Mechanized Proofs of Security Protocols: Needham-Schroeder with Public Keys

The inductive approach to verifying security protocols, previously applied to shared-key encryption [8], is here applied to the public key version of the Needham-Schroeder protocol. As before, mechanized proofs are performed using Isabelle/HOL. Both the original, flawed version and Lowe’s improved version are studied; the properties proved highlight the distinctions between the two versions. The results are compared with previous analyses of the same protocol. The analysis reported below required only 30 hours of the author’s time. The proof scripts execute in under three minutes.

[1]  Martín Abadi,et al.  Prudent engineering practice for cryptographic protocols , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Catherine A. Meadows,et al.  Analyzing the Needham-Schroeder Public-Key Protocol: A Comparison of Two Approaches , 1996, ESORICS.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Lawrence Charles Paulson,et al.  Isabelle: A Generic Theorem Prover , 1994 .

[5]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[6]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[7]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[8]  G. Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol using CSP and FDR , 1996 .

[9]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[10]  Steve A. Schneider,et al.  Using CSP for protocol analysis: the Needham-Schroeder Public-Key Protocol , 1996 .