations: encryption, decryption, concatenation and projection. Also, a typical Dolev-Yao intruder model includes additional assumptions, such as the un-breakability of the encryption used and the possibility the intruder to prevent an original message from reaching its destination. With the mentioned assumptions, any attempt to enumerate all possible attacks in all protocol steps results in an enormous branching of the state space. In the general case, for a given set of eavesdropped messages, the Dolev-Yao operations may be combined recursively, thus producing infinitely many possible fake messages. In explicit state model checking, analysts bound the size of fake messages, in order to set their models finite. However, memory space becomes crucial, due to the need to store information for each state, including the local states of all protocol participants and the accumulated knowledge of the intruder, for the protocol execution. In current article, we introduce the Message Inspection (MI) intruder model, which is essentially a Dolev-Yao style man-in-the-middle intruder based on the idea of improving his knowledge with protocol-specific metadata that provide information for the exchanged messages. In a preliminary simulation run, the intruder tags the eavesdropped messages with specific metadata parameters enabling him to validate all possible attack actions. The MI algorithm then decides based on this enhanced knowledge, which of the attacks will certainly fail and the simulation run terminates with a report of the attack actions that can be discarded. As a result, it is possible to improve the pruning of the state space by exploiting kno
This content is AI-processed based on ArXiv data.