Abstract
The strand space model has been proposed as a formal method for verifying the security goals of cryptographic protocols. However, only encryption and decryption operations and hash functions are currently supported for the semantics of cryptographic primitives. Therefore, we establish the extended strand space model (ESSM) framework to describe algebraic operations and advanced threat models. Based on the ESSM, we add algebraic semantics, including the Abelian group and the XOR operation, and a threat model based on algebraic attacks, key-compromise impersonation attacks, and guess attacks. We implement our model using the automatic analysis tool, Scyther. We demonstrate the effectiveness of our framework by analysing several protocols, in particular a three-factor agreement protocol, with which we can identify new attacks while providing trace proofs.
Highlights
Formal analysis has been widely applied to different types of protocol security analyses [1, 2], including 5G authentication and key agreement (AKA) protocol [3, 4], transport-layer security (TLS) version 1.3 [5, 6], Signal Messaging Protocol [7], Secure Forwarding Protocols [8], and Multifactor Authentication Protocols [9]. eoretical research on the formal analysis is under way, and great progress has been made in observation equivalencies [10] and equality theory [11]
ProVerif, an automatic cryptographic protocol verifier [15], verifies that a protocol satisfies a set of given user attributes based on an overapproximation technology. e Tamarin Prover, a security protocol verification tool that supports both falsification and unbounded verification in the symbolic model [16], supports the Diffie-Helman (DH) method [17] and exclusive-OR (XOR) [18] theory based on protocol descriptions of multiset rewriting systems
Based on the classic DolevYao model, in the first section, we model a variety of attacks based on algebraic properties, including small group attacks, Lim-Lee attacks, and others that need to be combined with group properties. e second section introduces the extension of the key-compromise impersonation (KCI) attack, which can describe the situation of specific information exposure. e third section considers the influence of guessing attacks on security protocols and formalizes the attack
Summary
Formal analysis has been widely applied to different types of protocol security analyses [1, 2], including 5G authentication and key agreement (AKA) protocol [3, 4], transport-layer security (TLS) version 1.3 [5, 6], Signal Messaging Protocol [7], Secure Forwarding Protocols [8], and Multifactor Authentication Protocols [9]. eoretical research on the formal analysis is under way, and great progress has been made in observation equivalencies [10] and equality theory [11]. E strand space model [22] is a practical formal method of analysing security protocols. E strand space model is widely used for protocol analysis. We establish the Extended Strand Space Model (ESSM) framework with algebraic strands to represent protocol operations and use different bundles to represent different attacker behaviours. 2. Strand Space Theory is section briefly introduces the basic concepts of strand space theory, the attacker model, and security attribute representation. A protocol guarantees a participant’s (B (e.g., the responder)) agreement for certain data terms x, with participant A if, in a strand space Σ, for every bundle C, containing a responder strand using x in Σ, there exists a unique initiator strand using x in C.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
