An Improved Constraint-Based System for the Verification of Security Protocols

We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov [30]. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect flaws associated to partial runs and (3) a more expressive syntax, in which a principal may also perform explicit checks. In this paper we also show why these improvements yield a more effective and practical system.

[1]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[2]  Jonathan K. Millen,et al.  The Interrogator: Protocol Secuity Analysis , 1987, IEEE Transactions on Software Engineering.

[3]  J. W. Lloyd,et al.  Foundations of logic programming; (2nd extended ed.) , 1987 .

[4]  John Wylie Lloyd,et al.  Foundations of Logic Programming , 1987, Symbolic Computation.

[5]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[6]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[7]  Catherine A. Meadows,et al.  Formal Verification of Cryptographic Protocols: A Survey , 1994, ASIACRYPT.

[8]  A. W. Roscoe Modelling and verifying key-exchange protocols using CSP and FDR , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[9]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[10]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[11]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[12]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[13]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[14]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[15]  Krzysztof R. Apt,et al.  From logic programming to Prolog , 1996, Prentice Hall International series in computer science.

[16]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[17]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[18]  Dieter Gollmann,et al.  An efficient non-repudiation protocol , 1997, Proceedings 10th Computer Security Foundations Workshop.

[19]  Lawrence C. Paulson Mechanized Proofs of Security Protocols: Needham-Schroeder with Public Keys , 1997 .

[20]  J. MeseguerComputer Protocol Speci cation and Analysis in Maude , 1998 .

[21]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[22]  Lawrence C. Paulson,et al.  Kerberos Version 4: Inductive Analysis of the Secrecy Goals , 1998, ESORICS.

[23]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[24]  Antti Huima Efficient Infinite-State Analysis of Security Protocols , 1999 .

[25]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[26]  David A. Basin Lazy Infinite-State Analysis of Security Protocols , 1999, CQRE.

[27]  Peter Y. A. Ryan,et al.  The modelling and analysis of security protocols: the csp approach , 2000 .

[28]  Michaël Rusinowitch,et al.  Compiling and Verifying Security Protocols , 2000, LPAR.

[29]  John C. Mitchell,et al.  Relating strands and multiset rewriting for security protocol analysis , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[30]  Fabio Massacci,et al.  Verifying security protocols as planning in logic programming , 2001, ACM Trans. Comput. Log..

[31]  Sandro Etalle,et al.  Proof Theory, Transformations, and Logic Programming for Debugging Security Protocols , 2001, LOPSTR.

[32]  Martín Abadi,et al.  Computing symbolic models for verifying cryptographic protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[33]  Yannick Chevalier,et al.  A tool for lazy verification of security protocols , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[34]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[35]  Michael Goldsmith,et al.  Modelling and analysis of security protocols , 2001 .

[36]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[37]  Yannick Chevalier,et al.  Towards Efficient Automated Verification of Security Protocols , 2001 .

[38]  Dawn Xiaodong Song,et al.  Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis , 2001, J. Comput. Secur..

[39]  Vitaly Shmatikov,et al.  Constraint solving for bounded-process cryptographic protocol analysis , 2001, CCS '01.

[40]  Michele Boreale,et al.  Symbolic Trace Analysis of Cryptographic Protocols , 2001, ICALP.

[41]  Martín Abadi,et al.  Analyzing security protocols with secrecy types and logic programs , 2002, POPL '02.

[42]  Martín Abadi,et al.  Secrecy types for asymmetric communication , 2001, Theor. Comput. Sci..

[43]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.