Modelling and Verification of Layered Security Protocols: A Bank Application
نویسندگان
چکیده
Designing security-critical systems correctly is very difficult and there are many examples of weaknesses arising in practice. A particular challenge lies in the development of layered security protocols motivated by the need to combine existing or specifically designed protocols that each enforce a particular security requirement. Although appealing from a practical point of view, this approach raises the difficult question of the security properties guaranteed by the combined layered protocols, as opposed to each protocol in isolation. In this work, we apply a method for facilitating the development of trustworthy security-critical systems using the computer-aided systems engineering tool AutoFocus to the particular problem of layered security protocols. We explain our method at the example of a banking application which is currently under development by a major German bank and is about to be put to commercial use.
منابع مشابه
A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملFormal Testing & Algebraic Modelling Techniques for Verifying Cryptographic Protocols
Before trusting a communications security protocol with potentially critical or sensitive information, it is necessary to have some degree of assurance that the protocol fulfils its intended objectives. To provide this assurance it is necessary to use formal verification techniques, as intuitive reasoning does not satisfactorily guarantee complete freedom from protocol errors. In this paper, a ...
متن کاملGSLHA: Group-based Secure Lightweight Handover Authentication Protocol for M2M Communication
Machine to machine (M2M) communication, which is also known as machine type communication (MTC), is one of the most fascinating parts of mobile communication technology and also an important practical application of the Internet of Things. The main objective of this type of communication, is handling massive heterogeneous devices with low network overheads and high security guarantees. Hence, v...
متن کاملAn Empirical Analysis of Automated Verification of Wireless Security Protocols
Formal verification of security protocols is an important step in the design of security protocols. It helps to reduce the potential of designing faulty protocols and thus increases the confidence in their use. Automated techniques reduce the potential for human errors during verification. This paper presents an empirical study of an automated proving system on the analysis of two wireless comm...
متن کاملSpecifying and Modelling Secure Channels in Strand Spaces
We adapt the Strand Spaces model to reason abstractly about layered security protocols, where an Application Layer protocol is layered on top of a secure transport protocol. The model abstracts away from the implementation of the secure transport protocol and just captures the properties that it provides to the Application Layer. We illustrate the usefulness of the model by using it to verify a...
متن کامل