Professional Documents
Culture Documents
3 To 5
3 To 5
3 To 5
SPAN+AVISPA
INTRODUCTION:
SPAN IS a Security Protocol ANimator for AVISPA. AVISPA stands for Automated
Validation of Internet Security Protocols and Applications The AVISPA project aims at
developing a push-button, industrial-strength technology for the analysis of large-scale Internet
security-sensitive protocols and applications.
SPAN is designed to help protocol developers in writing HLPSL specifications. From an
HLPSL specification SPAN helps in interactively buiding Message Sequence Charts (MSC) of
the protocol execution. Since SPAN implements an active intruder, it can also be used to
interactively find and build attacks over protocols
OBJECTIVE:
The objective of practical is to show how to use SPAN to understand and debug HLPSL
specifications used in the AVISPA cryptographic protocol verification tool.
IMPLEMENTATION:
1
Figure 1: The full SPAN main graphical interface.
2
3
Protocol: NeedhamSchroederSymmetricKey;
Identifiers
A, B, S : user;
Na, Nb : number;
Kas, Kbs, Kab : symmetric_key;
Dec : function;
messages
1. A -> S : A, B, Na
2. S -> A : {Na, B, Kab, {Kab, A}Kbs}Kas
3. A -> B : {Kab,A}Kbs
4. B -> A : {Nb}Kab
5. A -> B : {Dec(Nb)}Kab
knowledge
A : A,B,S,Kas,Dec;
B : A,B,S,Kbs,Dec;
S : A,B,S,Kas,Kbs,Dec;
4
session_instances
[A:alice,B:bob,S:server,Kas:key1,Kbs:key2,De
c:dec]; goal secrecy_of Kab [];
5
Practical 4
Scyther
INTRODUCTION:
Scyther is a tool for the automatic verification of security protocols. scyther can verify
protocols with an unbounded number of sessions and nonces. Scyther can characterize
protocols, yielding a finite representation of all possible protocol behaviours.
OBJECTIVE:
Objective of this practical is to analyse the security of Needham Schroeder protocol and find
out possible known attacks.
IMPLEMENTATION:
Installation and usage of the Scyther tool
Requirements
To be able to use Scyther, you need the following three things:
1. The GraphViz library.
This library is used by the Scyther tool to draw graphs. It can be freely downloaded from:
http://www.graphviz.org/ Download the latest stable release and install it.
The graphical user interface of Scyther is written in the Python language. Therefore, the GUI
requires the following two items:
2. Python
Stable releases of the Python interpreter are available
from: http://www.python.org/download Scyther does not support Python 3. You are
therefore recommended to choose the latest production release of Python 2, e.g., Python
2.7. Mac OS X: If the package yields an error when you try to install it,please use the
following, in the directory where you downloadedit: $ sudo installer -pkg graphviz-2.34.0.pkg
-target /
3. wxPython libraries.
The GUI user interface uses the wxPython libraries. <a
href="http://www.wxpython.org/download.php"> There are many different wxPython
packages. You should choose a 32-bit package that matches your Python version (e.g.,
2.7). It is recommended to select the unicode version from the stable releases.
wxPython packages for Python 2.7:
Windows : http://downloads.sourceforge.net/wxpython/wxPython2.8-win32-unicode-
2.8.12.1-py27.exe
Mac OS X: http://downloads.sourceforge.net/wxpython/wxPython2.8-osx-unicode-
2.8.12.1universal-py2.7.dmg
Note that this package is in an old format and you will probably get a warning "Package
is damaged". This can be resolved by:
6
$ sudo installer -pkg /Volume/.../wxPython2.8-osx-unicode-universal-py2.7.pkg/ -target /
Ubuntu/Debian Linux:
<a href="http://wiki.wxpython.org/InstallingOnUbuntuOrDebian">
Running Scyther
Start Scyther by executing the file scyther-gui.py in
the directory where you found this file.
7
Analysis of Needham Schroeder protocol
8
Result and Analysis:
After analysing the Needham Schroeder protocol in Scyther tool, we have found following
four attack patterns in this protocol.
9
Practical 5
Proverif
INTRODUCTION:
ProVerif is an automatic cryptographic protocol verifier, in the formal model (so called Dolev-
Yao model). This protocol verifier is based on a representation of the protocol by Horn clauses.
Its main features are:
• It can handle many different cryptographic primitives, including shared- and public-
key cryptography (encryption and signatures), hash functions, and Diffie-Hellman
key agreements, specified both as rewrite rules or as equations.
• It can handle an unbounded number of sessions of the protocol (even in parallel) and
an unbounded message space. This result has been obtained thanks to some well-
chosen approximations. This means that the verifier can give false attacks, but if it
claims that the protocol satisfies some property, then the property is actually satisfied.
The considered resolution algorithm terminates on a large class of protocols (the so-
called "tagged" protocols). When the tool cannot prove a property, it tries to
reconstruct an attack, that is, an execution trace of the protocol that falsifies the
desired property.
OBJECTIVE:
Objective of this practical is to describe the working of ProVerif tool and analysis
Needham Schroeder protocol.
IMPLEMENTAITON:
• Either:
o the source package ProVerif version 2.00 source (gzipped tar file) under GNU
General Public License o or the binary package ProVerif version 2.00,
for Windows, under BSD license (64 bits executable; works on Windows 64
bits)
• and the documentation package ProVerif version 2.00, documentation.
10
Or:
11
RESULT AND ANALYSIS:
After analysing the Needham Schroeder protocol in ProVerif, we have successfully verified
this protocol and we found following information about it.
12