Automatic verification of correspondences for security protocols

Journal of Computer Security

Volumn 17, Issue 4, 2009, Pages 363-434

  Blanchet, Bruno ^a  

^a ECOLE NORMALE SUPÉRIEURE   (France)

Author keywords

Authentication; Automatic verification; Cryptography; Formal methods; Horn clauses; Security protocols

Indexed keywords

ABSTRACT REPRESENTATION; AUTOMATIC VERIFICATION; CRYPTOGRAPHIC PRIMITIVES; HORN CLAUSE; HORN CLAUSES; PI CALCULUS; SECURITY PROTOCOLS;

AUTHENTICATION; CRYPTOGRAPHY; FORMAL METHODS; LOGIC PROGRAMMING; NETWORK SECURITY;

NETWORK PROTOCOLS;

EID: 68249091950     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2009-0339     Document Type: Article

References (74)

1. M. Abadi and B. Blanchet, Analyzing security protocols with secrecy types and logic programs, Journal of the ACM 52(1) (2005), 102-146.
2. M. Abadi and B. Blanchet, Computer-assisted verification of a protocol for certified email, Science of Computer Programming, Special issue SAS'03 58(1/2) (2005), 3-27.
3. M. Abadi, B. Blanchet and C. Fournet, Just fast keying in the pi calculus, ACM Transactions on Information and System Security (TISSEC) 10(3) (2007), 1-59.
4. M. Abadi and C. Fournet, Mobile values, new names, and secure communication, in: 28th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'01), ACM Press, London, UK, 2001, pp. 104-115.
5. M. Abadi and R. Needham, Prudent engineering practice for cryptographic protocols, IEEE Transactions on Software Engineering 22(1) (1996), 6-15.
6. X. Allamigeon and B. Blanchet, Reconstruction of attacks against cryptographic protocols, in: 18th IEEE Computer Security Foundations Workshop (CSFW-18), Aix-en-Provence, France, June 2005, IEEE, 2005, pp. 140-154.
7. R. Amadio and S. Prasad, The game of the name in cryptographic tables, in: Advances in Computing Science - ASIAN'99, P.S. Thiagarajan and R. Yap, eds, Phuket, Thailand, December 1999, Lecture Notes on Computer Science, Vol. 1742, Springer, 1999, pp. 15-27.
8. R. Anderson and R. Needham, Programming Satan's computer, in: Computer Science Today: Recent Trends and Developments, J. van Leeuven, ed., Lecture Notes on Computer Science, Vol. 1000, Springer, 1995, pp. 426-440.
9. L. Bachmair and H. Ganzinger, Resolution theorem proving, in: Handbook of Automated Reasoning, Vol. 1, Chapter 2, A. Robinson and A. Voronkov, eds, North-Holland, 2001, pp. 19-100.
10. M. Backes, A. Cortesi and M. Maffei, Causality-based abstraction of multiplicity in security protocols, in: 20th IEEE Computer Security Foundations Symposium (CSF'07), Venice, Italy, July 2007, IEEE, 2007, pp. 355-369.
11. M. Bellare and P. Rogaway, Entity authentication and key distribution, in: Advances in Cryptology - CRYPTO 1993, Santa Barbara, CA, August 1993, D.R. Stinson, ed., Lecture Notes on Computer Science, Vol. 773, Springer, 1993, pp. 232-249.
12. K. Bhargavan, C. Fournet, A.D. Gordon and R. Pucella, TulaFale: A security tool for web services, in: Formal Methods for Components and Objects (FMCO 2003), Leiden, The Netherlands, November 2003, Lecture Notes on Computer Science, Vol. 3188, Springer, 2003, pp. 197-222. Paper and tool available at http://securing.ws/.
13. B. Blanchet, An efficient cryptographic protocol verifier based on Prolog rules, in: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, NS, Canada, June 2001, IEEE Computer Society, 2001, pp. 82-96.
14. B. Blanchet, From secrecy to authenticity in security protocols, in: 9th International Static Analysis Symposium (SAS'02), Madrid, Spain, September 2002, M. Hermenegildo and G. Puebla, eds, Lecture Notes on Computer Science, Vol. 2477, Springer, 2002, pp. 342-359.
