A formal semantics for protocol narrations

Protocol narrations are a widely-used informal means to describe, in an idealistic manner, the functioning of cryptographic protocols as a single intended sequence of cryptographic message exchanges among the protocol's participants. Protocol narrations have also been informally ''turned into'' a number of formal protocol descriptions, e.g., using the spi-calculus. In this paper, we propose a direct formal operational semantics for protocol narrations that fixes a particular and, as we argue, well-motivated interpretation on how the involved protocol participants are supposed to execute. Based on this semantics, we explain and formally justify a natural and precise translation of narrations into spi-calculus. An optimised translation has been implemented in OCaml, and we report on case studies that we have carried out using the tool.

[1]  Flemming Nielson,et al.  Static validation of security protocols , 2005, J. Comput. Secur..

[2]  Sebastian Mödersheim,et al.  An On-the-Fly Model-Checker for Security Protocol Analysis , 2003, ESORICS.

[3]  Joshua D. Guttman,et al.  Authentication tests and the structure of bundles , 2002, Theor. Comput. Sci..

[4]  Luca Viganò,et al.  On the semantics of Alice&Bob specifications of security protocols , 2006 .

[5]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[6]  Glynn Winskel,et al.  Composing Strand Spaces , 2002 .

[7]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[8]  Glynn Winskel,et al.  Events in security protocols , 2001, CCS '01.

[9]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[10]  N. Asokan,et al.  Asynchronous protocols for optimistic fair exchange , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[11]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[12]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[13]  Uwe Nestmann,et al.  Symbolic Bisimulation in the Spi Calculus , 2004, CONCUR.

[14]  Flemming Nielson,et al.  Automatic validation of protocol narration , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[15]  Michaël Rusinowitch,et al.  Compiling and Verifying Security Protocols , 2000, LPAR.

[16]  Joshua D. Guttman,et al.  Protocol independence through disjoint encryption , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[17]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[18]  Gavin Lowe Casper: a compiler for the analysis of security protocols , 1998 .

[19]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[20]  Luca Viganò,et al.  Deconstructing Alice and Bob , 2005, ARSPA@ICALP.

[21]  Joshua D. Guttman,et al.  Mixed strand spaces , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[22]  Cas J. F. Cremers,et al.  Operational Semantics of Security Protocols , 2003, Scenarios: Models, Transformations and Tools.