A calculus for cryptographic protocols: the spi calculus

We introduce the spi calculus, an extension of the pi calculus designed for describing and analyzing cryptographic protocols. We show how to use the spi calculus, particularly for studying authentication protocols. The pi calculus (without extension) suffices for some abstract protocols; the spi calculus enables us to consider cryptographic issues in more detail. We represent protocols as processes in the spi calculus and state their security properties in terms of coarse-grained notions of protocol equivalence. ] 1999 Academic Press

[1]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[2]  Jonathan K. Millen,et al.  The Interrogator: Protocol Secuity Analysis , 1987, IEEE Transactions on Software Engineering.

[3]  Martín Abadi,et al.  A Bisimulation Method for Cryptographic Protocols , 1998, Nord. J. Comput..

[4]  Davide Sangiorgi,et al.  On the bisimulation proof method , 1998, Mathematical Structures in Computer Science.

[5]  James W. Gray,et al.  Using temporal logic to specify and verify cryptographic protocols , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[6]  Robin Milner,et al.  Functions as processes , 1990, Mathematical Structures in Computer Science.

[7]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[8]  D SchroederMichael,et al.  Using encryption for authentication in large networks of computers , 1978 .

[9]  Jonathan K. Millen,et al.  The Interrogator model , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[10]  Paul Pettersson,et al.  Tools and Algorithms for the Construction and Analysis of Systems: 28th International Conference, TACAS 2022, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022, Munich, Germany, April 2–7, 2022, Proceedings, Part II , 1998, TACAS.

[11]  Andrew D. Gordon Bisimilarity as a theory of functional programming , 1995, MFPS.

[12]  Rocco De Nicola,et al.  Testing Equivalences for Processes , 1984, Theor. Comput. Sci..

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  Rocco De Nicola,et al.  Testing Equivalence for Mobile Processes , 1995, Inf. Comput..

[15]  C. K. R. T. Jones,et al.  The ϱ-Calculus , 1981, Math. Log. Q..

[16]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[17]  Martín Abadi,et al.  Authentication in distributed systems: theory and practice , 1991, SOSP '91.

[18]  Davide Sangiorgi,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[19]  Martín Abadi,et al.  Prudent engineering practice for cryptographic protocols , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[20]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[21]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[22]  B. Pierce,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[23]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[24]  Gérard Berry,et al.  The chemical abstract machine , 1989, POPL '90.

[25]  Yu. A. Gur'yan,et al.  Parts I and II , 1982 .

[26]  Steve A. Schneider Security properties and CSP , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[27]  Proceedings of the Royal Society (London) , 1906, Science.

[28]  Catherine A. Meadows,et al.  Applying Formal Methods to the Analysis of a Key Management Protocol , 1992, J. Comput. Secur..

[29]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[30]  Robin Milner,et al.  Barbed Bisimulation , 1992, ICALP.

[31]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[32]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[33]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[34]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[35]  Armin Liebl,et al.  Authentication in distributed systems: a bibliography , 1993, OPSR.

[36]  Davide Sangiorgi,et al.  Expressing mobility in process algebras : first-order and higher-order paradigms , 1993 .

[37]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[38]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[39]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[40]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[41]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[42]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[43]  Wenbo Mao,et al.  On two proposals for on-line bankcard payments using open networks: problems and solutions , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[44]  Martín Abadi,et al.  Reasoning about Cryptographic Protocols in the Spi Calculus , 1997, CONCUR.

[45]  AbadiMartín Secrecy by typing in security protocols , 1999 .

[46]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[47]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[48]  Richard A. Kemmerer,et al.  Analyzing encryption protocols using formal verification techniques , 1989, IEEE J. Sel. Areas Commun..