<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">mais</journal-id><journal-title-group><journal-title xml:lang="ru">Моделирование и анализ информационных систем</journal-title><trans-title-group xml:lang="en"><trans-title>Modeling and Analysis of Information Systems</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1818-1015</issn><issn pub-type="epub">2313-5417</issn><publisher><publisher-name>Yaroslavl State University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.18255/1818-1015-2024-4-446-473</article-id><article-id custom-type="elpub" pub-id-type="custom">mais-1898</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>Theory of Computing</subject></subj-group></article-categories><title-group><article-title>Применение TLA+/TLC для моделирования и верификации криптографических протоколов</article-title><trans-title-group xml:lang="en"><trans-title>Using TLA+/TLC for modeling and verification of cryptographic protocols</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0000-6893-6137</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Нейзов</surname><given-names>Максим Вячеславович</given-names></name><name name-style="western" xml:lang="en"><surname>Neyzov</surname><given-names>Maxim V.</given-names></name></name-alternatives><email xlink:type="simple">neyzov.max@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-0500-306X</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Кузьмин</surname><given-names>Егор Владимирович</given-names></name><name name-style="western" xml:lang="en"><surname>Kuzmin</surname><given-names>Egor V.</given-names></name></name-alternatives><email xlink:type="simple">kuzmin@uniyar.ac.ru</email><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Институт автоматики и электрометрии СО РАН</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Institute of Automation and Electrometry SB RAS</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Ярославский государственный университет им. П.Г. Демидова</institution><country>Россия</country></aff><aff xml:lang="en"><institution>P.G. Demidov Yaroslavl State University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2024</year></pub-date><pub-date pub-type="epub"><day>13</day><month>12</month><year>2024</year></pub-date><volume>31</volume><issue>4</issue><fpage>446</fpage><lpage>473</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Нейзов М.В., Кузьмин Е.В., 2024</copyright-statement><copyright-year>2024</copyright-year><copyright-holder xml:lang="ru">Нейзов М.В., Кузьмин Е.В.</copyright-holder><copyright-holder xml:lang="en">Neyzov M.V., Kuzmin E.V.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.mais-journal.ru/jour/article/view/1898">https://www.mais-journal.ru/jour/article/view/1898</self-uri><abstract><p>Взаимодействие в открытых сетях несёт определённые риски. Для обеспечения информационной безопасности участников сетевого взаимодействия используют криптографические протоколы. Высокие гарантии безопасности могут быть достигнуты в результате их формальной верификации. Распространённым формальным методом верификации криптографических протоколов является метод проверки модели. В работе для проверки модели криптографических протоколов предлагается использовать инструментальное средство TLA+/TLC, широко применяемое на практике в различных прикладных областях. На языке спецификации TLA+ задаётся модель протокола, а также требуемые свойства безопасности в форме инвариантов. Модель протокола описывает его поведение в виде системы переходов, содержащей все возможные состояния модели протокола и переходы между ними. Для проведения автоматической проверки соответствия модели требуемым свойствам задействуется верификатор TLC. Задача верификации криптографических протоколов имеет свою специфику. Настоящее исследование предлагает три приёма моделирования, учитывающих особенности данной задачи и используемого инструментария TLA+/TLC. Первый приём моделирования состоит в замене системы, состоящей из произвольного количества агентов, на трёхагентную систему. Это