An Abstract Model for Security Protocol Analysis

Security protocol analysis techniques are today mature enough to verify multiple properties of security protocols (correctness, secrecy, authentication). However, because security protocols are growing each day and more complex situations arise (like multi-protocol environments), we consider that the analysis process should be simplified by creating an abstract model for security protocols that captures the essence of the property that is checked. Therefore, in this paper we propose such an abstract model, based on message component types (session keys, nonces, participants), that captures the structure of security protocol messages, thus simplifying the analysis against attacks based on message similarities, that we call “structural attacks”. The mentioned attacks are formalized using the proposed typed framework, which is validated by modeling and analyzing the NeumanStubblebine authentication protocol. Key-Words: Security protocols, formal analysis, message typing, replay attacks.