Term-based composition of security protocols
📝 Abstract
In the context of security protocol parallel composition, where messages belonging to different protocols can intersect each other, we introduce a new paradigm: term-based composition (i.e. the composition of message components also known as terms). First, we create a protocol specification model by extending the original strand spaces. Then, we provide a term composition algorithm based on which new terms can be constructed. To ensure that security properties are maintained, we introduce the concept of term connections to express the existing connections between terms and encryption contexts. We illustrate the proposed composition process by using two existing protocols.
💡 Analysis
In the context of security protocol parallel composition, where messages belonging to different protocols can intersect each other, we introduce a new paradigm: term-based composition (i.e. the composition of message components also known as terms). First, we create a protocol specification model by extending the original strand spaces. Then, we provide a term composition algorithm based on which new terms can be constructed. To ensure that security properties are maintained, we introduce the concept of term connections to express the existing connections between terms and encryption contexts. We illustrate the proposed composition process by using two existing protocols.
📄 Content
1-4244-2577-8/08/ $20.00 ©2008 IEEE Term-based composition of security protocols
B. Genge1, P. Haller1, R. Ovidiu1, I. Ignat2 1“Petru Maior” University of Targu Mures, Romania, bgenge@upm.ro, phaller@upm.ro, oratoi@engineering.upm.ro 2Technical University of Cluj Napoca, Romania, Iosif.Ignat@cs.utcluj.ro
Abstract-In the context of security protocol parallel compo-
sition, where messages belonging to different protocols can
intersect each other, we introduce a new paradigm: term-
based composition (i.e. the composition of message compo-
nents also known as terms). First, we create a protocol speci-
fication model by extending the original strand spaces. Then,
we provide a term composition algorithm based on which
new terms can be constructed. To ensure that security prop-
erties are maintained, we introduce the concept of term con-
nections to express the existing connections between terms
and encryption contexts. We illustrate the proposed composi-
tion process by using two existing protocols.
I. INTRODUCTION
Security protocols are communication protocols in
which participants use encryption to send each other en-
coded information. With the rapid growth of the Internet
and a desperate need to secure communication, in the last
few decades the attention of many researchers has been led
towards the analysis of security protocols [1], [2], [3], [4],
[5], [6].
Recently, there have been several proposals developed
to help the process of security protocol design using for-
mal methods and tools [7], [8], [9], [10], [11], [12], [13].
Most of the proposed techniques use a modular approach
in the design process, where the user is given a set of small
protocols from which more complex protocols can be con-
structed, process also known as composition [9], [10],
[11].
In the existing composition techniques, authors mainly
deal with the sequential and parallel composition of secu-
rity properties viewed as a set of information transmitted
over messages. However, the composition of message
components has not been addressed in a proper manner,
meaning that users have to solve the problem of creating
new messages on their own.
Solving this problem, apparently insignificant, can lead
to protocols which execute in half the time the original,
composed protocols do. In addition, the composition proc-
ess can lead to multiple results, which must be carefully
analyzed on a message level to increase protocol perform-
ance.
In this paper, we introduce a novel composition para-
digm: term-based composition. The composition problem
is addressed at the message level based on syntactical con-
structions and analysis. This new paradigm is addressed in
the context of parallel composition, where protocol mes-
sages intersect each other. The resulting protocol contains
not only a set of unified messages but also a unified set of
security properties (e.g. secrecy, authentication, integrity).
The paper is structured as follows. Section II introduces
the concept of k-strands used to model security protocols.
Security requirements are addressed in section III. In sec-
tion IV we present the problem of generating protocols
using parallel composition and term-based composition
and we propose a term composition algorithm. We exem-
plify the composition process by composing two protocols.
II. KNOWLEDGE STRANDS
In this section we briefly present the concept of knowl-
edge strands (k-strands). For a more detailed presentation,
the reader is directed to consult the authors’ previous work
[6], [17].
A strand is a sequence of transmission and reception
events used to model protocol participants. A collection of
strands is called a strand space. The strand space model
was introduced by Fabrega, Herzog and Guttman in [15]
and extended by the authors with participant knowledge,
specialized basic sets and explicit term construction in [5],
[6]. The resulting model is called a k-strand space. The
rest of this section formally defines the k-strand and k-
strand space concepts.
By analyzing the protocol specifications from the
SPORE library [20] we can conclude that protocol partici-
pants communicate by exchanging terms constructed from
elements belonging to the following sets: R, denoting the
set of participant names; N, denoting the set of nonces (i.e.
“number once used”) and K, denoting the set of crypto-
graphic keys. If required, other sets can be easily added
without affecting the other components.
To denote the encryption type used to create crypto-
graphic terms, we define the following function names:
FuncName ::= sk
(secret key)
(1)
| pk
(public key)
| pvk
(private key)
| h
(hash).
The above-defined basic sets and function names are used in the definition of terms, where we also introduce constructors for pairing and encryption:
( ) { } ( ) :: .| | | | , | FuncName
T T T T T R N K , (2) where the ‘.’ symbol
This content is AI-processed based on ArXiv data.