позволяет упростить модель и уменьшить её пространство состояний. Второй приём связан с представлением передаваемых сообщений в виде иерархической структуры — это даёт возможность вкладывать одни зашифрованные сообщения в другие. Третий приём состоит в оптимизации модели с целью повышения производительности верификатора TLC. Это выполняется путем задания функции, порождающей множество только тех элементов, которые приводят к переходам между состояниями в модели. В итоге предложенные приёмы позволяют упростить модель и снизить время её верификации. Применение результатов демонстрируется на примере простого протокола — протокола Нидхема-Шредера для аутентификации с открытым ключом. После обнаружения верификатором TLC известной уязвимости этого протокола выполняется моделирование и верификация его доработанной версии. Результаты верификации показывают, что новая версия протокола не имеет данной уязвимости.</p></abstract><trans-abstract xml:lang="en"><p>Interacting in open networks carries certain risks. To ensure the information security of network interaction participants, cryptographic protocols (CrP) are used. High levels of security can be achieved through their formal verification. A common formal method for verifying CrP is model checking. In this work, we propose using the TLA+/TLC toolset to check models of CrP. This toolset is widely applied in various practical fields. The protocol model is defined in the TLA+ specification language, as well as the required security properties in the form of invariants. The model of a protocol describes its behavior as a transition system containing all possible states of the protocol model and transitions between them. The TLC model checker is employed to automatically verify that the model meets the required properties. The task of verifying CrP has its specifics. This study proposes three modeling techniques that take into account the specifics of both the task and the TLA+/TLC toolset being used. The first technique involves replacing a system consisting of an arbitrary number of agents with a three-agent system. This simplifies the model and reduces its state space. The second technique is related to representing transmitted messages as a hierarchical structure, allowing encrypted messages to be nested within others. The third technique consists of optimizing the model to improve the performance of the TLC model checker by defining a function that generates only those elements leading to transitions between states in the model. These techniques simplify the model and reduce verification time. We demonstrate the application of these results on a simple protocol example — the Needham-Schroeder public key authentication protocol. After detecting a known vulnerability in the original protocol by using TLC, we model and verify an improved version. Verification results show that the new version of the protocol does not have this vulnerability.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>уязвимость протокола</kwd><kwd>свойства безопасности</kwd><kwd>аутентификация</kwd><kwd>протокол Нидхема-Шредера</kwd><kwd>ассиметричная система шифрования</kwd><kwd>формальная верификация</kwd><kwd>продолжительность верификации</kwd><kwd>проверка модели</kwd><kwd>система переходов</kwd><kwd>модель протокола</kwd><kwd>приёмы моделирования</kwd><kwd>порождающая функция</kwd></kwd-group><kwd-group xml:lang="en"><kwd>protocol vulnerability</kwd><kwd>security properties</kwd><kwd>authentication</kwd><kwd>Needham-Schroeder protocol</kwd><kwd>asymmetric encryption system</kwd><kwd>formal verification</kwd><kwd>verification duration</kwd><kwd>model checking</kwd><kwd>transition system</kwd><kwd>protocol model</kwd><kwd>modeling techniques</kwd><kwd>generating function</kwd></kwd-group><funding-group><funding-statement xml:lang="ru">Госзадание ИАиЭ СО РАН, проект No 122031600173-8; ЯрГУ (проект VIP-016).</funding-statement><funding-statement xml:lang="en">State task IAaE SB RAS, project No. 122031600173-8; Yaroslavl State University (project VIP-016).