Protocol Analysis with Time

TL;DR

This paper introduces a framework for analyzing cryptographic protocols involving time, using a process algebra and symbolic analysis to detect physically impossible attacks, demonstrated with distance-bounding protocols.

Contribution

It presents a novel timed process algebra framework and a sound, complete transformation to Maude-NPA for protocol analysis involving time constraints.

Findings

Successfully analyzed Mafia fraud attacks.

Able to detect attacks violating physical laws.

Framework integrates time constraints with symbolic analysis.

Abstract

We present a framework suited to the analysis of cryptographic protocols that make use of time in their execution. We provide a process algebra syntax that makes time information available to processes, and a transition semantics that takes account of fundamental properties of time. Additional properties can be added by the user if desirable. This timed protocol framework can be implemented either as a simulation tool or as a symbolic analysis tool in which time references are represented by logical variables, and in which the properties of time are implemented as constraints on those time logical variables. These constraints are carried along the symbolic execution of the protocol. The satisfiability of these constraints can be evaluated as the analysis proceeds, so attacks that violate the laws of physics can be rejected as impossible. We demonstrate the feasibility of our approach by using the Maude-NPA protocol analyzer together with an SMT solver that is used to evaluate the satisfiability of timing constraints. We provide a sound and complete protocol transformation from our timed process algebra to the Maude-NPA syntax and semantics, and we prove its soundness and completeness. We then use the tool to analyze Mafia fraud and distance hijacking attacks on a suite of distance-bounding protocols.