Formal Verification of Cryptographic Protocols: A Survey

In this paper we give a survey of the state of the art in the application of formal methods to the analysis of cryptographic protocols. We attempt to outline some of the major threads of research in this area, and also to document some emerging trends. ...

[1]  Catherine A. Meadows Representing partial knowledge in an algebraic security model , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[2]  Richard M. Karp,et al.  On the Security of Ping-Pong Protocols , 1982, Inf. Control..

[3]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[4]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[5]  Virgil D. Gligor,et al.  On the Security Effectiveness of Cryptographic Protocols , 1995 .

[6]  Martín Abadi,et al.  Rejoinder to Nessett , 1990, OPSR.

[7]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Paul F. Syverson,et al.  Knowledge, Belief, and Semantics in the Analysis of Cryptographic Protocols , 1992, J. Comput. Secur..

[10]  F SyversonPaul Knowledge, Belief, and Semantics in the Analysis of Cryptographic Protocols , 1992 .

[11]  Raphael Yahalom Optimality of Asynchronous Two-Party Secure Data-Exchange Protocols , 1993, J. Comput. Secur..

[12]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[13]  Jonathan K. Millen,et al.  The Interrogator: Protocol Secuity Analysis , 1987, IEEE Transactions on Software Engineering.

[14]  P. Venkat Rangan,et al.  An axiomatic basis of trust in distributed systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[15]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[16]  Richard A. Kemmerer,et al.  Analyzing encryption protocols using formal verification techniques , 1989, IEEE J. Sel. Areas Commun..

[17]  Richard M. Karp,et al.  On the Security of Ping-Pong Protocols , 1982, Information and Control.

[18]  Adi Shamir,et al.  On the Security of Ping-Pong Protocols when Implemented using the RSA , 1985, CRYPTO.

[19]  J. Doug Tygar,et al.  A Model for Secure Protocols and Their Compositions , 1996, IEEE Trans. Software Eng..

[20]  Ulf Carlsen Generating formal cryptographic protocol specifications , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[21]  Catherine A. Meadows,et al.  A system for the specification and analysis of key management protocols , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[22]  Gustavus J. Simmons,et al.  A Software Protection Scheme , 1982, 1982 IEEE Symposium on Security and Privacy.

[23]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[24]  Jerome H. Saltzer,et al.  Reducing risks from poorly chosen keys , 1989, SOSP '89.

[25]  Marie-Jeanne Toussaint Separating the Specification and Implementation Phases in Cryptology , 1992, ESORICS.

[26]  Virgil D. Gligor,et al.  On message integrity in cryptographic protocols , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[27]  Catherine A. Meadows,et al.  A model of computation for the NRL Protocol Analyzer , 1994, Proceedings The Computer Security Foundations Workshop VII.

[28]  Dennis Longley,et al.  An automatic search for security flaws in key management schemes , 1992, Comput. Secur..

[29]  Catherine A. Meadows,et al.  A logical language for specifying cryptographic protocol requirements , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[30]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[31]  K. Mani Chandy,et al.  Asynchronous distributed simulation via a sequence of parallel computations , 1981, CACM.

[32]  Marie-Jeanne Toussaint Deriving the Complete Knowledge of Participants in Cryptographic Protocols (Extended Abstract) , 1991, CRYPTO.

[33]  Richard A. Kemmerer Using Formal Methods to Analyze Encryption Protocols , 1989 .

[34]  Paul F. Syverson Formal semantics for logics of cryptographic protocols , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[35]  Gustavus J. Simmons,et al.  Overview of Interactive Proof Systems and ZeroKnowledge , 1992 .

[36]  Ashar Aziz,et al.  Privacy and authentication for wireless local area networks , 1994, IEEE Personal Communications.

[37]  Catherine A. Meadows,et al.  Formal Requirements for Key Distribution Protocols , 1994, EUROCRYPT.

[38]  Thomas Beth,et al.  Trust relationships in secure systems-a distributed authentication perspective , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[39]  Chris J. Mitchell,et al.  A security scheme for resource sharing over a network , 1990, Comput. Secur..

[40]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[41]  Birgit Pfitzmann,et al.  Sorting out signature schemes , 1993, CCS '93.

[42]  Dan M. Nessett,et al.  A critique of the Burrows, Abadi and Needham logic , 1990, OPSR.

[43]  Louise E. Moser,et al.  A logic of knowledge and belief for reasoning about computer security , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[44]  Catherine A. Meadows,et al.  Applying Formal Methods to the Analysis of a Key Management Protocol , 1992, J. Comput. Secur..

[45]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[46]  Pierre Bieber,et al.  A logic of communication in hostile environment , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[47]  Paul F. Syverson Adding time to a logic of authentication , 1993, CCS '93.

[48]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[49]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[50]  Gustavus J. Simmons,et al.  How to (Selectively) Broadcast A Secret , 1985, 1985 IEEE Symposium on Security and Privacy.