Analysing the Woo-Lam protocol using CSP and rank functions

Siraj Shaikh, Vicky Bush

Abstract

Designing security protocols is a challenging and deceptive exercise. Even small protocols providing straightforward security goals, such as authentication, have been hard to design correctly, leading to the presence of many subtle attacks. Over the years various formal approaches have emerged to analyse security protocols making use of different formalisms. Schneider has developed a formal approach to modeling security protocols using the process algebra CSP. He introduces the notion of rank functions to analyse the protocols. We demonstrate an application of this approach to the Woo-Lam protocol. We describe the protocol in detail along with an established attack on its goals. We then describe Schneider’s rank function theorem and use it to analyse the protocol.

References

  1. D. Dolev and A. C. Yao, “On the security of public key protocols”, IEEE Transactions on Information Theory, 29(2), March 1983, pp. 198-208
  2. C. A. R Hoare, Communicating Sequential Processes, Prentice-Hall International, 1985
  3. L. Gong, R. Needham and R. Yahalom, “Reasoning about Belief in Cryptographic Protocols”, In IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, May 1990, pp. 234-248
  4. A. D. Gordon and A. Jeffrey, “Authenticity by typing for security protocols” In 14th IEEE Computer Security Foundations Workshop, 2001, pp. 145-159
  5. G. Lowe, “Breaking and Fixing the Needham-Schroeder public-key protocol using FDR”, Proceedings of TACAS, LNCS 1055, 1996, Springer-Verlag, pp. 147-166
  6. C. Meadows “The NRL Protocol Analyzer: An overview”, Journal of Logic Programming, 26(2), 1996, pp. 113-131
  7. J. C. Mitchell, M. Mitchell and U. Stern, “Automated analysis of cryptographic protocols using Mur?”, In IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 1997, pp. 141-151
  8. P. Ryan, S. Schneider, M. Goldsmith, G. Lowe and B. Roscoe, B. Modelling and Analysis of Security Protocols. Addison-Wesley, 2001
  9. S. Schneider, “Security Properties and CSP”, In IEEE Symposium Research in Security and Privacy, Oakland, IEEE Computer Society Press, 1996
  10. S. Schneider, “Verifying Authentication Protocols in CSP”, IEEE Transactions on Software Engineering, Volume 24, No. 9, IEEE Computer Society Press, September 1998, pp. 741-758
  11. P. F. Syverson and P. C. van Oorschot, “On unifying some cryptographic protocol logics”, In IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, May 1994, pp. 14-28
  12. F. J. Thayer Fábrega, J. C. Herzog and J. D. Guttman, “Strand spaces: Why is a security protocol correct?”, In IEEE Symposium Research in Security and Privacy, IEEE Computer Society Press, May 1998, pp. 24-34
  13. T.Y.C. Woo and S. S. Lam, “Authentication for Distributed Systems”, Computer, 25(1), January 1992, pp. 39-52
  14. T.Y.C. Woo and S. S. Lam, “A lesson on Authenticated Protocol design”, Operating Systems Review, 28(3), 1994, pp. 24-37
Download


Paper Citation


in Harvard Style

Shaikh S. and Bush V. (2005). Analysing the Woo-Lam protocol using CSP and rank functions . In Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005) ISBN 972-8865-25-2, pages 3-12. DOI: 10.5220/0002557000030012


in Bibtex Style

@conference{wosis05,
author={Siraj Shaikh and Vicky Bush},
title={Analysing the Woo-Lam protocol using CSP and rank functions},
booktitle={Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)},
year={2005},
pages={3-12},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002557000030012},
isbn={972-8865-25-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)
TI - Analysing the Woo-Lam protocol using CSP and rank functions
SN - 972-8865-25-2
AU - Shaikh S.
AU - Bush V.
PY - 2005
SP - 3
EP - 12
DO - 10.5220/0002557000030012