Security Protocols: Principles and Calculi

This paper is a basic introduction to some of the main themes in the design and analysis of security protocols. It includes a brief explanation of the principles of protocol design and of a formalism for protocol analysis. It is intended as a written counterpart to a tutorial given at the 2006 International School on Foundations of Security Analysis and Design.

[1]  Dominique Bolignano,et al.  Towards a Mechanization of Cryptographic Protocal Verification , 1997, CAV.

[2]  Tuomas Aura,et al.  Strategies against replay attacks , 1997, Proceedings 10th Computer Security Foundations Workshop.

[3]  Manuel Blum,et al.  How to Generate Cryptographically Strong Sequences of Pseudo Random Bits , 1982, FOCS.

[4]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[5]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[6]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[7]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[8]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[9]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[10]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[11]  Andrew D. Gordon,et al.  Verified Reference Implementations of WS-Security Protocols , 2006, WS-FM.

[12]  Peeter Laud,et al.  Secrecy types for a simulatable cryptographic library , 2005, CCS '05.

[13]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[14]  Bruno Blanchet,et al.  From Secrecy to Authenticity in Security Protocols , 2002, SAS.

[15]  Kousha Etessami,et al.  Optimizing Büchi Automata , 2000, CONCUR.

[16]  Simon S. Lam,et al.  Authentification for Distributed Systems , 1992, Computer.

[17]  Jean Goubault-Larrecq,et al.  Cryptographic Protocol Analysis on Real C Code , 2005, VMCAI.

[18]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[19]  Robin Milner,et al.  Theories for the Global Ubiquitous Computer , 2004, FoSSaCS.

[20]  John C. Mitchell,et al.  Probabilistic Bisimulation and Equivalence for Security Analysis of Network Protocols , 2004, FoSSaCS.

[21]  Uwe Nestmann,et al.  Symbolic Bisimulation in the Spi Calculus , 2004, CONCUR.

[22]  Roger M. Needham Logic and over-simplification , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[23]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[24]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[25]  Andreas Podelski,et al.  Verification of cryptographic protocols: tagging enforces termination , 2003, Theor. Comput. Sci..

[26]  Vincent Danos,et al.  Reversible Communicating Systems , 2004, CONCUR.

[27]  Nancy A. Lynch,et al.  I/O automaton models and proofs for shared-key communication systems , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[28]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[29]  John C. Mitchell,et al.  A derivation system and compositional logic for security protocols , 2005, J. Comput. Secur..

[30]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[31]  Björn Victor,et al.  Spi calculus translated to /spl pi/-calculus preserving may-tests , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[32]  Rocco De Nicola,et al.  Proof Techniques for Cryptographic Processes , 2001, SIAM J. Comput..

[33]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[34]  Andrew D. Gordon,et al.  TulaFale: A Security Tool for Web Services , 2003, FMCO.

[35]  Roger M. Needham,et al.  Authentication revisited , 1987, OPSR.

[36]  Roberto M. Amadio,et al.  On the Reachability Problem in Cryptographic Protocols , 2000, CONCUR.

[37]  Björn Victor,et al.  Spi Calculus Translated to --Calculus Preserving May-Tests , 2004, LICS 2004.

[38]  Andrew D. Gordon,et al.  Verifying policy-based security for web services , 2004, CCS '04.

[39]  Peeter Laud,et al.  Symmetric encryption in automatic analyses for confidentiality against active adversaries , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[40]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2008, J. Log. Algebraic Methods Program..

[41]  Carl A. Gunter,et al.  WSEmail: secure Internet messaging based on Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[42]  Martín Abadi,et al.  Computer-assisted verification of a protocol for certified email , 2005, Sci. Comput. Program..

[43]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[44]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[45]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[46]  Roberto M. Amadio,et al.  The Game of the Name in Cryptographic Tables , 1999, ASIAN.

[47]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[48]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[49]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[50]  Andrew D. Gordon,et al.  Provable Implementations of Security Protocols , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[51]  Angelos D. Keromytis,et al.  Just fast keying: Key agreement in a hostile internet , 2004, TSEC.

[52]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[53]  Bruno Blanchet,et al.  A Computationally Sound Mechanized Prover for Security Protocols , 2008, IEEE Transactions on Dependable and Secure Computing.

[54]  John C. Mitchell,et al.  A probabilistic poly-time framework for protocol analysis , 1998, CCS '98.

[55]  Bogdan Warinschi,et al.  Soundness of Formal Encryption in the Presence of Active Adversaries , 2004, TCC.

[56]  Adriano Valenzano,et al.  Automatic testing equivalence verification of spi calculus specifications , 2003, TSEM.

[57]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[58]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[59]  Martín Abadi,et al.  Deciding knowledge in security protocols under equational theories , 2006, Theor. Comput. Sci..

[60]  Martín Abadi,et al.  Private authentication , 2004, Theor. Comput. Sci..

[61]  David Pointcheval,et al.  Automated Security Proofs with Sequences of Games , 2006, CRYPTO.

[62]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[63]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[64]  Jonathan K. Millen,et al.  Three systems for cryptographic protocol analysis , 1994, Journal of Cryptology.

[65]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[66]  Hans Hüttel,et al.  Deciding Framed Bisimilarity , 2003, INFINITY.

[67]  John C. Mitchell,et al.  Protocol Composition Logic (PCL) , 2007, Computation, Meaning, and Logic.

[68]  Paul F. Syverson,et al.  Limitations on design principles for public key protocols , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[69]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[70]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[71]  Pierpaolo Degano,et al.  Flow logic for Dolev-Yao secrecy in cryptographic processes , 2002, Future Gener. Comput. Syst..

[72]  James W. Gray,et al.  Provable security for cryptographic protocols-exact analysis and engineering applications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[73]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[74]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[75]  Mathieu Baudet,et al.  Sécurité des protocoles cryptographiques : aspects logiques et calculatoires. (Security of cryptographic protocols : logical and computational aspects) , 2007 .

[76]  Uwe Nestmann,et al.  On Bisimulations for the Spi Calculus , 2002, AMAST.

[77]  Ross J. Anderson,et al.  Robustness Principles for Public Key Protocols , 1995, CRYPTO.

[78]  Steve A. Schneider Security properties and CSP , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[79]  P. S. Thiagarajan,et al.  Advances in Computing Science — ASIAN’99 , 1999, Lecture Notes in Computer Science.

[80]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[81]  Adriano Valenzano,et al.  A State-Exploration Technique for Spi-Calculus Testing Equivalence Verification , 2000, FORTE.

[82]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[83]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[84]  Martín Abadi,et al.  Just fast keying in the pi calculus , 2004, TSEC.

[85]  David Monniaux Abstracting cryptographic protocols with tree automata , 2003, Sci. Comput. Program..

[86]  Vitaly Shmatikov,et al.  Finite-State Analysis of SSL 3.0 , 1998, USENIX Security Symposium.

[87]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[88]  Bruno Blanchet,et al.  Automatic proof of strong secrecy for security protocols , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[89]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.