Security Protocol Verification: Symbolic and Computational Models

Security protocol verification has been a very active research area since the 1990s. This paper surveys various approaches in this area, considering the verification in the symbolic model, as well as the more recent approaches that rely on the computational model or that verify protocol implementations rather than specifications. Additionally, we briefly describe our symbolic security protocol verifier ProVerif and situate it among these approaches.

[1]  Pierre-Yves Strub,et al.  Modular code-based cryptographic verification , 2011, CCS '11.

[2]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[3]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[4]  Ralf Küsters,et al.  Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[5]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[6]  Christoph Weidenbach,et al.  Towards an Automatic Analysis of Security Protocols in First-Order Logic , 1999, CADE.

[7]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[8]  Flemming Nielson,et al.  Static validation of security protocols , 2005, J. Comput. Secur..

[9]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[10]  Steve A. Schneider,et al.  A decision procedure for the existence of a rank function , 2005, J. Comput. Secur..

[11]  Yassine Lakhnech,et al.  Completing the Picture: Soundness of Formal Encryption in the Presence of Active Adversaries , 2005, ESOP.

[12]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[13]  Benjamin Grégoire,et al.  Formal certification of code-based cryptographic proofs , 2009, POPL '09.

[14]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[15]  Jaime G. Carbonell,et al.  Automated Deduction — CADE-16 , 2002, Lecture Notes in Computer Science.

[16]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2013, J. Funct. Program..

[17]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2003 .

[18]  John C. Mitchell,et al.  A derivation system and compositional logic for security protocols , 2005, J. Comput. Secur..

[19]  Bruno Blanchet,et al.  Using Horn Clauses for Analyzing Security Protocols , 2011, Formal Models and Techniques for Analyzing Security Protocols.

[20]  José Meseguer,et al.  A rewriting-based inference system for the NRL Protocol Analyzer and its meta-logical properties , 2006, Theor. Comput. Sci..

[21]  John C. Mitchell,et al.  Multiset rewriting and the complexity of bounded security protocols , 2004, J. Comput. Secur..

[22]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[23]  Peeter Laud,et al.  Handling Encryption in an Analysis for Secure Information Flow , 2003, ESOP.

[24]  Michaël Rusinowitch,et al.  Protocol insecurity with a finite number of sessions, composed keys is NP-complete , 2003, Theor. Comput. Sci..

[25]  Andre Scedrov,et al.  Computationally sound mechanized proofs for basic and public-key Kerberos , 2008, ASIACCS '08.

[26]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[27]  Jia Liu,et al.  A complete symbolic bisimulation for full applied pi calculus , 2009, Theor. Comput. Sci..

[28]  Jan Jürjens,et al.  Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols , 2011, CSF.

[29]  Peeter Laud,et al.  Secrecy types for a simulatable cryptographic library , 2005, CCS '05.

[30]  Mark Ryan,et al.  Attack, Solution and Verification for Shared Authorisation Data in TCG TPM , 2009, Formal Aspects in Security and Trust.

[31]  Dieter Gollmann,et al.  Computer Security – ESORICS 2003 , 2003, Lecture Notes in Computer Science.

[32]  Vincent Cheval,et al.  Automating Security Analysis: Symbolic Equivalence of Constraint Systems , 2010, IJCAR.

[33]  Laurent Vigneron,et al.  Validation of Prouve Protocols using the Automatic Tool TA4SP , 2006 .

[34]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[35]  Andrew D. Gordon,et al.  Typing One-to-One and One-to-Many Correspondences in Security Protocols , 2002, ISSS.

[36]  Avik Chaudhuri,et al.  Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[37]  Naveen Garg,et al.  FSTTCS 2006: Foundations of Software Technology and Theoretical Computer Science, 26th International Conference, Kolkata, India, December 13-15, 2006, Proceedings , 2006, FSTTCS.

[38]  G. Denker,et al.  CAPSL integrated protocol environment , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[39]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[40]  Andrew D. Gordon,et al.  Modular verification of security protocol code by typing , 2010, POPL '10.

[41]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[42]  Cjf Cas Cremers Scyther : semantics and verification of security protocols , 2006 .

