Overview |
We propose Rewriting logic as an executable specification formalism for security protocols that offers some novel advantages. The level of specification is detailed enough to capture essential operational aspects and to allow rapid prototyping and debugging by directly executing the specifications.
A message-passing object-oriented approach seems particularly natural
for communication protocols and can be naturally formalized in rewriting
logic. This is illustrated by using the Needham-Schroeder Public-Key protocol
(NSPK) as a running example. Using the rewriting logic-based Maude interpreter,
we can prototype and debug the NSPK protocol specification. But since a
protocol can have many different behaviors, to properly analyze the system
it becomes important to explore not just the single execution provided
by some default strategy, but many other executions. For this purpose we
defined a bounded depth-first search strategy that explores all executions
of a system for a given initial configuration searching for attack situation.
The NSPK Protocol is a cryptographic protocol for the authentication
of pairs of agents in a distributed computer system. For instance, agents
want to be assured of each other's identity before they exchange security-critical
data. Thus, an intruder should not be allowed to impersonate another agent.
For this purpose, initiator and responder of a communication mutually authenticate
each other. NSPK uses public key cryptography, i.e., each agent possesses
a public key which can be accessed by all agents and a secret key, which
is the inverse of the public key. Moreover, nonces are used in the protocol.
Nonces are freshly generated, random numbers to be used in a single run
of the protocol. It is assumed that these numbers are generated in such
a way that they cannot be guessed by other agents. A textbook-style simplified
description of NSPK is:
Message 1: A -> B: A.B.{Na,A}PK(B) |
Message 2: B -> A: B.A.{Na.Nb}PK(A) |
Message 3: A -> B: A.B.{Nb}PK(B) |
Maude Specifications and Samples |
Sample
runs and search scenarios
Papers |
[Maude Home Page] |