We introduce the Open-source Fixed-point Model Checker OFMC for symbolic security protocol analysis, which extends the On-the-fly Model Checker (the previous OFMC). The native input language of OFMC is the AVISPA Intermediate Format IF. OFMC also supports AnB, a new Alice-and-Bob-style language that extends previous similar languages with support for algebraic properties of cryptographic operators and with a simple notation for different kinds of channels that can be used both as assumptions and as protocol goals. AnB specifications are automatically translated to IF. OFMC performs both protocol falsification and bounded session verification by exploring, in a demand-driven way, the transition system resulting from an IF specification. OFMC’s effectiveness is due to the integration of a number of symbolic, constraint-based techniques, which are correct and terminating. The two major techniques are the lazy intruder, which is a symbolic representation of the intruder, and constraint differentiation, which is a general search-reduction technique that integrates the lazy intruder with ideas from partial-order reduction. Moreover, OFMC allows one to analyze security protocols with respect to an algebraic theory of the employed cryptographic operators, which can be specified as part of the input. We also sketch the ongoing integration of fixed-point-based techniques for protocol verification for an unbounded number of sessions.
The Open-Source Fixed-Point Model Checker for Symbolic Analysis of Security Protocols
VIGANO', Luca
2009-01-01
Abstract
We introduce the Open-source Fixed-point Model Checker OFMC for symbolic security protocol analysis, which extends the On-the-fly Model Checker (the previous OFMC). The native input language of OFMC is the AVISPA Intermediate Format IF. OFMC also supports AnB, a new Alice-and-Bob-style language that extends previous similar languages with support for algebraic properties of cryptographic operators and with a simple notation for different kinds of channels that can be used both as assumptions and as protocol goals. AnB specifications are automatically translated to IF. OFMC performs both protocol falsification and bounded session verification by exploring, in a demand-driven way, the transition system resulting from an IF specification. OFMC’s effectiveness is due to the integration of a number of symbolic, constraint-based techniques, which are correct and terminating. The two major techniques are the lazy intruder, which is a symbolic representation of the intruder, and constraint differentiation, which is a general search-reduction technique that integrates the lazy intruder with ideas from partial-order reduction. Moreover, OFMC allows one to analyze security protocols with respect to an algebraic theory of the employed cryptographic operators, which can be specified as part of the input. We also sketch the ongoing integration of fixed-point-based techniques for protocol verification for an unbounded number of sessions.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.