[43]  Bruno Blanchet,et al.  Computationally Sound Mechanized Proofs of Correspondence Assertions , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[44]  Sagar Chaki,et al.  ASPIER: An Automated Framework for Verifying Security Protocol Implementations , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[45]  Michaël Rusinowitch,et al.  Relating two standard notions of secrecy , 2006 .

[46]  Pierpaolo Degano,et al.  Flow logic for Dolev-Yao secrecy in cryptographic processes , 2002, Future Gener. Comput. Syst..

[47]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[48]  Bruce M. Kapron,et al.  Computational indistinguishability logic , 2010, CCS '10.

[49]  Véronique Cortier,et al.  A Method for Proving Observational Equivalence , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[50]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[51]  Cédric Fournet,et al.  Cryptographically verified implementations for TLS , 2008, CCS.

[52]  Vitaly Shmatikov,et al.  Probabilistic Polynomial-Time Semantics for a Protocol Security Logic , 2005, ICALP.

[53]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[54]  Thomas Genet,et al.  Rewriting for Cryptographic Protocol Verification , 2000, CADE.

[55]  Stefan Ciobaca Verification and composition of security protocols with applications to electronic voting. (Vérification et composition des protocoles de securité avec des applications aux protocoles de vote electronique) , 2011 .

[56]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[57]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[58]  Bruno Blanchet,et al.  Automatic proof of strong secrecy for security protocols , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[59]  Ralf Küsters,et al.  Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach , 2008, CCS.

[60]  Jane Hillston,et al.  Challenges for Quantitative Analysis of Collective Adaptive Systems , 2013, TGC.

[61]  Gavin Lowe,et al.  How to prevent type flaw attacks on security protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[62]  Martín Abadi,et al.  Just fast keying in the pi calculus , 2004, TSEC.

[63]  David Monniaux Abstracting cryptographic protocols with tree automata , 2003, Sci. Comput. Program..

[64]  Dawn Xiaodong Song,et al.  AGVI - Automatic Generation, Verification, and Implementation of Security Protocols , 2001, CAV.

[65]  A. W. Roscoe,et al.  Automating Data Independence , 2000, ESORICS.

[66]  Dominique Bolignano,et al.  Towards a Mechanization of Cryptographic Protocal Verification , 1997, CAV.

[67]  Yassine Lakhnech,et al.  Computationally Sound Typing for Non-interference: The Case of Deterministic Encryption , 2007, FSTTCS.

[68]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[69]  Andrew D. Gordon,et al.  TulaFale: A Security Tool for Web Services , 2003, FMCO.

[70]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[71]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[72]  Jean Goubault-Larrecq,et al.  Deciding H1 by resolution , 2005, Inf. Process. Lett..

[73]  P. Cogn,et al.  A Computationally Sound Mechanized Prover for Security Protocols , 2009 .

[74]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .

[75]  Birgit Pfitzmann,et al.  Cryptographically sound theorem proving , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[76]  Véronique Cortier,et al.  A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems , 2011, Journal of Automated Reasoning.

[77]  Pierre Ganty,et al.  SAT-Based Model-Checking of Security Protocols Using Planning Graph Analysis , 2003, FME.

[78]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[79]  Sebastian Mödersheim,et al.  An On-the-Fly Model-Checker for Security Protocol Analysis , 2003, ESORICS.

[80]  Flemming Nielson,et al.  Automatic validation of protocol narration , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[81]  Benjamin Grégoire,et al.  Formal Certification of ElGamal Encryption , 2009, Formal Aspects in Security and Trust.

[82]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[83]  Martin Steffen,et al.  Concurrency, Compositionality, and Correctness, Essays in Honor of Willem-Paul de Roever , 2010, Concurrency, Compositionality, and Correctness.

[84]  Harald Ganzinger,et al.  Resolution Theorem Proving , 2001, Handbook of Automated Reasoning.

[85]  Frank Wolter,et al.  Monodic fragments of first-order temporal logics: 2000-2001 A.D , 2001, LPAR.

[86]  Alfredo Pironti,et al.  Provably correct Java implementations of Spi Calculus security protocols specifications , 2010, Comput. Secur..

