Mirosław Kurkowski

SAT-Based Verification of Security Protocols Via Translation to Networks of Automata

In this paper we show a novel method for modelling behaviours of security protocols using networks of communicating automata in order to verify them with SAT-based bounded model checking. These automata correspond to executions of the participants as well as to their knowledge about letters. Given a bounded number of sessions, we can verify both correctness or incorrectness of a security protocol proving either reachability or unreachability of an undesired state. We exemplify all our notions on the Needham Schroeder Public Key Authentication Protocol (NSPK) and show experimental results for checking authentication using the verification tool VerICS.

ProToc—An Universal Language for Security Protocols Specifications

This paper shows a new language for security protocols specifications. First, we present other specification languages. As far as the use is concerned, Common Language and its restrictions are presented. Then, CAPSL language is shown and introduced within the AVISPA Project, HLPSL Language. The paper ends with the original approach toward protocol specifications, which is a new ProToc language as well as its grammar and examples of protocols specifications in the language. ProToc has been used as the language of specification for the tool of automatic verification of concurrent systems VerICS.

Parallel Bounded Model Checking of Security Protocols

The verification of security protocols is a difficult process taking into consideration a concept and computations. The difficulties start just during the appropriate adequate protocol specification, and during studying its properties. In case of the computation connected with constructing and searching of the modeling structures of protocol execution and scattered knowledge of the users, the problems are the sizes of those structures. For small values of parameters such as numbers of sessions, users, or encryption keys the proper models are usually not very big, and searching them is not a problem, however in case of increasing the values of the above mentioned parameters, the models are sometimes too big, and there is no possibility to construct them nor search properly. In order to increase the values of studying protocol parameters, and necessary increase the computation effectiveness, the appropriate solutions must be introduced. In the article, the solutions which enable full and effective parallelization of the computations during automatic verification of security protocols are introduced. The suitable experimental results are also presented.

Timed Automata Based Model Checking of Timed Security Protocols

A new approach to verification of timed security protocols is given. The idea consists in modelling a finite number of users (including an intruder) of the computer network and their knowledge about secrets by timed automata. The runs of the product automaton of the above automata correspond to all the behaviours of the protocol for a fixed number of sessions. Verification is performed using the module BMC of the tool VerICS.

Timed Analysis of Security Protocols

This paper presents some remarks on the analysis of security protocols taking into account their time properties. Usually untimed or timed protocols are investigated with security properties, such as the secrecy of some data or the allowance of mutual authentication. These properties are independent of time. In this paper we investigate different executions, sometimes executed simultaneously, of a protocol and different types of times: ciphering and deciphering time, step execution time, whole protocol execution time, and delays in the network. Taking this into account we can investigate how these times can be chosen regardless of the possibility of an attack execution. As part of the work we have implemented a tool that helps us in the mentioned work and allows to present some experimental results.

Probabilistic Model Checking of Security Protocols without Perfect Cryptography Assumption

This paper presents the description of a new, probabilistic approach to model checking of security protocols. The protocol, beyond traditional verification, goes through a phase in which we resign from a perfect cryptography assumption. We assume a certain minimal, but measurable probability of breaking/gaining the cryptographic key, and explore how it affects the execution of the protocol. As part of this work we have implemented a tool, that helps to analyze the probability of interception of sensitive information by the Intruder, depending on the preset parameters (number of communication participants, keys, nonces, the probability of breaking a cipher, etc.). Due to the huge size of the constructed computational spaces, we use parallel computing to search for states that contain the considered properties.

Using Facial Asymmetry Properties and Hidden Markov Models for Biometric Authentication in Security Systems

This work concerns the use of biometric features, resulting from the look of a face, for the authentication purposes. For this we propose several different methods of selection and feature analysis during face recognition. The description contains mainly the possibility of the analysis and in later stages also identity verification based on asymmetric facial features. The new authentication method has been introduced on the basis of designated characteristic points of face. The method includes propositions of our own algorithms of face detection, as well as face features extraction methods and their specific coding in the form of observation vectors and recognition using Hidden Markov Models.

Practical Authentication Protocols for Protecting and Sharing Sensitive Information on Mobile Devices

Mobility of users and information is an important feature of IT systems that must be considered during design of sensitive information protection mechanisms. This paper describes an architecture of MobInfoSec system for sharing documents with sensitive information using fine-grained access rules described by general access structures. However, the proper usage of general access structures requires trusted components and strong authentication protocols. They allow to establish secure communication channels between different system components. In the paper we propose a conference protocol based on Boyd’s ideas with key transport and key establishment mechanisms. We show that the protocol achieves three goals: (a) the key and participants’ mutual authentication, (b) the common secure communication channel, and (c) the personal secure communication channels between the protocol initializer and other protocol participants.

Public Key Infrastructure

This chapter briefly looks at a PKI network security infrastructure and its basic services: entity authentication, message integrity, and confidentiality. It presents a PKI structure, its basic components, and the tasks of Registration Authority (RA), Certification Authority (CA), key repositories, certificates and Certificate Revocation Lists (CRLs).

Using backward strategy to the Needham-Schroeder public key protocol verification

When dealing with secure distributed systems it is essential that entities (principals, persons, hosts, computers, etc.) are able to prove their identities to each other. The process of proving the identity is called entity authentication. Cryptographic protocols are very good tools to achieve this goal. These protocols are precisely defined sequences of communication and computation steps that use some mechanism such as encryption and decryption. In this paper we present applying a new fast method of verification of cryptographic authentication protocols to verification of the Needham-Schroeder Public Key Authentication Protocol. We present a verification algorithm, its implementation and some experimental results. Our method is a kind of model checking. To decrease the number of states in the space, which describe executions of authentication protocols in real net, we use a partial order reduction. For the verification of correctness property we apply a backward induction method.