15. B. Blanchet, Automatic proof of strong secrecy for security protocols, in: IEEE Symposium on Security and Privacy, Oakland, CA, May 2004, pp. 86-100.
16. B. Blanchet, Automatic proof of strong secrecy for security protocols, Technical Report MPI-I-2004-NWG1-001, Max-Planck-Institut für Informatik, Saarbrücken, Germany, July 2004.
17. B. Blanchet, Security protocols: From linear to classical logic by abstract interpretation, Information Processing Letters 95(5) (2005), 473-479.
18. B. Blanchet, Automatic verification of correspondences for security protocols, Report arXiv:0802.3444v1, 2008; available at: http://arxiv.org/abs/ 0802.3444v1.
19. B. Blanchet, M. Abadi and C. Fournet, Automated verification of selected equivalences for security protocols, Journal of Logic and Algebraic Programming 75(1) (2008), 3-51.
20. B. Blanchet and A. Chaudhuri, Automated formal analysis of a protocol for secure file sharing on untrusted storage, in: IEEE Symposium on Security and Privacy, Oakland, CA, May 2008, IEEE, 2008, pp. 417-431.
21. B. Blanchet and A. Podelski, Verification of cryptographic protocols: Tagging enforces termination, Theoretical Computer Science, Special issue FoSSaCS'03 333(1/2) (2005), 67-90.
22. C. Bodei, M. Buchholtz, P. Degano, F. Nielson and H.R. Nielson, Static validation of security protocols, Journal of Computer Security 13(3) (2005), 347-390.
23. P. Broadfoot, G. Lowe and B. Roscoe, Automating data independence, in: 6th European Symposium on Research in Computer Security (ESORICS 2000), Toulouse, France, October 2000, Lecture Notes on Computer Science, Vol. 1895, Springer, 2000, pp. 175-190.
24. P.J. Broadfoot and A.W. Roscoe, Embedding agents within the intruder to detect parallel attacks, Journal of Computer Security 12(3/4) (2004), 379-408.
25. M. Bugliesi, R. Focardi and M. Maffei, Analysis of typed analyses of authentication protocols, in: Proc. 18th IEEE Computer Security Foundations Workshop (CSFW'05), Aix-en-Provence, France, June 2005, IEEE Computer Society Press, 2005, pp. 112-125.
26. M. Bugliesi, R. Focardi and M. Maffei, Dynamic types for authentication, Journal of Computer Security 15(6) (2007), 563-617.
27. M. Burrows, M. Abadi and R. Needham, A logic of authentication, Proceedings of the Royal Society of London A 426 (1989), 233-271. (A preliminary version appeared as Digital Equipment Corporation Systems Research Center Report No. 39, February 1989.)
28. Y. Chevalier, R. Küsters, M. Rusinowitch and M. Turuani, Deciding the security of protocols with Diffie-Hellman exponentiation and products in exponents, in: FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science, 23rd Conference, Mumbai, India, December 2003, P.K. Pandya and J. Radhakrishnan, eds, Lecture Notes on Computer Science, Vol. 2914, Springer, 2003, pp. 124-135.
29. Y. Chevalier, R. Küsters, M. Rusinowitch and M. Turuani, An NP decision procedure for protocol insecurity with XOR, Theoretical Computer Science 338(1-3) (2005), 247-274.
30. J. Clark and J. Jacob, A survey of authentication protocol literature: Version 1.0, Technical report, Department of Computer Science, University of York, November 1997.
31. E. Cohen, First-order verification of cryptographic protocols, Journal of Computer Security 11(2) (2003), 189-216.
32. H. Comon-Lundh and V. Shmatikov, Intruder deductions, constraint solving and insecurity decision in presence of exclusive or, in: Symposium on Logic in Computer Science (LICS'03), Ottawa, ON, Canada, June 2003, IEEE Computer Society, 2003, pp. 271-280.
