Fast automatic synthesis of security protocols using backward search

An automatic security protocol generator is proposed that used logic-based synthesis rules to guide it in a backward search for suitable protocols from protocol goals. The approach taken is unlike existing automatic protocol generators which typically carry out a forward search for candidate protocols from the protocol assumptions. A prototype generator has been built that performs well in the automatic generation of authentication and key exchange protocols.

[1]  Joshua D. Guttman,et al.  Authentication tests , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[2]  Lawrence C. Paulson On two formal analyses of the Yahalom protocol , 1997 .

[3]  Tuomas Aura,et al.  Strategies against replay attacks , 1997, Proceedings 10th Computer Security Foundations Workshop.

[4]  Dawn Xiaodong Song,et al.  Looking for diamonds in the desert - extending automatic protocol generation to three-party authentication and key agreement protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[5]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[6]  Levente Buttyán,et al.  A simple logic for authentication protocol design , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[7]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[8]  A. W. Roscoe Intensional specifications of security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[9]  Jeannette M. Wing,et al.  Theory generation for security protocols , 1999 .

[10]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[11]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  John A. Clark,et al.  Searching for a solution: engineering tradeoffs and the evolution of provably secure protocols , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[13]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[14]  Martín Abadi,et al.  Prudent engineering practice for cryptographic protocols , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[15]  Ulf Carlsen Optimal privacy and authentication on a portable communications system , 1994, OPSR.

[16]  Lawrence C. Paulson,et al.  Relations Between Secrets: Two Formal Analyses of the Yahalom Protocol , 2001, J. Comput. Secur..

[17]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[18]  Joshua D. Guttman,et al.  Security protocol design via authentication tests , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[19]  Dawn Xiaodong Song Athena: a new efficient automatic checker for security protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[20]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[21]  Paul Syverson,et al.  A Taxonomy of Replay Attacks , 1994 .

[22]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).