Type-directed Trace Analysis of Security Protocols in Process Calculus

Abstract

Trace analysis is one of the formal methods to verify security protocols based on the process calculus, in which behaviors of the principals in the protocol are regarded as processes, and the environment is represented by the sequences of actions(trace) that the protocol may execute and a deductive system on the messages the sequences includes. Then it explicitly generates the model in order to check whether any insecure state is reachable.[1, 2, 3, 4]. The main problem of trace analysis is that the execution of a protocol typically generates infinite traces, because the environment is too large to predict. A principal of the protocol waiting for an input at a given moment may expect any of the infinite messages the environment can produce. We can cut down the state space to a convenient finite size by imposing upper-bounds upon the critical parameters. In [2], a symbolic method approach is given to cut down state space of the model. In this paper, we explore an alternative approach to reduce the state space by type matching. The general idea is that when a principal waits for an input, the type of message it expects can be decided by actions the principal performs after the input. On the other hand, when a principal sends messages to the environment, the types of the messages can be predicted. And still we also can infer the type of the message which the environment deduces by deduction rules. So we only need to generate messages from the environment whose type matches the input type. In this approach, we can show that the model state space is cut down to be finite.