CN108900545A - A kind of Formal Modeling and verification method for security protocol - Google Patents
A kind of Formal Modeling and verification method for security protocol Download PDFInfo
- Publication number
- CN108900545A CN108900545A CN201810919328.1A CN201810919328A CN108900545A CN 108900545 A CN108900545 A CN 108900545A CN 201810919328 A CN201810919328 A CN 201810919328A CN 108900545 A CN108900545 A CN 108900545A
- Authority
- CN
- China
- Prior art keywords
- security protocol
- modeling
- protocol
- verification method
- model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
Disclosed by the invention to belong to information exchange security technology area, specially a kind of Formal Modeling and verification method for security protocol should include the following steps for the Formal Modeling and verification method of security protocol:S1:Modeling:Extract data involved in security protocol, and the CSP protocol model being made of believable participant's process and invader's process is established according to the data of extraction, it is defined by Pi calculation interactively with each other between participant's process and invader's process, finally completes the modeling of security protocol formalized model;S2:Verifying:It is verified using middle agreement of the Casper and FDR to CSP protocol model in step S1, and verification result is shown in the form of statements, the transmission of data network is carried out based on improved NSSK agreement, using FED as model verification tool, improve verification efficiency, high degree of automation, and encrypted message is encrypted, substantially increase the safety coefficient of data network.
Description
Technical field
The present invention relates to information exchange security technology area, specially a kind of Formal Modeling for security protocol and test
Card method.
Background technique
Security protocol is the message exchange protocol based on cryptography, and the purpose is to provide various peaces in a network environment
Full service.Cryptography is the basis of network security, but network security cannot be merely by the cryptographic algorithm of safety.Security protocol is
One important component of network security, it would be desirable to which the certification, between entities between entity is carried out by security protocol
Safely distribute key or various other secrets, confirm the non repudiation protocol of message sent and received etc..Security protocol is to establish
One kind on the basis of cipher system interactively communicates agreement, it realizes certification and key point with cryptographic algorithm and protocol logic
With etc. targets.Security protocol verification field is such as simulated and is formalized in a variety of verification methods at present, and the method for simulation exists not
Can be completely covered defect, and formalize to reach and be completely covered, and there are strict Fundamentals of Mathematics, thus increasingly by
The trust of insider.Model inspection technology is applied to Analysis of Security Protocols and verifying to be proposed by Dolev and Yao, model inspection
Survey technology becomes the formalization analysis of current main-stream with its simple and clear modeling process and supermatic analysis verifying
Technology.People mainly use the safety of formalization verification method indentification protocol, including strand space method and process algebra at present
Method etc., wherein can also be converted to using one group of transformation rule based on Horn logic based on the Security protocol model of process algebra
Security protocol model.Existing formalization verification method is higher to technical requirements, and the degree of automation is low, and safety coefficient is low.For
This, it is proposed that a kind of Formal Modeling and verification method for security protocol.
Summary of the invention
It is above-mentioned to solve the purpose of the present invention is to provide a kind of Formal Modeling and verification method for security protocol
The existing formalization verification method proposed in background technique is higher to technical requirements, and the degree of automation is low, and safety coefficient is low
The problem of.
To achieve the above object, the present invention provides the following technical solutions:A kind of Formal Modeling for security protocol and
Verification method should include the following steps for the Formal Modeling and verification method of security protocol:
S1:Modeling:Extract security protocol involved in data, and according to the data of extraction establish by believable participant into
The CSP protocol model of journey and invader's process composition, is defined by Pi calculation between participant's process and invader's process
It is interactively with each other, finally complete the modeling of security protocol formalized model;
S2:Verifying:It is verified using middle agreement of the Casper and FDR to CSP protocol model in step S1, and will verifying
As a result it shows, is realized to the defect repair of security protocol and perfect in the form of statements.
Preferably, the agreement that the CSP protocol model uses is NSSK agreement.
Preferably, the NSSK agreement is as follows:
(1)A→S:A,B,Na
(2)S→B:A
(3)B→S:{Nb}kbs
(4)S→A:{Na,B,Kab}kas
(5)S→B:{Nb,A,Kab}kbs
(6)B→A:{Nb'}kab
(7)A→B:{Nb'-1}kab。
Preferably, the CSP protocol model include initiator and respondent two agency, further include one be able to carry out it is close
The server of key generation, transmission or authentication service is logical by insincere medium between the initiator, respondent and server
Letter.
