Show simple item record

dc.contributor.authorLi, L
dc.contributor.authorSun, J
dc.contributor.authorLiu, Y
dc.contributor.authorSun, M
dc.contributor.authorDong, JS
dc.date.accessioned2019-06-11T12:32:41Z
dc.date.available2019-06-11T12:32:41Z
dc.date.issued2018
dc.identifier.issn0098-5589
dc.identifier.doi10.1109/TSE.2017.2712621
dc.identifier.urihttp://hdl.handle.net/10072/384547
dc.description.abstractNowadays, protocols often use time to provide better security. For instance, critical credentials are often associated with expiry dates in system designs. However, using time correctly in protocol design is challenging, due to the lack of time related formal specification and verification techniques. Thus, we propose a comprehensive analysis framework to formally specify as well as automatically verify timed security protocols. A parameterized method is introduced in our framework to handle timing parameters whose values cannot be decided in the protocol design stage. In this work, we first propose timed applied π-calculus as a formal language for specifying timed security protocols. It supports modeling of continuous time as well as application of cryptographic functions. Then, we define its formal semantics based on timed logic rules, which facilitates efficient verification against various authentication and secrecy properties. Given a parameterized security protocol, our method either produces a constraint on the timing parameters which guarantees the security property satisfied by the protocol, or reports an attack that works for any parameter value. The correctness of our verification algorithm has been formally proved. We evaluate our framework with multiple timed and untimed security protocols and successfully find a previously unknown timing attack in Kerberos V.
dc.description.peerreviewedYes
dc.publisherIEEE
dc.relation.ispartofpagefrom725
dc.relation.ispartofpageto746
dc.relation.ispartofissue8
dc.relation.ispartofjournalIEEE Transactions on Software Engineering
dc.relation.ispartofvolume44
dc.subject.fieldofresearchComputer Software
dc.subject.fieldofresearchInformation Systems
dc.subject.fieldofresearchElectrical and Electronic Engineering
dc.subject.fieldofresearchcode0803
dc.subject.fieldofresearchcode0806
dc.subject.fieldofresearchcode0906
dc.titleA Formal Specification and Verification Framework for Timed Security Protocols
dc.typeJournal article
dc.type.descriptionC1 - Articles
dc.type.codeC - Journal Articles
dc.description.versionAccepted Manuscript (AM)
gro.rights.copyright© ACM, 2018. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Volume: 44 Issue: 8, https://doi.org/10.1109/TSE.2017.2712621
gro.hasfulltextFull Text
gro.griffith.authorDong, Jin-Song


Files in this item

This item appears in the following Collection(s)

  • Journal articles
    Contains articles published by Griffith authors in scholarly journals.

Show simple item record