33. V. Cortier, J. Millen and H. Rueß, Proving secrecy is easy enough, in: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, NS, Canada, June 2001, IEEE Computer Society, 2001, pp. 97-108.
34. C.J.F. Cremers, Scyther - Semantics and verification of security protocols, PhD dissertation, Eindhoven University of Technology, November 2006.
35. A. Datta, A. Derek, J.C. Mitchell and D. Pavlovic, A derivation system and compositional logic for security protocols, Journal of Computer Security 13(3) (2005), 423-482.
36. H. de Nivelle, Ordering refinements of resolution, PhD thesis, Technische Universiteit Delft, October 1995.
37. M. Debbabi, M. Mejri, N. Tawbi and I. Yahmadi, A new algorithm for the automatic verification of authentication protocols: From specifications to flaws and attack scenarios, in: DIMACS Workshop on Design and Formal Verification of Security Protocols, Rutgers University, New Jersey, September 1997.
38. D.E. Denning and G.M. Sacco, Timestamps in key distribution protocols, Commun. ACM 24(8) (1981), 533-536.
39. W. Diffie and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory IT-22(6) (1976), 644-654.
40. D. Dolev and A.C. Yao, On the security of public key protocols, IEEE Transactions on Information Theory IT-29(12) (1983), 198-208.
41. A. Durante, R. Focardi and R. Gorrieri, CVS at work: A report on new failures upon some cryptographic protocols, in: Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-ACNS'01), St. Petersburg, Russia, May 2001, V. Gorodetski, V. Skormin and L. Popyack, eds, Lecture Notes on Computer Science, Vol. 2052, Springer, 2001, pp. 287-299.
42. N. Durgin, P. Lincoln, J.C. Mitchell and A. Scedrov, Multiset rewriting and the complexity of bounded security protocols, Journal of Computer Security 12(2) (2004), 247-311.
43. S. Escobar, C. Meadows and J. Meseguer, A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties, Theoretical Computer Science 367(1/2) (2006), 162-202.
44. S. Escobar, C. Meadows and J. Meseguer, Equational cryptographic reasoning in the Maude-NRL protocol analyzer, Electronic Notes in Theoretical Computer Science 171(4) (2007), 23-36.
45. F.J.T. Fábrega, J.C. Herzog and J.D. Guttman, Strand spaces: Proving security protocols correct, Journal of Computer Security 7(2/3) (1999), 191-230.
46. A. Gordon, personal communication.
47. A. Gordon and A. Jeffrey, Typing one-to-one and one-to-many correspondences in security protocols, in: Software Security - Theories and Systems, Mext-NSF-JSPS International Symposium, ISSS 2002, Tokyo, Japan, November 2002, M. Okada, B. Pierce, A. Scedriv, H. Tokuda and A. Yonezawa, eds, Lecture Notes on Computer Science, Vol. 2609, Springer, 2002, pp. 263-282.
48. A. Gordon and A. Jeffrey, Authenticity by typing for security protocols, Journal of Computer Security 11(4) (2003), 451-521.
49. A. Gordon and A. Jeffrey, Types and effects for asymmetric cryptographic protocols, Journal of Computer Security 12(3/4) (2004), 435-484.
50. J. Goubault-Larrecq, M. Roger and K.N. Verma, Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically, Journal of Logic and Algebraic Programming 64(2) (2005), 219-251.
51. J.D. Guttman and F.J.T. Fábrega, Authentication tests and the structure of bundles, Theoretical Computer Science 283(2) (2002), 333-380.
52. J. Heather, G. Lowe and S. Schneider, How to prevent type flaw attacks on security protocols, in: 13th IEEE Computer Security Foundations Workshop (CSFW-13), Cambridge, England, July 2000, pp. 255-268.
