Validating Security Protocols under the General Attacker

摘要

Security protocols have been analysed using a variety of tools and focusing on a variety of properties. Most findings assume the ever so popular Dolev-Yao threat model. A more recent threat model called the Rational Attacker [1] sees each protocol participant decide whether or not to conform to the protocol upon their own cost/benefit analysis. Each participant neither colludes nor shares knowledge with anyone, a feature that rules out the applicability of existing equivalence results in the Dolev-Yao model. Aiming at mechanical validation, we abstract away the actual cost/benefit analysis and obtain the General Attacker threat model, which sees each principal blindly act as a Dolev-Yao attacker.rnThe analysis of security protocols under the General Attacker threat model brings forward yet more insights: retaliation attacks and anticipation attacks are our main findings, while the tool support can scale up to the new analysis at a negligible price. The general threat model for security protocols based on set-rewriting that was adopted in AVISPA [2] is leveraged so as to express the General Attacker. The state-of-the-art model checker SATMC [3] is then used to automatically validate a protocol under the new threats, so that retaliation and anticipation attacks can automatically be found.