</funding-statement></funding-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">“PNST 799-2022. Information Technologies. Cryptographic Protection of Information. Terms and Definitions.” [Online]. Available: https://protect.gost.ru/document.aspx?control=7&amp;id=246680.</mixed-citation><mixed-citation xml:lang="en">“PNST 799-2022. Information Technologies. Cryptographic Protection of Information. Terms and Definitions.” [Online]. Available: https://protect.gost.ru/document.aspx?control=7&amp;id=246680.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">D. Basin, C. Cremers, and C. Meadows, “Model Checking Security Protocols,” in Handbook of Model Checking, Springer, 2018, pp. 727–762.</mixed-citation><mixed-citation xml:lang="en">D. Basin, C. Cremers, and C. Meadows, “Model Checking Security Protocols,” in Handbook of Model Checking, Springer, 2018, pp. 727–762.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">“GOST R ISO 7498-2-99. Information technology. Open systems interconnection. Basic reference model. Part 2. Security Architecture.” [Online]. Available: https://protect.gost.ru/document.aspx?control=7&amp;id=131456.</mixed-citation><mixed-citation xml:lang="en">“GOST R ISO 7498-2-99. Information technology. Open systems interconnection. Basic reference model. Part 2. Security Architecture.” [Online]. Available: https://protect.gost.ru/document.aspx?control=7&amp;id=131456.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">“GOST R 56545-2015. Information protection. Vulnerabilities in information systems. Rules of vulnerabilities description.” [Online]. Available: https://protect.gost.ru/document.aspx?control=7&amp;id=201374.</mixed-citation><mixed-citation xml:lang="en">“GOST R 56545-2015. Information protection. Vulnerabilities in information systems. Rules of vulnerabilities description.” [Online]. Available: https://protect.gost.ru/document.aspx?control=7&amp;id=201374.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">M. Roggenbach, S. A. Shaikh, and H. N. Nguyen, “Formal Verification of Security Protocols,” in Formal Methods for Software Engineering: Languages, Methods, Application Domains, Springer, 2022, pp. 395–451.</mixed-citation><mixed-citation xml:lang="en">M. Roggenbach, S. A. Shaikh, and H. N. Nguyen, “Formal Verification of Security Protocols,” in Formal Methods for Software Engineering: Languages, Methods, Application Domains, Springer, 2022, pp. 395–451.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">M. Pourpouneh and R. Ramezanian, “A Short Introduction to Two Approaches in Formal Verification of Security Protocols: Model Checking and Theorem Proving,” ISeCure, vol. 8, no. 1, pp. 3–24, 2016, doi: 10.22042/isecure.2016.8.1.1.</mixed-citation><mixed-citation xml:lang="en">M. Pourpouneh and R. Ramezanian, “A Short Introduction to Two Approaches in Formal Verification of Security Protocols: Model Checking and Theorem Proving,” ISeCure, vol. 8, no. 1, pp. 3–24, 2016, doi: 10.22042/isecure.2016.8.1.1.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">C. Meadows, “Formal Analysis of Cryptographic Protocols,” in Encyclopedia of Cryptography, Security and Privacy, Springer, 2019, pp. 1–3.</mixed-citation><mixed-citation xml:lang="en">C. Meadows, “Formal Analysis of Cryptographic Protocols,” in Encyclopedia of Cryptography, Security and Privacy, Springer, 2019, pp. 1–3.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">E. M. Clarke, T. A. Henzinger, H. Veith, and R. Bloem, Handbook of Model Checking, 1st ed., vol. 10. Springer, 2018.</mixed-citation><mixed-citation xml:lang="en">E. M. Clarke, T. A. Henzinger, H. Veith, and R. Bloem, Handbook of Model Checking, 1st ed., vol. 10. Springer, 2018.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">“TLA+ Home.” [Online]. Available: https://lamport.azurewebsites.net/tla/tla.html.</mixed-citation><mixed-citation xml:lang="en">“TLA+ Home.” [Online]. Available: https://lamport.azurewebsites.net/tla/tla.html.