Automated Security Protocol Analysis with AVISPA



Modern societies rely on secure networked-based services to perform a wide
variety of sensitive tasks. To meet these needs, a growing number of security
protocols have been developed to facilitate mutual authentication of parties,
cryptographic key exchange, and other security requirements. Yet validation of
security protocols is widely understood to be a hard problem. In fact, some
security protocols have been shown to be vulnerable to attack years--
even decades--after wide-spread adoption, for example the Wireless Equivalent
Privacy (WEP) used in early WiFi networks and the Needham-Schroeder Public-Key
Protocol. As a result, a number of automated tools and methods for validating
security protocols have been proposed. In this talk, we will present the AVISPA
(Automated Validation of Internet Security-sensitive Protocols) tool. Following
a brief background discussion on security protocols and common vulnerabilities,
we will describe how protocols can be modeled and tested using the AVISPA tool,
including a brief introduction to the high-level protocol specification language
(HLPSL). Interpretation of the attack traces produced by the tool for vulnerable
protocols will also be discussed.