TAuth: Verifying Timed Security Protocols
نویسندگان
چکیده
Quantitative timing is often relevant to the security of systems, like web applications, cyber-physical systems, etc. Verifying timed security protocols is however challenging as both arbitrary attacking behaviors and quantitative timing may lead to undecidability. In this work, we develop a service framework to support intuitive modeling of the timed protocol, as well as automatic verification with an unbounded number of sessions. The partial soundness and completeness of our verification algorithms are formally defined and proved. We implement our method into a tool called TAuth and the experiment results show that our approach is efficient and effective in both finding security flaws and giving proofs.
منابع مشابه
Verifying Security Protocols with Timestamps via Translation to Timed Automata
In this paper we show a general method of proving authentication and integrity of time dependent security protocols by applying powerful model checking tools originally developed for verifying properties of timed automata. Our approach consists in specifying a security protocol, possibly with timestamps, in a higher-level language and translating automatically the specification to a timed autom...
متن کاملModeling and Checking Timed Authentication of Security Protocols⋆
In this paper we offer a methodology for verifying correctness of (timed) security protocols whose actions are parametrized with time. To this aim the model of a protocol involves delays and timeouts on transitions, and sets time constraints on actions to be executed. Our approach consists in specifying a security protocol, possibly with timestamps, in a higher-level language and translating au...
متن کاملTPMC: A Model Checker For Time-Sensitive Security Protocols
In this paper we consider the problem of verifying time–sensitive security protocols, where temporal aspects explicitly appear in the description. In previous work, we proposed Timed HLPSL, an extension of the specification language HLPSL (originally developed in the Avispa Project), where quantitative temporal aspects of security protocols can be specified. In this work, a model checking tool,...
متن کاملVerifying Parameterized Timed Security Protocols
Quantitative timing is often explicitly used in systems for better security, e.g., the credentials for automatic website logon often has limited lifetime. Verifying timing relevant security protocols in these systems is very challenging as timing adds another dimension of complexity compared with the untimed protocol verification. In our previous work, we proposed an approach to check the corre...
متن کاملModelling and Checking Timed Authentication of Security Protocols
In this paper we offer a novel methodology for verifying correctness of (timed) security protocols. The idea consists in computing the time of a correct execution of a session and finding out whether the Intruder can change it to shorter or longer by an active attack. Moreover, we generalize the correspondence property so that attacks can be also discovered when some time constraints are not sa...
متن کامل