Complementing Computational Protocol Analysis with Formal Specifications

The computational proof model of Bellare and Rogaway for cryptographic protocol analysis is complemented by providing a formal specification of the actions of the adversary and the protocol entities. This allows a matching model to be used in both a machine-generated analysis and a human-generated computational proof. Using a protocol of Jakobsson and Pointcheval as a case study, it is demonstrated that flaws in the protocol could have been found with this approach, providing evidence that the combination of human and computer analysis can be more effective than either alone. As well as finding the known flaw, previously unknown flaws in the protocol are discovered by the automatic analysis.

[1]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[2]  Colin Boyd,et al.  Towards a Formal Specification of the Bellare-Rogaway Model for Protocol Analysis , 2002, FASec.

[3]  Joe Kilian Advances in Cryptology — CRYPTO 2001 , 2001, Lecture Notes in Computer Science.

[4]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[5]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[6]  Roland Rieke,et al.  Abstraction and composition: a verification method for co-operating systems , 2000, J. Exp. Theor. Artif. Intell..

[7]  Duncan S. Wong,et al.  Efficient and Mutually Authenticated Key Exchange for Low Power Computing Devices , 2001, ASIACRYPT.

[8]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[9]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[10]  Markus Jakobsson,et al.  Mutual Authentication for Low-Power Mobile Devices , 2002, Financial Cryptography.

[11]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[12]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[13]  Birgit Pfitzmann,et al.  Deriving Cryptographically Sound Implementations Using Composition and Formally Verified Bisimulation , 2002, FME.

[14]  Birgit Pfitzmann,et al.  Cryptographic Security of Reactive Systems Extended Abstract , 2000 .

[15]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[16]  Michael Backes,et al.  Cryptographically Sound and Machine-Assisted Verification of Security Protocols , 2003, STACS.

[17]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.