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">R. M. Needham and M. D. Schroeder, “Using Encryption for Authentication in Large Networks of Computers,” Communications of the ACM, vol. 21, no. 12, pp. 993–999, 1978.</mixed-citation><mixed-citation xml:lang="en">R. M. Needham and M. D. Schroeder, “Using Encryption for Authentication in Large Networks of Computers,” Communications of the ACM, vol. 21, no. 12, pp. 993–999, 1978.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">“ISO/IEC 9798-1:2010. Information technology -- Security techniques -- Entity authentication -- Part 1: General.” [Online]. Available: https://www.iso.org/ru/standard/53634.html.</mixed-citation><mixed-citation xml:lang="en">“ISO/IEC 9798-1:2010. Information technology -- Security techniques -- Entity authentication -- Part 1: General.” [Online]. Available: https://www.iso.org/ru/standard/53634.html.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">“ISO/IEC 11770-3:2021. Information security -- Key management -- Part 3: Mechanisms using asymmetric techniques.” [Online]. Available: https://www.iso.org/ru/standard/82709.html.</mixed-citation><mixed-citation xml:lang="en">“ISO/IEC 11770-3:2021. Information security -- Key management -- Part 3: Mechanisms using asymmetric techniques.” [Online]. Available: https://www.iso.org/ru/standard/82709.html.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">W. Mao, Modern Cryptography: Theory and Practice. Williams Publishing House, 2005, p. 768.</mixed-citation><mixed-citation xml:lang="en">W. Mao, Modern Cryptography: Theory and Practice. Williams Publishing House, 2005, p. 768.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">G. Lowe, “An Attack on the Needham-Schroeder Public-Key Authentication Protocol,” Information Processing Letters, vol. 56, no. 3, pp. 131–133, 1995.</mixed-citation><mixed-citation xml:lang="en">G. Lowe, “An Attack on the Needham-Schroeder Public-Key Authentication Protocol,” Information Processing Letters, vol. 56, no. 3, pp. 131–133, 1995.</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">L. Lamport, Specifying Systems: the TLA+ Language and Tools for Hardware and Software Engineers, 1st ed. Addison-Wesley, 2002, p. 364.</mixed-citation><mixed-citation xml:lang="en">L. Lamport, Specifying Systems: the TLA+ Language and Tools for Hardware and Software Engineers, 1st ed. Addison-Wesley, 2002, p. 364.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">M. A. Kuppe, L. Lamport, and D. Ricketts, “The TLA+ Toolbox,” Electronic Proceedings in Theoretical Computer Science, vol. 310, pp. 50–62, 2019, doi: 10.4204/eptcs.310.6.</mixed-citation><mixed-citation xml:lang="en">M. A. Kuppe, L. Lamport, and D. Ricketts, “The TLA+ Toolbox,” Electronic Proceedings in Theoretical Computer Science, vol. 310, pp. 50–62, 2019, doi: 10.4204/eptcs.310.6.</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">R. Beers, “Pre-RTL Formal Verification: an Intel Experience,” in Proceedings of the 45th annual Design Automation Conference, 2008, pp. 806–811, doi: 10.1145/1391469.1391675.</mixed-citation><mixed-citation xml:lang="en">R. Beers, “Pre-RTL Formal Verification: an Intel Experience,” in Proceedings of the 45th annual Design Automation Conference, 2008, pp. 806–811, doi: 10.1145/1391469.1391675.</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">F. Hackett, J. Rowe, and M. A. Kuppe, “Understanding Inconsistency in Azure Cosmos DB with TLA+,” in 2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), 2023, pp. 1–12, doi: 10.1109/ICSE-SEIP58684.2023.00006.</mixed-citation><mixed-citation xml:lang="en">F. Hackett, J. Rowe, and M. A. Kuppe, “Understanding Inconsistency in Azure Cosmos DB with TLA+,” in 2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), 2023, pp. 1–12, doi: 10.1109/ICSE-SEIP58684.2023.00006.</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">C. Newcombe, T. Rath, F. Zhang, and et al., “How Amazon Web Services Uses Formal Methods,” Communications of the ACM, vol. 58, no. 4, pp. 66–73, 2015, doi: 10.1145/2699417.