[87]  Geoffrey Smith,et al.  Secure information flow with random assignment and encryption , 2006, FMSE '06.

[88]  Andreas Podelski,et al.  Verification of cryptographic protocols: tagging enforces termination , 2003, Theor. Comput. Sci..

[89]  Jan Jürjens,et al.  Extracting and verifying cryptographic models from C protocol code by symbolic execution , 2011, CCS '11.

[90]  Ian Glendinning,et al.  Parallel and Distributed Processing , 2001, Digital Image Analysis.

[91]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[92]  Jonathan K. Millen,et al.  The Interrogator: Protocol Secuity Analysis , 1987, IEEE Transactions on Software Engineering.

[93]  Vincent Danos,et al.  Reversible Communicating Systems , 2004, CONCUR.

[94]  Martín Abadi,et al.  A Bisimulation Method for Cryptographic Protocols , 1998, Nord. J. Comput..

[95]  Robin Milner An Action Structure for Synchronous pi-Calculus , 1993, FCT.

[96]  Gilles Barthe,et al.  Formal Certification of ElGamal Encryption A Gentle Introduction to CertiCrypt , 2009 .

[97]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[98]  Benjamin Grégoire,et al.  Beyond Provable Security Verifiable IND-CCA Security of OAEP , 2011, CT-RSA.

[99]  Michael Backes,et al.  Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[100]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[101]  Vincent Cheval,et al.  Trace equivalence decision: negative tests and non-determinism , 2011, CCS '11.

[102]  Stefania Gnesi,et al.  FME 2003: Formal Methods: International Symposium of Formal Methods Europe, Pisa, Italy, September 8-14, 2003. Proceedings , 2003, Lecture Notes in Computer Science.

[103]  Yannick Chevalier,et al.  An NP decision procedure for protocol insecurity with XOR , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[104]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[105]  Jan Jürjens,et al.  Security Analysis of Crypto-based Java Programs using Automated Theorem Provers , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[106]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[107]  Véronique Cortier,et al.  New Decidability Results for Fragments of First-Order Logic and Application to Cryptographic Protocols , 2003, RTA.

[108]  David Pointcheval,et al.  Automated Security Proofs with Sequences of Games , 2006, CRYPTO.

[109]  Aggelos Kiayias,et al.  Topics in Cryptology - CT-RSA 2011 - The Cryptographers' Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings , 2011, CT-RSA.

[110]  Uwe Nestmann,et al.  Symbolic Bisimulation in the Spi Calculus , 2004, CONCUR.

[111]  Benjamin Grégoire,et al.  A Machine-Checked Formalization of Sigma-Protocols , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[112]  Michael Backes,et al.  Computational Soundness of Symbolic Zero-Knowledge Proofs Against Active Attackers , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[113]  Peeter Laud,et al.  Computationally sound secrecy proofs by mechanized flow analysis , 2006, CCS '06.

[114]  J. MeseguerComputer Protocol Speci cation and Analysis in Maude , 1998 .

[115]  Yannick Chevalier,et al.  Deciding the Security of Protocols with Diffie-Hellman Exponentiation and Products in Exponents , 2003, FSTTCS.

[116]  Mark Ryan,et al.  Symbolic bisimulation for the applied pi calculus , 2007, J. Comput. Secur..

[117]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[118]  John C. Mitchell,et al.  A Compositional Logic for Proving Security Properties of Protocols , 2003, J. Comput. Secur..

[119]  Michael Backes,et al.  Computationally sound verification of source code , 2010, CCS '10.

[120]  Vitaly Shmatikov,et al.  Intruder deductions, constraint solving and insecurity decision in presence of exclusive or , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[121]  Ios Press Embedding agents within the intruder to detect parallel attacks , 2004 .

[122]  Graham Steel,et al.  Formal Analysis of Protocols Based on TPM State Registers , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[123]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[124]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[125]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[126]  Mathieu Baudet,et al.  Sécurité des protocoles cryptographiques : aspects logiques et calculatoires. (Security of cryptographic protocols : logical and computational aspects) , 2007 .

