摘要
给出了一个称为“实例化空间(instantiation space)”的安全协议验证逻辑的语义模型.该语义模型是建立在一种自然的加密信息交换(cryptographical message exchange)模型上的.在此语义模型基础上,文章提出了一系列与安全属性相关的验证公理,由此可以证明它们在此语义模型下的正确性.更重要的是,在此语义下的公理集在算法上是完全可以实现的,其对应的工具SPV(Security Protocol Verifier)已经开发成功,并且可以验证复杂的协议.在这套安全协议验证模型理论下,可以很方便地处理包括公钥、私钥、共享密钥和Hash函数组成的复杂信息格式.而且,在此语义基础上的公理集是纯命题逻辑的,因此所需要的验证目标可以很方便地转化成可满足性问题(SAT),从而可以利用工业上快速高效的SAT求解器实现.
The authors present a new model of security protocol logics, which is called Instantiation Space. This model is formally well grounded, based on the so-called Cryptographical Message Exchange(CME) model. A set of interesting axioms (security properties) can be shown to be sound within the Instantiation Space model. It is worth noting that, this set of axioms is algorithmic manageable, and hence a new Security Protocol Verifier (SPV) can be designed and implemented, particularly focused on automatic verification of complex protocols. The presented approach to security protocol verification is flexible enough to deal with complex message formats with arbitrarily nested encryptions by public, private, shared and hash keys as well as freshly generated keys. Moreover, the set of axioms for a protocol the authors generated based on Instantiation Space model is in propositional logic; for a lot of concerned security properties the verification problems can thus be formulated as satisfiability ones, which can be solved by efficient modern SAT solvers.
出处
《计算机学报》
EI
CSCD
北大核心
2006年第9期1657-1665,共9页
Chinese Journal of Computers
基金
国家"九七三"重点基础研究发展规划项目基金(2005CB321902)
国家自然科学基金(60496327
10410638
60473004)
广东省自然科学基金团队项目(04205407)
教育部留学回国人员科研启动基金
教育部"新世纪优秀人才"支持计划基金
德国研究基金(DFG)446CHV113/240/0-1
中山大学"凯思"基金
上海市智能信息处理重点实验室(筹)开放课题资助.
关键词
实例化空间
加密信息交换模型
可满足性问题
instantiation spacel cryptographical message exchange(CME) model~ satisfiability(SAT)
