The inductive approach to verifying cryptographic protocols
TLDR
Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions, which are based on ordinary predicate calculus and copes with infinite-state systems.Abstract:
Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinite-state systems. Proofs are generated using Isabelle/HOL. The human effort required to analyze a protocol can be as little as a week or two, yielding a proof script that takes a few minutes to run.
Protocols are inductively defined as sets of traces. A trace is a list of communication events, perhaps comprising many interleaved protocol runs. Protocol descriptions incorporate attacks and accidental losses. The model spy knows some private keys and can forge messages using components decrypted from previous traffic. Three protocols are analyzed below: Otway-Rees (which uses shared-key encryption), Needham-Schroeder (which uses public-key encryption), and a recursive protocol (Bull and Otway, 1997) (which is of variable length).
One can prove that event ev always precedes event ev' or that property P holds provided X remains secret. Properties can be proved from the viewpoint of the various principals: say, if A receives a final message from B then the session key it conveys is good.read more
Citations
More filters
Book ChapterDOI
The AVISPA tool for the automated validation of internet security protocols and applications
Alessandro Armando,David Basin,Yohan Boichut,Yannick Chevalier,Luca Compagna,Jorge Cuellar,P. Hankes Drielsma,Pierre-Cyrille Héam,Olga Kouchnarenko,Jacopo Mantovani,Sebastian Mödersheim,D. von Oheimb,Michaël Rusinowitch,J. Santiago,Mathieu Turuani,Luca Viganò,Laurent Vigneron +16 more
TL;DR: AVISPA is a push-button tool for the automated validation of Internet security-sensitive protocols and applications that provides a modular and expressive formal language for specifying protocols and their security properties.
Proceedings ArticleDOI
An efficient cryptographic protocol verifier based on prolog rules
TL;DR: A new automatic cryptographic protocol verifier based on a simple representation of the protocol by Prolog rules, and on a new efficient algorithm that determines whether a fact can be proved from these rules or not, which proves secrecy properties of the protocols.
Proceedings ArticleDOI
Mobile values, new names, and secure communication
Martín Abadi,Cédric Fournet +1 more
TL;DR: A simple, general extension of the pi calculus with value passing, primitive functions, and equations among terms is introduced, and semantics and proof techniques for this extended language are developed and applied in reasoning about some security protocols.
Journal ArticleDOI
Strand spaces: proving security protocols correct
TL;DR: The approach is distinguished from other work by the simplicity of the model, the precision of the results it produces, and the ease of developing intelligible and reliable proofs even without automated support.
Journal ArticleDOI
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
Martín Abadi,Phillip Rogaway +1 more
TL;DR: This paper starts to bridge the gap between two distinct, rigorous views of cryptography by providing a computational justification for a formal treatment of encryption.
References
More filters
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Journal ArticleDOI
Communicating sequential processes
TL;DR: It is suggested that input and output are basic primitives of programming and that parallel composition of communicating sequential processes is a fundamental program structuring method.
The TLS Protocol Version 1.0
T. Dierks,C. Allen +1 more
TL;DR: This document specifies Version 1.0 of the Transport Layer Security (TLS) protocol, which provides communications privacy over the Internet by allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.
Proceedings ArticleDOI
A logic of authentication
TL;DR: This paper describes the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication, and gives the results of the analysis of four published protocols.