[127]  Mark Ryan,et al.  StatVerif: Verification of Stateful Processes , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[128]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[129]  Yannick Chevalier,et al.  A tool for lazy verification of security protocols , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[130]  Agostino Cortesi,et al.  Causality-based Abstraction of Multiplicity in Security Protocols , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[131]  Jean Goubault-Larrecq A Method for Automatic Cryptographic Protocol Verification ( Extended , 2000 .

[132]  Pascal Lafourcade,et al.  Towards automated proofs for asymmetric encryption schemes in the random oracle model , 2008, CCS.

[133]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[134]  Erik Poll,et al.  Verifying an implementation of SSH , 2007 .

[135]  Bernhard Rumpe,et al.  SOFSEM 2010: Theory and Practice of Computer Science, 36th Conference on Current Trends in Theory and Practice of Computer Science, Spindleruv Mlýn, Czech Republic, January 23-29, 2010. Proceedings , 2010, SOFSEM.

[136]  Jan Jürjens,et al.  Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[137]  Jonathan Herzog,et al.  Soundness of Formal Encryption in the Presence of Key-Cycles , 2005, ESORICS.

[138]  Michael Backes,et al.  CoSP: a general framework for computational soundness proofs , 2009, CCS.

[139]  Véronique Cortier,et al.  Computational soundness of observational equivalence , 2008, CCS.

[140]  Véronique Cortier,et al.  Tree automata with one memory set constraints and cryptographic protocols , 2005, Theor. Comput. Sci..

[141]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[142]  Birgit Pfitzmann,et al.  Relating Symbolic and Cryptographic Secrecy , 2005, IEEE Trans. Dependable Secur. Comput..

[143]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[144]  Yassine Lakhnech,et al.  Pattern-based abstraction for verifying secrecy in protocols , 2005, International Journal on Software Tools for Technology Transfer.

[145]  Bruno Blanchet Security protocols: from linear to classical logic by abstract interpretation , 2005, Inf. Process. Lett..

[146]  Andrew D. Gordon,et al.  Verified Interoperable Implementations of Security Protocols , 2006, CSFW.

[147]  Marie Duflot,et al.  Bounding Messages for Free in Security Protocols , 2007, FSTTCS.

[148]  Carl A. Gunter,et al.  WSEmail: secure Internet messaging based on Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[149]  John C. Mitchell,et al.  Undecidability of bounded security protocols , 1999 .

[150]  Peeter Laud,et al.  A User Interface for a Game-Based Protocol Verification Tool , 2009, Formal Aspects in Security and Trust.

[151]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[152]  Véronique Cortier,et al.  Computationally Sound, Automated Proofs for Security Protocols , 2005, ESOP.

[153]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[154]  Reynald Affeldt,et al.  Certifying Assembly with Formal Cryptographic Proofs: the Case of BBS , 2009, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[155]  Hans Hüttel,et al.  Deciding Framed Bisimilarity , 2003, INFINITY.

[156]  Flavio D. Garcia,et al.  Computational Soundness of Non-Malleable Commitments , 2008, ISPEC.

[157]  Frédéric Cuppens,et al.  Computer Security - ESORICS 2000 , 2000, Lecture Notes in Computer Science.

[158]  Akinori Yonezawa,et al.  Software Security — Theories and Systems , 2003, Lecture Notes in Computer Science.

[159]  John C. Mitchell,et al.  Computationally sound compositional logic for key exchange protocols , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[160]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[161]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[162]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[163]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[164]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[165]  Giuseppe Milicia,et al.  ?-Spaces: Programming Security Protocols , 2002 .

[166]  Martín Abadi,et al.  Computer-Assisted Verification of a Protocol for Certified Email , 2003, SAS.

[167]  Jonathan K. Millen,et al.  The Interrogator model , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[168]  Benjamin Grégoire,et al.  Formally Certifying the Security of Digital Signature Schemes , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[169]  Véronique Cortier,et al.  Deciding Key Cycles for Security Protocols , 2006, LPAR.

[170]  Peeter Laud,et al.  Symmetric encryption in automatic analyses for confidentiality against active adversaries , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[171]  Ran Canetti,et al.  Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols , 2006, TCC.

