Electronic Notes in Theoretical Computer Science 40 (2001) URL: http://www.elsevier.nl/locate/entcs/volume40.html 44 pages
Typed Multiset Rewriting Specifications of Security Protocols
Iliano Cervesato 1 ,2
Advanced Engineering and Sciences Division ITT Industries, Inc. Alexandria, VA 22303-1410 — USA
Abstract The language MSR has successfully been used in the past to prove undecidability results about security protocols modeled according to the Dolev-Yao abstraction. In this paper, we revise this formalism into a flexible specification frameworkfor complex crypto-protocols. More specifically, we equip it with an extensible typing infrastructure based on dependent types with subsorting, which elegantly captures and enforces basic relations among objects, such as between a public key and its inverse. We also introduce the notion of memory predicate, where principals can store information that survives role termination. These predicates allow specifying complex protocols structured into a coordinated collection of subprotocols. More- over, they permit describing different attacker models using the same syntax as any other role. We demonstrate this possibility and the precision of our type system by presenting two formalizations of the Dolev-Yao intruder. We discuss two execution models for this revised version of MSR, one sequential and one parallel, and prove that the latter can be simulated by the former.
1 Introduction
The language MSR [8,15,9] is a formalism designed to give simple specifica- tions of authentication protocols within the Dolev-Yao abstraction of computer security [20,14]. It models a protocol as a set of parametric multiset rewriting rules augmented with existential quantification as a device to guarantee the freshness of newly generated data. Indeed, MSR is an acronym for MultiSet Rewriting. As usual, multisets (also called bags ) are algebraic structures that differ from sets by not collapsing multiple occurrences of an object (they can
1 Partially supported by NSF grant INT98-15731 “Logical Methods for Formal Verification of Software” and NRL under contract N00173-00-C-2086. 2 Email: [email protected]