scispace - formally typeset
Open AccessBook

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

Bruno Blanchet
Reads0
Chats0
TLDR
This survey presents an overview of the research on ProVerif, an automatic symbolic protocol verifier that automatically translates this protocol description into Horn clauses and determines whether the desired security properties hold by resolution on these clauses.
Abstract
ProVerif is an automatic symbolic protocol verifier It supports a wide range of cryptographic primitives, defined by rewrite rules or by equations It can prove various security properties: secrecy, authentication, and process equivalences, for an unbounded message space and an unbounded number of sessions It takes as input a description of the protocol to verify in a dialect of the applied pi calculus, an extension of the pi calculus with cryptography It automatically translates this protocol description into Horn clauses and determines whether the desired security properties hold by resolution on these clauses This survey presents an overview of the research on ProVerif

read more

Content maybe subject to copyright    Report

Modeling and Verifying
Security Protocols with the
Applied Pi Calculus and
ProVerif
Full text available at: http://dx.doi.org/10.1561/3300000004
Full text available at: http://dx.doi.org/10.1561/3300000004
Modeling and Verifying Security
Protocols with the Applied Pi
Calculus and ProVerif
Bruno Blanchet
INRIA Paris, France
Bruno.Blanchet@inria.fr
Boston Delft
Full text available at: http://dx.doi.org/10.1561/3300000004
Foundations and Trends
R
in Privacy and Secruity
Published, sold and distributed by:
now Publishers Inc.
PO Box 1024
Hanover, MA 02339
United States
Tel. +1-781-985-4510
www.nowpublishers.com
sales@nowpublishers.com
Outside North America:
now Publishers Inc.
PO Box 179
2600 AD Delft
The Netherlands
Tel. +31-6-51115274
The preferred citation for this publication is
B. Blanchet. Modeling and Verifying Security Protocols with the Applied Pi Calculus
and ProVerif. Foundations and Trends
R
in Privacy and Secruity, vol. 1, no. 1-2,
pp. 1–135, 2016.
ISBN: 978-1-68083-207-5
c
2016 B. Blanchet
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system,
or transmitted in any form or by any means, mechanical, photocopying, recording or otherwise,
without prior written permission of the publishers.
Photocopying. In the USA: This journal is registered at the Copyright Clearance Center, Inc., 222
Rosewood Drive, Danvers, MA 01923. Authorization to photocopy items for internal or personal
use, or the internal or personal use of specific clients, is granted by now Publishers Inc for users
registered with the Copyright Clearance Center (CCC). The ‘services’ for users can be found on
the internet at: www.copyright.com
For those organizations that have been granted a photocopy license, a separate system of payment
has been arranged. Authorization does not extend to other kinds of copying, such as that for
general distribution, for advertising or promotional purposes, for creating new collective works,
or for resale. In the rest of the world: Permission to photocopy must be obtained from the
copyright owner. Please apply to now Publishers Inc., PO Box 1024, Hanover, MA 02339, USA;
Tel. +1 781 871 0245; www.nowpublishers.com; sales@nowpublishers.com
now Publishers Inc. has an exclusive license to publish this material worldwide. Permission
to use this content must be obtained from the copyright license holder. Please apply to now
Publishers, PO Box 179, 2600 AD Delft, The Netherlands, www.nowpublishers.com; e-mail:
sales@nowpublishers.com
Full text available at: http://dx.doi.org/10.1561/3300000004
Foundations and Trends
R
in Privacy and
Secruity
Volume 1, Issue 1-2, 2016
Editorial Board
Editor-in-Chief
Anupam Datta
Carnegie Mellon University
United States
Jeannette Wing
Microsoft Research
United States
Editors
Martín Abadi
Google and UC Santa Cruz
Michael Backes
Saarland University
Dan Boneh
Stanford University
Véronique Cortier
LORIA, CNRS
Lorrie Cranor
Carnegie Mellon University
Cédric Fournet
Microsoft Research
Virgil Gligor
Carnegie Mellon University
Jean-Pierre Hubaux
EPFL
Deirdre Mulligan
UC Berkeley
Andrew Myers
Cornell University
Helen Nissenbaum
New York University
Michael Reiter
University of North Carolina
Shankar Sastry
UC Berkeley
Dawn Song
UC Berkeley
Daniel Weitzner
MIT
Full text available at: http://dx.doi.org/10.1561/3300000004
Citations
More filters
Proceedings ArticleDOI

A Formal Analysis of 5G Authentication

David Basin, +5 more
- 27 Jun 2018 - 
TL;DR: This work provides the first comprehensive formal model of a protocol from the AKA family: 5G AKA, and finds that some critical security goals are not met, except under additional assumptions missing from the standard.
Proceedings ArticleDOI

A Formal Analysis of 5G Authentication

David Basin, +5 more
TL;DR: In this article, the authors provide the first comprehensive formal model of a protocol from the AKA family: 5G AKA, and conduct a full, systematic, security evaluation of the model with respect to the 5G security goals.
Proceedings ArticleDOI

LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE

Syed Rafiul Hussain, +3 more
TL;DR: A modelbased testing approach LTEInspector is proposed which lazily combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model for exposing vulnerabilities in the 4G LTE protocol.
Proceedings ArticleDOI

Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate

Karthikeyan Bhargavan, +2 more
TL;DR: A methodology for developing verified symbolic and computational models of TLS 1.3 hand-in-hand with a high-assurance reference implementation of the protocol, and presents a computational CryptoVerif model for TLS1.3 Draft-18 and proves its security.
Journal ArticleDOI

Security for 4G and 5G cellular networks

Mohamed Amine Ferrag, +4 more
- 01 Jan 2018 - 
TL;DR: A comprehensive survey of authentication and privacy-preserving schemes for 4G and 5G cellular networks can be found in this paper, where the authors provide a taxonomy and comparison of authentication schemes in terms of tables.
References
More filters
Journal ArticleDOI

New Directions in Cryptography

Whitfield Diffie, +1 more
- 01 Nov 1976 - 
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Journal ArticleDOI

On the security of public key protocols

Danny Dolev, +1 more
- 01 Mar 1983 - 
TL;DR: Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.
Journal ArticleDOI

Using encryption for authentication in large networks of computers

Roger M. Needham, +1 more
- 01 Dec 1978 - 
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Journal ArticleDOI

A Calculus of Mobile Processes - Part II

Robin Milner, +2 more
- 01 Jan 1992 - 
TL;DR: The purpose of the present paper is to provide a detailed presentation of some of the theory of the calculus developed to date, and in particular to establish most of the results stated in the companion paper.
Proceedings ArticleDOI

Encrypted key exchange: password-based protocols secure against dictionary attacks

Steven M. Bellovin, +1 more
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Related Papers (5)

On the security of public key protocols

Danny Dolev, +1 more
- 01 Mar 1983 - 

The AVISPA tool for the automated validation of internet security protocols and applications

Alessandro Armando, +16 more

Mobile values, new names, and secure communication

Martín Abadi, +1 more

The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols

Cas Cremers

Using encryption for authentication in large networks of computers

Roger M. Needham, +1 more
- 01 Dec 1978 -