</mixed-citation><mixed-citation xml:lang="en">C. Newcombe, T. Rath, F. Zhang, and et al., “How Amazon Web Services Uses Formal Methods,” Communications of the ACM, vol. 58, no. 4, pp. 66–73, 2015, doi: 10.1145/2699417.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Y.-M. Kim and M. Kang, “Formal Verification of SDN-based Firewalls by using TLA+,” IEEE Access, vol. 8, pp. 52100–52112, 2020, doi: 10.1109/ACCESS.2020.2979894.</mixed-citation><mixed-citation xml:lang="en">Y.-M. Kim and M. Kang, “Formal Verification of SDN-based Firewalls by using TLA+,” IEEE Access, vol. 8, pp. 52100–52112, 2020, doi: 10.1109/ACCESS.2020.2979894.</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">E. Verhulst, R. T. Boute, J. M. S. Faria, and et al., Formal Development of a Network-Centric RTOS: Software Engineering for Reliable Embedded Systems, 1st ed. Springer, 2011.</mixed-citation><mixed-citation xml:lang="en">E. Verhulst, R. T. Boute, J. M. S. Faria, and et al., Formal Development of a Network-Centric RTOS: Software Engineering for Reliable Embedded Systems, 1st ed. Springer, 2011.</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">V. A. Kukharenko, K. V. Ziborov, R. F. Sadykov, and et al., “Innochain: a Distributed Ledger for Industry with Formal Verification on All Implementation Levels,” Modeling and Analysis of Information Systems, vol. 27, no. 4, pp. 454–471, 2020, doi: 10.18255/1818-1015-2020-4-454-471.</mixed-citation><mixed-citation xml:lang="en">V. A. Kukharenko, K. V. Ziborov, R. F. Sadykov, and et al., “Innochain: a Distributed Ledger for Industry with Formal Verification on All Implementation Levels,” Modeling and Analysis of Information Systems, vol. 27, no. 4, pp. 454–471, 2020, doi: 10.18255/1818-1015-2020-4-454-471.</mixed-citation></citation-alternatives></ref><ref id="cit23"><label>23</label><citation-alternatives><mixed-citation xml:lang="ru">V. Kukharenko, K. Ziborov, R. Sadykov, and et al., “Verification of Hotstuff BFT Consensus Protocol with TLA+/TLC in an Industrial Setting,” in SHS Web of Conferences, 2021, vol. 93, pp. 77–95, doi: 10.1051/shsconf/20219301006.</mixed-citation><mixed-citation xml:lang="en">V. Kukharenko, K. Ziborov, R. Sadykov, and et al., “Verification of Hotstuff BFT Consensus Protocol with TLA+/TLC in an Industrial Setting,” in SHS Web of Conferences, 2021, vol. 93, pp. 77–95, doi: 10.1051/shsconf/20219301006.</mixed-citation></citation-alternatives></ref><ref id="cit24"><label>24</label><citation-alternatives><mixed-citation xml:lang="ru">H. Guo, Y. Ji, and X. Zhou, “The Development of a TLA+ Verified Correctness Raft Consensus Protocol,” in Web and Big Data, 2024, vol. 14965, pp. 459–469, doi: 10.1007/978-981-97-7244-5_40.</mixed-citation><mixed-citation xml:lang="en">H. Guo, Y. Ji, and X. Zhou, “The Development of a TLA+ Verified Correctness Raft Consensus Protocol,” in Web and Big Data, 2024, vol. 14965, pp. 459–469, doi: 10.1007/978-981-97-7244-5_40.</mixed-citation></citation-alternatives></ref><ref id="cit25"><label>25</label><citation-alternatives><mixed-citation xml:lang="ru">R. Niyogi and A. Nath, “Formal Specification and Verification of a Team Formation Protocol using TLA+,” Software: Practice and Experience, vol. 54, no. 6, pp. 961–984, 2024, doi: 10.1002/spe.3307.</mixed-citation><mixed-citation xml:lang="en">R. Niyogi and A. Nath, “Formal Specification and Verification of a Team Formation Protocol using TLA+,” Software: Practice and Experience, vol. 54, no. 6, pp. 961–984, 2024, doi: 10.1002/spe.3307.</mixed-citation></citation-alternatives></ref><ref id="cit26"><label>26</label><citation-alternatives><mixed-citation xml:lang="ru">A. Jandoubi, M. T. Bennani, O. Mosbahi, and A. El Fazziki, “Analyzing MQTT Attack Scenarios: A Systematic Formalization and TLC Model Checker Simulation,” in Evaluation of Novel Approaches to Software Engineering, 2024, vol. 1, pp. 370–378, doi: 10.5220/0012625600003687.