The CL-Atse Protocol Analyser

This paper presents an overview of the CL-Atse tool, an efficient and versatile automatic analyser for the security of cryptographic protocols. CL-Atse takes as input a protocol specified as a set of rewriting rules (IF format, produced by the AVISPA compiler), and uses rewriting and constraint solving techniques to model all reachable states of the participants and decide if an attack exists w.r.t. the Dolev-Yao intruder. Any state-based security property can be modelled (like secrecy, authentication, fairness, etc...), and the algebraic properties of operators like xor or exponentiation are taken into account with much less limitations than other tools, thanks to a complete modular unification algorithm. Also, useful constraints like typing, inequalities, or shared sets of knowledge (with set operations like removes, negative tests, etc...) can also be analysed.

[1]  Yannick Chevalier,et al.  Deciding the Security of Protocols with Diffie-Hellman Exponentiation and Products in Exponents , 2003, FSTTCS.

[2]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[3]  Vitaly Shmatikov,et al.  Symbolic protocol analysis with products and Diffie-Hellman exponentiation , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[4]  Olga Kouchnarenko,et al.  Automatic Verification of Security Protocols Using Approximations , 2005 .

[5]  Yannick Chevalier,et al.  A tool for lazy verification of security protocols , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[6]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[7]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[8]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[9]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[10]  Catherine A. Meadows Open Issues in Formal Methods for Cryptographic Protocol Analysis , 2001, MMM-ACNS.

[11]  Michele Boreale,et al.  Symbolic Trace Analysis of Cryptographic Protocols , 2001, ICALP.

[12]  Sandro Etalle,et al.  An Improved Constraint-Based System for the Verification of Security Protocols , 2002, SAS.

[13]  Franz Baader,et al.  Unification in the Union of Disjoint Equational Theories: Combining Decision Procedures , 1992, CADE.

[14]  Jaikumar Radhakrishnan,et al.  FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science , 2004, Lecture Notes in Computer Science.

[15]  Franz Baader,et al.  Unification in the Union of Disjoint Equational Theories: Combining Decision Procedures , 1992, CADE.

[16]  Alessandro Armando,et al.  An Optimized Intruder Model for SAT-based Model-Checking of Security Protocols , 2005, ARSPA@IJCAR.

[17]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[18]  Roberto M. Amadio,et al.  On the symbolic reduction of processes with cryptographic functions , 2003, Theor. Comput. Sci..

[19]  Yannick Chevalier,et al.  An NP decision procedure for protocol insecurity with XOR , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..