Synthesis of attack actions using model checking for the verification of security protocols



Model checking cryptographic protocols have evolved to a valuable method for discovering counterintuitive security flaws, which makes it possible for a hostile agent to subvert the goals of the protocol. Published works and existing security analysis tools are usually based on general intruder models that embody at least some aspects of the seminal work of Dolev–Yao, in an attempt to detect failures of secrecy. In this work, we propose an alternative intruder model, which is based on a thorough analysis of how potential attacks might proceed. We introduce an intruder model that provides an open-ended base for the integration of multiple basic attack tactics. Those attack tactics have the possibility to be combined, in a way to compose complex attack actions that require a number of procedural steps from the intruder's side, such as a Denial of Service attack. In our model checking approach, protocol correctness is checked by appropriate user-supplied assertions or reachability of invalid end states. The analyst can express security properties of specific attack actions that are not restricted to safety violations captured by a generic model checker. The described intruder model methodology was implemented within the SPIN model checker for verifying two security protocols, Micromint and PayWord. Copyright © 2009 John Wiley & Sons, Ltd.