Finite models for formal security proofs

Journal of Computer Security

Volumn 18, Issue 6, 2010, Pages 1247-1299

  Goubault Larrecq, Jean ^a  

^a UNIVERSITÉ PARIS SACLAY   (France)

Author keywords

Dolev Yao model; finite model; formal security proof; H 1; inductionless induction; tree automaton

Indexed keywords

DOLEV-YAO MODEL; FINITE MODEL; FORMAL SECURITY; H-1; INDUCTIONLESS INDUCTION; TREE AUTOMATA;

CRYPTOGRAPHY; INSTRUMENT TESTING; NETWORK PROTOCOLS; NETWORK SECURITY;

MODEL CHECKING;

EID: 77957127463     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2009-0395     Document Type: Article

References (86)

1. M. Abadi, Secrecy by typing in security protocols, Journal of the ACM 46(5) (1999), 749-786.
2. M. Abadi and B. Blanchet, Analyzing security protocols with secrecy types and logic programs, Journal of the ACM 52(1) (2005), 102-146.
3. M. Abadi and C. Fournet, Mobile values, new names, and secure communication, SIGPLAN Notices 36(3) (2001), 104-115.
4. M. Abadi and A.D. Gordon, A calculus for cryptographic protocols, Information and Computation 148(1) (1999), 1-70.
5. W. Aiello, S.M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A.D. Keromytis and O. Reingold, Just fast keying: Key agreement in a hostile Internet, ACM Transactions on Information and System Security 7(2) (2004), 1-30.
6. R. Amadio and W. Charatonik, On name generation and set-based analysis in the Dolev-Yao model, in: Proc. 13th International Conference on Concurrency Theory (CONCUR'02), Brno, Czeck Re-publik, Lecture Notes in Computer Science, Vol. 2421, Springer-Verlag, 2002, pp. 499-514.
7. AVISPA - automated validation of Internet security protocols and applications, 2006, available at: http://avispa-project.org/.
8. L. Bachmair and H. Ganzinger, Resolution theorem proving, in: Handbook of Automated Reasoning, J.A. Robinson and A. Voronkov, eds, North-Holland, Amsterdam, 2001, pp. 19-99.
9. L. Bachmair, H. Ganzinger and U. Waldmann, Set constraints are the monadic class, in: Proc. 8th Annual IEEE Symposium on Logic in Computer Science (LICS'93), Montreal, QC, Canada, IEEE Computer Society Press, 1993, pp. 75-83.
10. P. Baumgartner, A. Fuchs, H. de Nivelle and C. Tinelli, Computing finite models by reduction to function-free clause logic, Journal of Applied Logic 7(1) (2009), 58-74.
11. S.M. Bellovin and M. Merritt, Encrypted key exchange: Password-based protocols secure against dictionary attacks, in: Proc. 13th IEEE Symp. Research in Security and Privacy (S&P'93), Oakland, CA, May 1992, IEEE Computer Society Press, 1992, pp. 72-84.
12. Y. Bertot and P. Castéran, Interactive Theorem Proving and Program Development Coq'Art: The Calculus of Inductive Constructions, Texts in Theoretical Computer Science, An EATCS Series, Vol. XXV, Springer-Verlag, 2004, pp. 1-469.
13. K. Bhargavan, C. Fournet, A.D. Gordon and A.R. Pucella, Tulafale: A security tool for web services, in: Proc. 2nd International Symposium on Formal Methods for Components and Objects (FMCO'03), Leiden, The Netherlands, Lecture Notes in Computer Science, Vol. 3188, Springer-Verlag, 2004, pp. 197-222. (Pubitemid 39749529)
14. B. Blanchet, An efficient cryptographic protocol verifier based on prolog rules, in: Proc. 14th IEEE Computer Security Foundations Workshop (CSFW'01), Cape Breton, NS, Canada, IEEE Computer Society Press, 2001, pp. 82-96.
15. B. Blanchet, An automatic security protocol verifier based on resolution theorem proving (invited tutorial), in: Proc. 20th International Conference on Automated Deduction (CADE-20), Tallinn, Estonia, July 2005, R. Nieuwenhuis, ed., LNAI, Vol. 3632, Springer-Verlag, 2005.
16. B. Blanchet, M. Abadi and C. Fournet, Automated verification of selected equivalences for security protocols, Journal of Logic and Algebraic Programming 75(1) (2008), 3-51.
17. D. Bolignano, An approach to the formal verification of cryptographic protocols, in: Proc. 3rd ACM Conference on Computer and Communications Security (CCS'96), New Delhi, India, March 1996, ACM Press, 1996.
18. J. Bull and D.J. Otway, The authentication protocol, Technical Report DRA/CIS3/PROJ/CORBA/ SC/1/CSM/436-04/03, Defence Research Agency, Malvern, UK, 1997.
19. M. Burrows, M. Abadi and R. Needham, A logic of authentication, Proceedings of the Royal Society 426(1871) (1989), 233-271.
