Refine
Year of publication
Document Type
- Article (17)
- Report (8)
- Part of a Book (7)
- Conference Proceeding (4)
- Doctoral Thesis (1)
- Working Paper (1)
Keywords
- Electronic Cash (4)
- Mondex (3)
- Verifikation (3)
- ASM (2)
- Chipkarte (2)
- KIV (2)
- Programmverifikation (2)
- Security Protocol (2)
- Sicherheitsprotokoll (2)
- Abstrakte Zustandsmaschine (1)
Institute
- Fakultät für Angewandte Informatik (38)
- Institut für Informatik (38)
- Institut für Software & Systems Engineering (38)
- Lehrstuhl für Softwaretechnik (38)
- Institut für Mathematik (3)
- Lehrstuhl für Stochastik und ihre Anwendungen (3)
- Mathematisch-Naturwissenschaftlich-Technische Fakultät (3)
- Universität Serviceeinrichtungen (3)
- Universitätsbibliothek (3)
The electronic ticketing was developed within the scope of the Go!Card project. It is used as a test object for the techniques for the development of secure smartcard applications that are developed in the Go!Card project. Our development method for secure smartcard applications is described in [D. Haneberg, W. Reif, K. Stenzel: A Method for Secure Smartcard Applications, in: Algebraic Methodology and Software Technology, LNCS 2422, Springer]. The electronic ticketing case study deals with an e-commerce scenario for the electronic sale of railway or flight tickets. The customers buy their tickets from a server that transmits the signed and encrypted tickets to the customer, where they are loaded on the customers smartcard. Then the smartcard decrypts and verifies the tickets and stores them. The tickets are checked and obliterated offline by the train's conductor using a portable computer. This report describes the scenario of the electronic ticketing case study, we explain the different functions and discuss desirable security objectives. This report completely supersedes Technical Report 2001-9 which now is obsolete. The design and the description of the protocols were adjusted to the latest findings of our research and some additional protocols were added.
We present a formal model for security protocols of smart card applications using Abstract State Machines (ASMs) and a suitable method for verifying security properties of such protocols. The main part of this article describes the structure of the protocol-ASM and all its relevant parts. Integrated in the ASM are all relevant aspects of the scenario: The agents participating in the application (static and dynamic aspects), the attacker and the possible communication between all those involved in the application. Our modeling technique enables an attacker model exactly tailored to the application under consideration, instead of only an attacker similar to the Dolev-Yao model. We also introduce a proof technique for security properties of the protocols. For proving properties the ASM is represented as a Dynamic Logic (DL) program in the KIV system. Properties are proved using symbolic execution and invariants. Our formal approach is exemplified with a small e-commerce application. We use an electronic wallet to demonstrate the ASM-based protocol model and we also show how the proof obligations of some of the security properties look like.
The Mondex case study about the specification and refinement of an electronic purse as defined in [mondex00] has recently been proposed as a challenge for formal system-supported verification. This paper reports on the successful verification of the major part of the case study using the KIV specification and verification system. We demonstrate that even though the hand-made proofs were elaborated to an enormous level of detail we still could find small errors in the underlying data refinement theory as well as the formal proofs of the case study. We also provide an alternative formalisation of the communication protocol using abstract state machines. Finally the Mondex case study verifies functional correctness assuming a suitable security protocol. Therefore we propose to extend the case study to include the verification of a suitable security protocol.
The electronic ticketing was developed within the scope of the Go!Card project. It is used as a test object for the techniques for the development of secure smartcard applications that are developed in the Go!Card project. The electronic ticketing case study deals with an e-commerce scenario for the electronic sale of railway or flight tickets. The customers buy their tickets from a server that transmits the signed and encrypted tickets to the customer, where they are loaded on the customers smartcard. Then the smartcard decrypts and verifies the tickets and stores them. The tickets are checked and obliterated offline by the train's conductor using a portable computer. This report describes the scenario of the electronic ticketing case study and explains some of the functions of the card program.
In [SGHR06] we have solved the challenge to mechanically verify the Mondex challenge about the specification and refinement of an electronic purse as defined in [SCJ00]. In this paper we show, that the verification can be made more systematic and better automated using ASM refinement instead of the original data refinement. This avoids to define a lot of properties of intermediate states during protocol runs. The systematic development of a generalized forward simulation also uncovered a weakness of the protocol, that could be exploited in a denial of service attack.
In this paper we introduce three different implementations for the Mondex electronic purse verification challenge [Woo06] [SCW00]. In previous work ([SGHR06] [SGH+07] and [HSGR06]) we verified security and correctness properties of the Mondex money transfer protocol. Here we present a way to translate the formal specifications into running JavaCard code. We introduce three different ways to implement the protocol, one using symmetric cryptography, one using asymmetric cryptography and finally one using special datatypes for cryptographic protocols and symmetric cryptography. All implementations presented in this paper are able to run on a Gemplus GemxpressoRAD ProR3 SmartCard.
The Mondex case study about the specification and refinement of an electronic purse as defined in [SCW00] has recently been proposed as a challenge for formal system-supported verification. In this paper we report on two results. First, on the successful verification of the full case study using the KIV specification and verification system. We demonstrate that even though the hand-made proofs were elaborated to an enormous level of detail we still could find small errors in the underlying data refinement theory as well as the formal proofs of the case study. Second, the original Mondex case study verifies functional correctness assuming a suitable security protocol. We extend the case study here with a refinement to a suitable security protocol that uses symmetric cryptography to achieve the necessary properties of the security-relevant messages. The definition is based on a generic framework for defining such protocols based on abstract state machines (ASMs). We prove the refinement using a forward simulation.
This paper presents formal proof obligations for data refinement in the presence of unexpected crashes, notably due to a power failure. The work is part of our effort to construct a verified file system for flash memory. We apply the theory to one of the components in the flash file system, namely the erase block management layer. We show its functional correctness with respect to a high-level specification. We prove that the system can always recover from power loss to a desired state. We observe two simplifications that greatly reduce the proof effort for crashes in practice. Proofs are mechanized in the theorem prover KIV.