Preferably, the server is for receiving message, and generates key, and key is sent to the initiator and sound
Ying Zhe.
Preferably, the message of all agreements passes through the channel receive and the channel send Lai Chu in the CSP protocol model
Reason.
Compared with prior art, the beneficial effects of the invention are as follows:A kind of form for security protocol that the invention proposes
Change modeling and verification method, the transmission of data network is carried out based on improved NSSK agreement, work is verified as model using FED
Tool improves verification efficiency, high degree of automation, and encrypts to encrypted message, substantially increases the safety system of data network
Number.
Detailed description of the invention
Fig. 1 is CSP protocol model schematic diagram of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Referring to Fig. 1, the present invention provides a kind of technical solution:A kind of Formal Modeling and authentication for security protocol
Method should include the following steps for the Formal Modeling and verification method of security protocol:
S1:Modeling:Extract security protocol involved in data, and according to the data of extraction establish by believable participant into
The CSP protocol model of journey and invader's process composition, is defined by Pi calculation between participant's process and invader's process
It is interactively with each other, finally complete the modeling of security protocol formalized model;
S2:Verifying:It is verified using middle agreement of the Casper and FDR to CSP protocol model in step S1, and will verifying
As a result it shows, is realized to the defect repair of security protocol and perfect in the form of statements.
Wherein, for the agreement that the CSP protocol model uses for NSSK agreement, the NSSK agreement is as follows:A→S:A,B,
Na, S → B:A, B → S:{Nb}kbs, S → A:{Na,B,Kab}kas, S → B:{Nb,A,Kab}kbs, B → A:{Nb'}kab, A → B:
{Nb'-1}kab, the CSP protocol model includes initiator and respondent two agencies, further includes one and is able to carry out key production
The server of raw, transmission or authentication service, passes through insincere media communications, institute between the initiator, respondent and server
Server is stated for receiving message, and generates key, and key is sent to the initiator and respondent, the CSP agreement
The message of all agreements is handled by the channel receive and the channel send in model.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with
A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding
And modification, the scope of the present invention is defined by the appended.
Claims (6)
1. a kind of Formal Modeling and verification method for security protocol, it is characterised in that:This is directed to the form of security protocol
Change modeling and verification method includes the following steps:
S1:Modeling:Extract data involved in security protocol, and established by believable participant's process according to the data of extraction and
The CSP protocol model of invader's process composition, is defined between participant's process and invader's process each other by Pi calculation
Interaction, finally completes the modeling of security protocol formalized model;
S2:Verifying:It is verified using middle agreement of the Casper and FDR to CSP protocol model in step S1, and by verification result
It shows, is realized to the defect repair of security protocol and perfect in the form of statements.
2. a kind of Formal Modeling and verification method for security protocol according to claim 1, it is characterised in that:Institute
The agreement that CSP protocol model uses is stated as NSSK agreement.
3. a kind of Formal Modeling and verification method for security protocol according to claim 2, it is characterised in that:Institute
It is as follows to state NSSK agreement:
(1)A→S:A,B,Na
(2)S→B:A
(3)B→S:{Nb}kbs
(4)S→A:{Na,B,Kab}kas
(5)S→B:{Nb,A,Kab}kbs
(6)B→A:{Nb'}kab
(7)A→B:{Nb'-1}kab。
4. a kind of Formal Modeling and verification method for security protocol according to claim 1, it is characterised in that:Institute
Stating CSP protocol model includes initiator and respondent two agencies, further includes one and is able to carry out key generation, transmission or certification
The server of service passes through insincere media communications between the initiator, respondent and server.
5. a kind of Formal Modeling and verification method for security protocol according to claim 1, it is characterised in that:Institute
Server is stated for receiving message, and generates key, and key is sent to the initiator and respondent.
