FORMAL VERIFICATION OF THE SECURE SOCKETS LAYER PROTOCOL

Llanos Tobarra, Diego Cazorla, J. José Pardo, Fernando Cuartero

2008

Abstract

Secure Sockets Layer (SSL) has become one of the most popular security protocols in the Internet. In this paper we present a formal verification of this protocol using the Casper/FDR2 toolbox. In the analysis of SSL v3.0 Handshake we have used a methodology that considers incremental versions of the protocol. We have started with the most basic protocol, and then we have included other features such as server and client authentication, digital signatures, etc. We have also verified SSL v2.0 because of the so called version rollback attack. Each version has been modelled and verified, and the results have been interpreted. Using this methodology it is easy to understand why some messages are needed in order to ensure confidential communication between a client and a server.

References

  1. Blanchet, B., Abadi, M., and Fournet, C. (2005). Automated Verification of Selected Equivalences for Security Protocols. In 20th IEEE Symposium on Logic in Computer Science (LICS 2005), pages 331-340, Chicago, IL. IEEE Computer Society.
  2. Bodei, C., Buchholtz, M., Degano, P., Nielson, F., and Nielson, H. R. (2003). Automatic validation of protocol narration. In Proceedings of the 16th Computer Security Foundations Workshop (CSFW 03)., pages 126- 140. IEEE Computer Society Press.
  3. Brumley, D. and Boneh, D. (2003). Remote Timing Attacks Are Practical. In Proc. of 12th USENIX Security Symposium, pages 1-14. USENIX Press.
  4. Canvel, B., Hiltgen, A., Vaudenay, S., and Vuagnoux, M. (2003). Password Interception in a SSL/TLS Channel. In Proc. of Advances in Cryptology (CRYPT'03), LNCS 2729, pages 583-599. Springer.
  5. Clarke, E. M., Grumberg, O., and Peled, D. A. (1999). Model Checking. The MIT Press.
  6. Dierks, T. and Allen, C. (1999). The TLS Protocol Version 1.0. Internet Standards, RFC 2246. http://www.ietf.org/rfc/rfc2222.txt.
  7. Dill, D. L. (1996). The Mur? Verification System. In Proc. of 8th International Conference on Computer Aided Verification (CAV'96), LNCS 1102, pages 390-393. Springer.
  8. Freier, O. A., Karlton, P., and Kocher, P. C. (1996). The SSL Protocol Version 3.0. Netscape Communications. http://wp.netscape.com/eng/ssl3/ ssl-toc.html.
  9. Hickman, K. E. B. (1995). SSL 2.0 Protocol Specification. Netscape Communications. http://wp.netscape.com/eng/security/ SSL_2.htm.
  10. Lowe, G. (1998). Casper: A Compiler for the Analysis of Security Protocols. Journal of Computer Security, 6:53-84.
  11. Mitchell, J. C., Mitchell, M., and Stern, U. (1997). Automated analysis of cryptographic protocols using Mur?. In Proc. of IEEE Symposium on Security and Privacy, pages 141-151. IEEE Computer Society Press.
  12. Mitchell, J. C., Shmatikov, V., and Stern, U. (1998). FiniteState Analysis of SSL 3.0. In Proc. of 7th USENIX Security Symposium, pages 201-216. USENIX Press.
  13. Wagner, D. and Schneier, B. (1996). Analysis of the SSL 3.0 Protocol. In Proc. of 2nd USENIX Workshop on Electronic Commerce, pages 29-40. USENIX Press.
Download


Paper Citation


in Harvard Style

Tobarra L., Cazorla D., José Pardo J. and Cuartero F. (2008). FORMAL VERIFICATION OF THE SECURE SOCKETS LAYER PROTOCOL . In Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 6: ICEIS, ISBN 978-989-8111-38-8, pages 246-252. DOI: 10.5220/0001695202460252


in Bibtex Style

@conference{iceis08,
author={Llanos Tobarra and Diego Cazorla and J. José Pardo and Fernando Cuartero},
title={FORMAL VERIFICATION OF THE SECURE SOCKETS LAYER PROTOCOL},
booktitle={Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 6: ICEIS,},
year={2008},
pages={246-252},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001695202460252},
isbn={978-989-8111-38-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 6: ICEIS,
TI - FORMAL VERIFICATION OF THE SECURE SOCKETS LAYER PROTOCOL
SN - 978-989-8111-38-8
AU - Tobarra L.
AU - Cazorla D.
AU - José Pardo J.
AU - Cuartero F.
PY - 2008
SP - 246
EP - 252
DO - 10.5220/0001695202460252