A review of Proverif as an automatic security protocol verifier

Recommendations

Info

When static equivalence holds for some sequence of messages then it is not possible for the attacker to find an underlying pattern. For example, guessing attacks are possible if the attacker can detect some pattern in the data. The study, comparing YAPA to ProVerif, concludes that YAPA is one or two orders of magnitude faster than ProVerif in checking static equivalences[5]. This can be explained by the fact that YAPA is dedicated to proving static equivalences and that it is no surprise that the more general tool ProVerif is slower[5]. The authors state that the more complex preprocessing of the rewrite system in ProVerif is one of the reasons why it is slower than YAPA [5]. A comparison between the efficiency of Athena and other verifiers was not possible due to fact that Athena is not publicly available 11 . Scyther improves on Athena [17]. We believe that Athena’s performance is not faster than the results from Scyther but we can’t know for sure without concrete experimental results. Efficiency of ProVerif with extensions . In Section 4 we have described how ProVerif was extended to be able to transform a protocol specification using XOR and Diffie-Hellman to an input file for analysis with ProVerif. To compare ProVerif with CL-Atse and OFMC, [30] used XOR-ProVerif[28] and DH-ProVerif[29] to translate the input files, with XOR or Diffie-Hellman, to the applied pi calculus input files for ProVerif. They concluded that in general the same attacks were found using OFMC, CL-Atse or ProVerif (XOR-ProVerif or DH-ProVerif). For most of the protocols, ProVerif completed the verification within one second but the AVISPA tools did so within less than 0.01 seconds. ProVerif was slower because of the translation of the input files [30]. The time required for translation depends on the protocol being verified, but often it is a small part of the total running time (e.g. Salary sum protocol: 1 second for translation + 11 seconds for the running time, Bull’s authentication protocol: 5 seconds for translation + 12 seconds for the running time). 5.2 Specificity Attack traces provide feedback to the user of a verifier and they enable the user to manually check the attack. This feedback can help the user fix the security flaw in the protocol being verified. Both ProVerif and Scyther show attack traces when an attack is found [18]. Because of its use of approximations, it is possible that ProVerif shows an false attack, but this is rare for current widely used security protocols [7]. Because Scyther uses no approximations, it follows that attacks that are found with Scyther are actual attacks on the protocol[17]. For the verifier TA4SP (part of the AVISPA toolkit) there is no way to determine if an attack is true or false. Like ProVerif, TA4SP uses approximations, but the user cannot manually verify the attack because TA4SP doesn’t generate traces of an attack [18]. 11 This statement is made in [18] and in [16]. However, the software seems to be available at http://www.ece.cmu.edu/ ∼ dawnsong/athena/.
5.3 Usability To our knowledge, no comparative study has been done in the area of the usability of automatic security protocol verifiers. We decided to compare the documentation (user manuals, example code) provided by the authors on the website. With good documentation available, users can start using the verifier more easily by exploring the examples and manuals provided. ProVerif (v1.82) 12 provides a folder containing examples for both input languages (Horn clauses and pi calculus). There is also an folder containing a manual describing the input and output formats and a manual on how to upgrade from an older version of ProVerif. The website 13 of the AVISPA project provides a lot of input examples of existing protocols for the HLPSL language in the form of the AVISPA Library. They also provide a list of user-contributed protocol specifications. The authors provide installation manuals for each of the tools in the toolkit, a general user manual and a beginners guide to the HLPSL language. Scyther (1.0-beta7) 14 . Scyther is relatively new and not much documentation is available besides a short installation file. The author does provide an exercise set for students with six exercises in it. We could not find much information on the process of modeling the protocol into the input language of a verifier. We did find remarks of researchers who had difficulty modeling protocols in ProVerif, relative to five other verifiers, even though they had good knowledge of the protocols [18]. Because ProVerif provides the essential information, such as: an installation guide, a description of input formats and protocol examples, we think that ProVerif has good documentation. The lack of information for Scyther makes it difficult for a beginner to start using the automatic security protocol verifier. We think that the use of user-contributed protocol specifications, like the AVISPA Project, can get more people to use ProVerif. For example, beginners can learn from the examples and comments given by others. 6 Conclusion In this paper, we have performed an analysis of some factors that might influence the usefulness and popularity of the automatic protocol verifier ProVerif. After discussing the particular aspects of ProVerif, we looked at some practical applications of ProVerif for protocol verification. We have surveyed the literature on limitations on ProVerif, and we briefly summarized some of the work on comparison of protocol verifiers. 12 ProVerif v.1.82. Download: http://www.proverif.ens.fr 13 AVISPA Project. Download: http://www.avispa-project.org 14 Scyther 1.0-beta7. Download: http://people.inf.ethz.ch/cremersc/scyther/ index.html
Page 1 and 2: A review of ProVerif as an automati
Page 3 and 4: ProVerif uses the concept of a Horn
Page 5 and 6: 3 Practical applications The verifi
Page 7 and 8: Bluetooth 2.1. In Bluetooth 2.1, Si
Page 9 and 10: have also published a tool, XOR-Pro
Page 11: Most existing protocol verifiers ba
Page 15 and 16: References 1. M. Abadi. Security Pr
Page 17: 33. C. Meadows. A Model of Computat

A review of Proverif as an automatic security protocol verifier

Create successful ePaper yourself

Delete template?

Save as template?