A Hybrid Analysis for Security Protocols with State

TL;DR

This paper introduces a hybrid analysis framework combining theorem-proving and message-passing techniques to analyze security protocols with state, addressing challenges posed by non-local, mutable state in protocol security analysis.

Contribution

It presents a novel hybrid approach that integrates theorem-proving with message-passing analysis to handle stateful security protocols, extending existing tools to more complex scenarios.

Findings

Successfully analyzed the Envelope Protocol using the hybrid method.

Demonstrated the framework's ability to reason about state and message-passing.

Enhanced understanding of stateful protocol security properties.

Abstract

Cryptographic protocols rely on message-passing to coordinate activity among principals. Each principal maintains local state in individual local sessions only as needed to complete that session. However, in some protocols a principal also uses state to coordinate its different local sessions. Sometimes the non-local, mutable state is used as a means, for example with smart cards or Trusted Platform Modules. Sometimes it is the purpose of running the protocol, for example in commercial transactions. Many richly developed tools and techniques, based on well-understood foundations, are available for design and analysis of pure message-passing protocols. But the presence of cross-session state poses difficulties for these techniques. In this paper we provide a framework for modeling stateful protocols. We define a hybrid analysis method. It leverages theorem-proving---in this instance, the PVS prover---for reasoning about computations over state. It combines that with an "enrich-by-need" approach---embodied by CPSA---that focuses on the message-passing part. As a case study we give a full analysis of the Envelope Protocol, due to Mark Ryan.