Vérification de protocoles cryptographiques: la logique à la rescousse!

La vérification de propriétés de sécurité de protocoles cryptographiques est une activité délicate et importante. Après avoir passé en revue les principes de base de cette activité, nous montrerons que la logique du premier ordre permet à la fois une formalisation adéquate des protocoles cryptographiques et de certaines de leurs propriétés les plus courantes (secret, authentication), et se prête bien à des mécanismes d’abstraction automatique qui en permettent une vérification automatique aisée. Le lien entre logique du premier ordre et automates d’arbres y est ici fondamental.

[1]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[2]  Jonathan K. Millen,et al.  Proving secrecy is easy enough , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[3]  John C. Mitchell,et al.  A probabilistic poly-time framework for protocol analysis , 1998, CCS '98.

[4]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[5]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[6]  Nadia Tawbi,et al.  Formal automatic verification of authentication cryptographic protocols , 1997, First IEEE International Conference on Formal Engineering Methods.

[7]  David Monniaux,et al.  Abstracting cryptographic protocols with tree automata , 1999, Sci. Comput. Program..

[8]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[9]  Joachim Steinbach,et al.  SETHEO and E-SETHEO - The CADE-13 Systems , 2004, Journal of Automated Reasoning.

[10]  A. N.A.DurginP.D.LincolnJ.C.Mitchell,et al.  Undecidability of bounded security protocols , 1999 .

[11]  Peter Selinger Models for an adversary-centric protocol logic , 2001, Electron. Notes Theor. Comput. Sci..

[12]  David Maier,et al.  Magic sets and other strange ways to implement logic programs (extended abstract) , 1985, PODS '86.

[13]  Jean Goubault-Larrecq A Method for Automatic Cryptographic Protocol Verification ( Extended , 2000 .

[14]  Gene Tsudik,et al.  Key Agreement in Dynamic Peer Groups , 2000, IEEE Trans. Parallel Distributed Syst..

[15]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[16]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[17]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[18]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[19]  Alan Robinson,et al.  The Inverse Method , 2001, Handbook of Automated Reasoning.

[20]  Thom W. Frühwirth,et al.  Logic programs as types for logic programs , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[21]  Dominique Bolignano,et al.  Towards a Mechanization of Cryptographic Protocal Verification , 1997, CAV.

[22]  Andrei Voronkov Proceedings of the 18th International Conference on Automated Deduction , 2002 .

[23]  William McCune,et al.  OTTER 3.0 Reference Manual and Guide , 1994 .

[24]  Roberto M. Amadio,et al.  On the Reachability Problem in Cryptographic Protocols , 2000, CONCUR.

[25]  Christian G. Fermüller,et al.  Resolution Decision Procedures , 2001, Handbook of Automated Reasoning.

[26]  G. Denker,et al.  CAPSL and MuCAPSL , 2002, Journal of Telecommunications and Information Technology.

[27]  Lawrence C. Paulson,et al.  Mechanized proofs for a recursive authentication protocol , 1997, Proceedings 10th Computer Security Foundations Workshop.

[28]  Catherine A. Meadows,et al.  Applying Formal Methods to the Analysis of a Key Management Protocol , 1992, J. Comput. Secur..

[29]  Michaël Rusinowitch,et al.  Compiling and Verifying Security Protocols , 2000, LPAR.

[30]  Scott D. Stoller A bound on attacks on payment protocols , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[31]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[32]  Bruno Blanchet,et al.  Abstracting Cryptographic Protocols by Prolog Rules , 2001, SAS.

[33]  References , 1971 .

[34]  Andrei Voronkov,et al.  Vampire 1.1 (System Description) , 2001, IJCAR.

[35]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[36]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[37]  Rewriting for Cryptographic Protocol Verification -extended Version - Rewriting for Cryptographic Protocol Veriication -extended Version , 2000 .

[38]  Journal of automated reasoning , 1986 .

[39]  Sujeet Shenoi,et al.  Formal verification of cryptographic protocols , 2001 .

[40]  T. Dierks,et al.  The TLS protocol , 1999 .

[41]  Harald Ganzinger,et al.  Set constraints are the monadic class , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[42]  Dominique Bolignano Towards the formal verification of electronic commerce protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[43]  Jean Goubault-Larrecq,et al.  A Method for Automatic Cryptographic Protocol Verification , 2000, IPDPS Workshops.

[44]  Sophie Tison,et al.  Equality and Disequality Constraints on Direct Subterms in Tree Automata , 1992, STACS.

[45]  Christoph Weidenbach,et al.  Combining Superposition, Sorts and Splitting , 2001, Handbook of Automated Reasoning.

[46]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[47]  Jean Goubault-Larrecq,et al.  Higher-Order Positive Set Constraints , 2002, CSL.

[48]  Wilhelm Ackermann,et al.  Solvable Cases Of The Decision Problem , 1954 .

[49]  Colin Boyd,et al.  Towards formal analysis of security protocols , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[50]  Christoph Weidenbach,et al.  SPASS version 2.0 , 2002 .

[51]  Christoph Weidenbach,et al.  Towards an Automatic Analysis of Security Protocols in First-Order Logic , 1999, CADE.