6. a kind of Formal Modeling and verification method for security protocol according to claim 1, it is characterised in that:Institute
The message for stating all agreements in CSP protocol model is handled by the channel receive and the channel send.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810919328.1A CN108900545A (en) | 2018-08-14 | 2018-08-14 | A kind of Formal Modeling and verification method for security protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810919328.1A CN108900545A (en) | 2018-08-14 | 2018-08-14 | A kind of Formal Modeling and verification method for security protocol |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108900545A true CN108900545A (en) | 2018-11-27 |
Family
ID=64354877
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810919328.1A Pending CN108900545A (en) | 2018-08-14 | 2018-08-14 | A kind of Formal Modeling and verification method for security protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108900545A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102065083A (en) * | 2010-12-03 | 2011-05-18 | 中国科学院软件研究所 | Formal verification method for security protocol |
CN103259788A (en) * | 2013-04-27 | 2013-08-21 | 天津大学 | Formal modeling and validation method based on security protocols |
US20140223453A1 (en) * | 2013-02-04 | 2014-08-07 | Futurewei Technologies, Inc. | Mechanism to Initiate Calls Between Browsers Without Predefined Call Signaling Protocol |
CN106411940A (en) * | 2016-11-12 | 2017-02-15 | 中国人民解放军信息工程大学 | Security protocol verification method taking attacker as center |
-
2018
- 2018-08-14 CN CN201810919328.1A patent/CN108900545A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102065083A (en) * | 2010-12-03 | 2011-05-18 | 中国科学院软件研究所 | Formal verification method for security protocol |
US20140223453A1 (en) * | 2013-02-04 | 2014-08-07 | Futurewei Technologies, Inc. | Mechanism to Initiate Calls Between Browsers Without Predefined Call Signaling Protocol |
CN103259788A (en) * | 2013-04-27 | 2013-08-21 | 天津大学 | Formal modeling and validation method based on security protocols |
CN106411940A (en) * | 2016-11-12 | 2017-02-15 | 中国人民解放军信息工程大学 | Security protocol verification method taking attacker as center |
Non-Patent Citations (1)
Title |
---|
陈慧丽等: "形式化分析验证一种改进的NSSK协议", 《兰州交通大学学报》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108989318B (en) | Light-weight security authentication and key exchange method for narrowband Internet of things | |
CN112435024B (en) | Alliance chain cross-chain privacy protection method based on group signature and CA multi-party authentication | |
CN109088870B (en) | Method for safely accessing acquisition terminal of power generation unit of new energy plant station to platform | |
CN107171805A (en) | A kind of internet-of-things terminal digital certificate signs and issues system and method | |
CN109067539A (en) | Alliance's chain method of commerce, equipment and computer readable storage medium | |
CN112887338A (en) | Identity authentication method and system based on IBC identification password | |
CN107835176A (en) | A kind of network authentication method and platform based on eID | |
CN104023352B (en) | A kind of instant communication software side channel testing system towards mobile communication platform | |
CN106713279A (en) | Video terminal identity authentication system | |
CN101202631A (en) | System and method for identification authentication based on cipher key and timestamp | |
CN105681340A (en) | Digital certificate use method and apparatus | |
CN106209811A (en) | Bluetooth equipment secure log auth method and device | |
CN108632042A (en) | A kind of class AKA identity authorization systems and method based on pool of symmetric keys | |
CN107566114A (en) | A kind of method of equipment encryption and transmission encryption in cloud Internet of Things platform | |
CN110414983A (en) | Reference information processing method, device, equipment and storage medium based on block chain | |
CN105554018A (en) | Network real name verification method | |
CN111179113A (en) | Power demand response method based on block chain technology | |
CN101562519B (en) | Digital certificate management method of user packet communication network and user terminal for accessing into user packet communication network | |
CN107967597A (en) | Electronic identification processing, storage method and device and electronic identification processing system | |
CN102833754B (en) | A kind of mobile device trusted access method based on digital certificate | |
CN113591103B (en) | Identity authentication method and system between intelligent terminals of electric power Internet of things | |
CN114614983A (en) | Feature fusion privacy protection method based on secure multi-party computation | |
CN112329032B (en) | Privacy mirror image financial auditing method and system based on function encryption | |
CN111541699B (en) | Method for safely transmitting data based on IEC102 communication protocol | |
CN113328854A (en) | Service processing method and system based on block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181127 |