Research Article
A Systematic Approach to Formal Analysis of QUIC Handshake Protocol Using Symbolic Model Checking
Table 4
Verification results of SPIN.
| Model checker properties | Counterexamples | Security constraints |
| | After the client reaches the waiting data state, it will finally reach the receiving data state | | Received the message Restart,0; the client stays in waiting configuration state | ā |
| | The client does not receive the message Restart,0 when it reached the waiting data state | | Received the message CHLO_rej,0; the client stays in waiting configuration state | | The attacker cannot forge the CHLO message sent by the client |
| | The client did not receive the message CHL0_rej,0 when it reached the waiting data state | | Received the message Rej,0; the client stays in waiting configuration state | | The attacker cannot forge the certification of server and cannot forge the signature of message REJ |
| | The client did not receive the message Rej,0 when it reached the waiting data state | | Received the message CCHLO_rej,0; the client transfers to waiting configuration state from waiting data state | | The attacker cannot forge CEPub and ciphertext EncReqM sent by the client |
| | The client did not receive the message CCHLO_rej,0 when it reached the waiting data state | | Received the message SHLO,0; the client transfers to waiting configuration state from waiting data state | | The attacker cannot forge the ciphertext EncResM and EncSEPub sent by the server |
|
|