J4 ›› 2012, Vol. 39 ›› Issue (4): 120-125+183.doi: 10.3969/j.issn.1001-2400.2012.04.022

• 研究论文 • 上一篇    下一篇

带有异或运算安全协议的自动化检测

杨元原1,2;马文平1;刘维博1;俞优2;顾健2   

  1. (1. 西安电子科技大学 综合业务网理论及关键技术国家重点实验室,陕西 西安  710071;
    2. 公安部第3研究所, 上海  200031)
  • 收稿日期:2011-04-29 出版日期:2012-08-20 发布日期:2012-10-08
  • 通讯作者: 杨元原
  • 作者简介:杨元原(1981-),男,西安电子科技大学博士研究生,E-mail: yangyy@mail.xidian.edu.cn.
  • 基金资助:

    国家自然科学基金资助项目(61072140);高等学校创新引智计划资助项目(B08038);高等学校博士学科点专项科研基金资助项目(20100203110003);陕西省教育厅科研计划资助项目(2010JK825)

Automatic detection of security protocols with XOR

YANG Yuanyuan1,2;MA Wenping1;LIU Weibo1;YU You2;GU Jian2   

  1. (1. State Key Lab. of Integrated Service Networks, Xidian Univ., Xi'an  710071, China;
    2. The Third Research Inst. of Ministry of Public Security, Shanghai  200031, China)
  • Received:2011-04-29 Online:2012-08-20 Published:2012-10-08
  • Contact: YANG Yuanyuan

摘要:

针对当前模型检测工具普遍不能检测带有异或运算安全协议的问题,提出了一个新的模型检测器SAT#.该模型检测器通过引入抽象异或项的概念及其运算规则,大大降低了攻击者生成的异或消息数量,解决了由于引入传统异或运算导致的状态空间爆炸问题.在此基础上,通过在SAT模型中增加基于抽象异或项的重写规则,扩展了攻击者的异或运算能力,实现了对带有异或运算安全协议的自动化检测.通过对BULL协议的检测,证明了抽象异或项的实用性,同时也证明了SAT#模型检测器的可靠性.

关键词: 安全协议, 形式化分析, 模型检测, 代数性质

Abstract:

Since most of the current model checking tools can not detect security protocols with XOR, a new model checker named SAT# is proposed. By defining the concept of abstract XOR term and its reduction rules, the new model greatly reduces the number of XOR messages produced by the intruder, and resolves the state space explosion problem resulting from the introduction of XOR operations, on the basis of which by adding the rewrite rules of XOR based on the abstract XOR term, the new model endows the intruder with the XOR operations, and thus is able to automatically detect the security protocols with XOR. The detection results of the BULL protocol show not only the practicality of the abstract XOR term but also the reliability of the SAT#.

Key words: security protocols, formal analyses, model checking, algebraic properties

中图分类号: 

  • TP 393.08