[172]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[173]  Birgit Pfitzmann,et al.  Symmetric encryption in a simulatable Dolev-Yao style cryptographic library , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[174]  Jean Goubault-Larrecq,et al.  Cryptographic Protocol Analysis on Real C Code , 2005, VMCAI.

[175]  Sanjiva Prasad,et al.  FSTTCS 2007: Foundations of Software Technology and Theoretical Computer Science, 27th International Conference, New Delhi, India, December 12-14, 2007, Proceedings , 2007, FSTTCS.

[176]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[177]  Larry Wos,et al.  What Is Automated Reasoning? , 1987, J. Autom. Reason..

[178]  Varmo Vene,et al.  A Type System for Computationally Secure Information Flow , 2005, FCT.

[179]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[180]  Birgit Pfitzmann,et al.  Key-dependent Message Security under Active Attacks--BRSIM/UC-Soundness of Symbolic Encryption with Key Cycles , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[181]  Véronique Cortier,et al.  Computationally Sound Symbolic Secrecy in the Presence of Hash Functions , 2006, FSTTCS.

[182]  Benjamin Grégoire,et al.  Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[183]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[184]  Ramaswamy Ramanujam,et al.  Tagging Makes Secrecy Decidable with Unbounded Nonces as Well , 2003, FSTTCS.

[185]  Véronique Cortier,et al.  Explicit Randomness is not Necessary when Modeling Probabilistic Encryption , 2006, ICS@SYNASC.

[186]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[187]  Jerry den Hartog,et al.  Formal Verification of Privacy for RFID Systems , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[188]  Bruno Blanchet,et al.  Reconstruction of attacks against cryptographic protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[189]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[190]  Dawn Xiaodong Song,et al.  Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis , 2001, J. Comput. Secur..

[191]  Vitaly Shmatikov,et al.  Constraint solving for bounded-process cryptographic protocol analysis , 2001, CCS '01.

[192]  Jonathan Millen A Necessarily Parallel Attack , 1999 .

[193]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[194]  Peeter Laud,et al.  Application of Dependency Graphs to Security Protocol Analysis , 2007, TGC.

[195]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[196]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[197]  Véronique Cortier,et al.  Security properties: two agents are sufficient , 2004, Sci. Comput. Program..

[198]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[199]  David A. McAllester,et al.  Automated Deduction - CADE-17 , 2000, Lecture Notes in Computer Science.

[200]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[201]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[202]  Andrew William Roscoe,et al.  Proving security protocols with model checkers by data independence techniques , 1999 .

[203]  David Nowak,et al.  On Formal Verification of Arithmetic-Based Cryptographic Primitives , 2009, ICISC.

[204]  Luca Durante,et al.  Spi2Java: automatic cryptographic protocol Java code generation from spi calculus , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[205]  Jérôme Feret Analyse des systèmes mobiles par interprétation abstraite. (Analysis of mobile systems by abstract interpretation) , 2005 .

[206]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[207]  Shai Halevi,et al.  A plausible approach to computer-aided cryptographic proofs , 2005, IACR Cryptol. ePrint Arch..

[208]  Bogdan Warinschi,et al.  Soundness of Formal Encryption in the Presence of Active Adversaries , 2004, TCC.

[209]  Adriano Valenzano,et al.  Automatic testing equivalence verification of spi calculus specifications , 2003, TSEM.

[210]  Jaikumar Radhakrishnan,et al.  FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science , 2004, Lecture Notes in Computer Science.

[211]  Pascal Lafourcade,et al.  Automated Proofs for Asymmetric Encryption , 2010, Journal of Automated Reasoning.

[212]  David Nowak,et al.  A Framework for Game-Based Security Proofs , 2007, ICICS.

[213]  Jean Goubault-Larrecq,et al.  A Method for Automatic Cryptographic Protocol Verification , 2000, IPDPS Workshops.

[214]  Steve Kremer,et al.  Formal Models and Techniques for Analyzing Security Protocols: A Tutorial , 2014, Found. Trends Program. Lang..

[215]  Véronique Cortier,et al.  A composable computational soundness notion , 2011, CCS '11.