53. J. Heather and S. Schneider, A decision procedure for the existence of a rank function, Journal of Computer Security 13(2) (2005), 317-344.
54. H. Krawczyk, SKEME: A versatile secure key exchange mechanism for internet, in: Internet Society Symposium on Network and Distributed Systems Security, February 1996; available at: http://bilbo.isu.edu/sndss/sndss96. html.
55. G. Lowe, Breaking and fixing the Needham-Schroeder public-key protocol using FDR, in: Tools and Algorithms for the Construction and Analysis of Systems, Lecture Notes on Computer Science, Vol. 1055, Springer, 1996, pp. 147-166.
56. G. Lowe, A hierarchy of authentication specifications, in: 10th Computer Security Foundations Workshop (CSFW '97), Rockport, MA, June 1997, IEEE Computer Society, 1997, pp. 31-43.
57. C. Lynch, Oriented equational logic programming is complete, Journal of Symbolic Computation 21(1) (1997), 23-45.
58. C.A. Meadows, The NRL protocol analyzer: An overview, Journal of Logic Programming 26(2) (1996), 113-131.
59. C. Meadows and P. Narendran, A unification algorithm for the group Diffie-Hellman protocol, in: Workshop on Issues in the Theory of Security (WITS'02), Portland, OR, January 2002.
60. J. Millen and V. Shmatikov, Symbolic protocol analysis with an abelian group operator or DiffieHellman exponentiation, Journal of Computer Security 13(3) (2005), 515-564.
61. J.C. Mitchell, M. Mitchell and U. Stern, Automated analysis of cryptographic protocols using Mur., in: 1997 IEEE Symposium on Security and Privacy, 1997, pp. 141-151.
62. R.M. Needham and M.D. Schroeder, Using encryption for authentication in large networks of computers, Commun. ACM 21(12) (1978), 993-999.
63. R.M. Needham and M.D. Schroeder, Authentication revisited, Operating Systems Review 21(1) (1987), 7.
64. D. Otway and O. Rees, Efficient and timely mutual authentication, Operating Systems Review 21(1) (1987), 8-10.
65. L.C. Paulson, The inductive approach to verifying cryptographic protocols, Journal of Computer Security 6(1/2) (1998), 85-128.
66. A.W. Roscoe and P.J. Broadfoot, Proving security protocols with model checkers by data independence techniques, Journal of Computer Security 7(2/3) (1999), 147-190.
67. M. Rusinowitch and M. Turuani, Protocol insecurity with finite number of sessions is NP-complete, Theoretical Computer Science 299(1-3) (2003), 451-475.
68. D.X. Song, S. Berezin and A. Perrig, Athena: a novel approach to efficient automatic security protocol analysis, Journal of Computer Security 9(1/2) (2001), 47-74.
69. P. Syverson, A taxonomy of replay attacks, in: 7th IEEE Computer Security Foundations Workshop (CSFW-94), Franconia, NH, June 1994, IEEE Computer Society, 1994, pp. 131-136.
70. P. Syverson and C. Meadows, A formal language for cryptographic protocol requirements, Designs, Codes, and Cryptography 7(1/2) (1996), 27-59.
71. C. Weidenbach, Towards an automatic analysis of security protocols in first-order logic, in: 16th International Conference on Automated Deduction (CADE-16), Trento, Italy, July 1999, H. Ganzinger, ed., Lecture Notes in Artificial Intelligence, Vol. 1632, Springer, 1999, pp. 314-328.
72. T.Y.C. Woo and S.S. Lam, Authentication for distributed systems, Computer 25(1) (1992), 39-52.
73. T.Y.C. Woo and S.S. Lam, A semantic model for authentication protocols, in: Proceedings IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1993, pp. 178-194.
74. T.Y.C. Woo and S.S. Lam, Authentication for distributed systems, in: Internet Besieged: Countering Cyberspace Scofflaws, October 1997, D. Denning and P. Denning, eds, ACM Press and Addison-Wesley, 1997, pp. 319-355.