</mixed-citation><mixed-citation xml:lang="en">A. Jandoubi, M. T. Bennani, O. Mosbahi, and A. El Fazziki, “Analyzing MQTT Attack Scenarios: A Systematic Formalization and TLC Model Checker Simulation,” in Evaluation of Novel Approaches to Software Engineering, 2024, vol. 1, pp. 370–378, doi: 10.5220/0012625600003687.</mixed-citation></citation-alternatives></ref><ref id="cit27"><label>27</label><citation-alternatives><mixed-citation xml:lang="ru">J.-Q. Yin, H.-B. Zhu, and Y. Fei, “Specification and Verification of the Zab Protocol with TLA+,” Journal of Computer Science and Technology, vol. 35, pp. 1312–1323, 2020, doi: 10.1007/s11390-020-0538-7.</mixed-citation><mixed-citation xml:lang="en">J.-Q. Yin, H.-B. Zhu, and Y. Fei, “Specification and Verification of the Zab Protocol with TLA+,” Journal of Computer Science and Technology, vol. 35, pp. 1312–1323, 2020, doi: 10.1007/s11390-020-0538-7.</mixed-citation></citation-alternatives></ref><ref id="cit28"><label>28</label><citation-alternatives><mixed-citation xml:lang="ru">L. Ouyang, X. Sun, R. Tang, and et al., “Multi-Grained Specifications for Distributed System Model Checking and Verification.” 2024.</mixed-citation><mixed-citation xml:lang="en">L. Ouyang, X. Sun, R. Tang, and et al., “Multi-Grained Specifications for Distributed System Model Checking and Verification.” 2024.</mixed-citation></citation-alternatives></ref><ref id="cit29"><label>29</label><citation-alternatives><mixed-citation xml:lang="ru">D. Dolev and A. Yao, “On the Security of Public Key Protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983, doi: 10.1109/TIT.1983.1056650.</mixed-citation><mixed-citation xml:lang="en">D. Dolev and A. Yao, “On the Security of Public Key Protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983, doi: 10.1109/TIT.1983.1056650.</mixed-citation></citation-alternatives></ref><ref id="cit30"><label>30</label><citation-alternatives><mixed-citation xml:lang="ru">T. G. Keerthan Kumar and S. Ramu, “Formal Verfication of Security Protocol Using Spin Tool,” in International Conference on Advances in Information Technology, 2019, pp. 393–399, doi: 10.1109/ICAIT47043.2019.8987376.</mixed-citation><mixed-citation xml:lang="en">T. G. Keerthan Kumar and S. Ramu, “Formal Verfication of Security Protocol Using Spin Tool,” in International Conference on Advances in Information Technology, 2019, pp. 393–399, doi: 10.1109/ICAIT47043.2019.8987376.</mixed-citation></citation-alternatives></ref><ref id="cit31"><label>31</label><citation-alternatives><mixed-citation xml:lang="ru">S. Basagiannis, P. Katsaros, and A. Pombortsis, “An Intruder Model with Message Inspection for Model Checking Security Protocols,” Computers &amp; Security, vol. 29, no. 1, pp. 16–34, 2010, doi: 10.1016/j.cose.2009.08.003.</mixed-citation><mixed-citation xml:lang="en">S. Basagiannis, P. Katsaros, and A. Pombortsis, “An Intruder Model with Message Inspection for Model Checking Security Protocols,” Computers &amp; Security, vol. 29, no. 1, pp. 16–34, 2010, doi: 10.1016/j.cose.2009.08.003.</mixed-citation></citation-alternatives></ref><ref id="cit32"><label>32</label><citation-alternatives><mixed-citation xml:lang="ru">“Needham-Schroeder Public Key Protocol Model Checking with TLA+/TLC.” [Online]. Available: https://github.com/MaximNeyzov/NSPK-model-checking.</mixed-citation><mixed-citation xml:lang="en">“Needham-Schroeder Public Key Protocol Model Checking with TLA+/TLC.” [Online]. Available: https://github.com/MaximNeyzov/NSPK-model-checking.</mixed-citation></citation-alternatives></ref><ref id="cit33"><label>33</label><citation-alternatives><mixed-citation xml:lang="ru">G. Lowe, “Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR,” in Tools and Algorithms for the Construction and Analysis of Systems (TACAS), 1996, vol. 1055, pp. 147–166, doi: 10.1007/3-540-61042-1_43.</mixed-citation><mixed-citation xml:lang="en">G. Lowe, “Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR,” in Tools and Algorithms for the Construction and Analysis of Systems (TACAS), 1996, vol. 1055, pp. 147–166, doi: 10.1007/3-540-61042-1_43.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