20. R. Chadha, S. Kremer and A. Scedrov, Formal analysis of multi-party contract signing, Journal of Automated Reasoning 36(1,2) (2006), 39-83.
21. K. Claessen and N. Sörensson, New techniques that improve MACE-style finite model building, in: Proc. CADE-19 Workshop W4, P. Baumgartner, ed., Miami, FL, July 2003.
22. J.A. Clark and J.L. Jacob, A survey of authentication protocol literature, v1.0, 1997, available at: http://citeseer.ist.psu.edu/clark97survey. html.
23. K.L. Clark, Negation as failure, in: Readings in Nonmonotonic Reasoning, M.L. Ginsberg, ed., Morgan Kaufmann Publishers, San Francisco, CA, 1987, pp. 311-325.
24. H. Comon, Inductionless induction, in: Handbook of Automated Reasoning, J.A. Robinson and A. Voronkov, eds, North-Holland, Amsterdam, 2001, pp. 913-962.
25. H. Comon, M. Dauchet, R. Gilleron, F. Jacquemard, D. Lugiez, S. Tison and M. Tommasi, Tree automata techniques and applications, 1997, available at: www.grappa.univ-lille3.fr/tata (version of September 6, 2005).
26. H. Comon and R. Nieuwenhuis, Induction = i-axiomatization + first-order consistency, Information and Computation 159(1,2) (2000), 151-186.
27. H. Comon-Lundh and V. Cortier, Security properties: Two agents are sufficient, Science of Computer Programming 50(1-3) (2004), 51-71.
28. R. Corin, S. Malladi, J. Alves-Foss and S. Etalle, Guess what? Here is a new tool that finds some new guessing attacks, in: Proc. IFIP WG 1.7, ACM SIGPLAN and GI FoMSESS Workshop on Issues in the Theory of Security (WITS'03), R. Gorrieri and R. Lucchi, eds, Warsaw, Poland, April 2003, pp. 62-71.
29. V. Cortier, S. Delaune and P. Lafourcade, A survey of algebraic properties used in cryptographic protocols, Journal of Computer Security 14(1) (2006), 1-43.
30. V. Cortier, S. Delaune and G. Steel, A formal theory of key conjuring, in: Proc. 20th IEEE Computer Security Foundations Symposium (CSF'07), Venice, Italy, July 2007, IEEE Computer Society Press, 1997, pp. 79-93.
31. V. Cortier, M. Rusinowitch and E. Zǎlinescu, Relating two standard notions of secrecy, Logical Methods in Computer Science 3(2,3) (2007), 1-29.
32. A. Dawar, Model-checking first-order logic: Automata and locality, in: Proc. 21st International Workshop on Computer Science Logic, 16th Annual Conference of the EACSL (CSL'07), J. Duparc and T.A. Henzinger, eds, Lausanne, Switzerland, September 2007, Lecture Notes in Computer Science, Vol. 4646, Springer-Verlag, 2007, p. 6.
33. D.E. Denning and G.M. Sacco, Timestamps in key distribution protocols, Communications of the ACM 24(8) (1981), 533-536.
34. P. Devienne, P. Lebègue, A. Parrain, J.-C. Routier and J. Würtz, Smallest Horn clause programs, Journal of Logic Programming 27(3) (1994), 227-267.
35. W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory 22(6) (1976), 644-654.
36. D. Dolev and A.C. Yao, On the security of public key protocols, IEEE Transactions on Information Theory 29(2) (1983), 198-208.
37. N. Durgin, P. Lincoln, J. Mitchell and A. Scedrov, Undecidability of bounded security protocols. in: Proc. Workshop on Formal Methods and Security Protocols (FMSP'99), N. Heintze and E. Clarke, eds, Trento, Italy, July 1999.
38. T. Frühwirth, E. Shapiro, M.Y. Vardi and E. Yardeni, Logic programs as types for logic programs, in: Proc. 6th Annual IEEE Symposium Logic in Computer Science (LICS'91), Amsterdam, The Netherlands, IEEE Computer Society Press, 1991, pp. 300-309.
39. L. Gong, Using one-way functions for authentication, Computer Communication Review 19(5) (1989), 8-11.
40. J. Goubault-Larrecq, The h1 Tool Suite, LSV, ENS Cachan, CNRS, INRIA project SECSI, 2003, available at: http://www.lsv.ens-cachan.fr/ goubault/H1.dist/dh1index.html.
41. J. Goubault-Larrecq, Une fois qu'on n'a pas trouvé de preuve, comment le faire comprendre à un assistant de preuve?, in: Actes des 15èmes Journées Francophones sur les Langages Applicatifs (JFLA'04), V. Ménissier-Morain, ed., INRIA, Sainte-Marie-de-Ré, France, January 2004, pp. 1-40 (invited paper).
42. 1 by resolution, Information Processing Letters 95(3) (2005), 401-408.
43. J. Goubault-Larrecq, Towards producing formally checkable security proofs, automatically, in: Proc. 21st IEEE Computer Security Foundations Symposium (CSF'08), Pittsburg, PA, USA, IEEE Computer Society Press, 2008, pp. 224-238.
44. J. Goubault-Larrecq and F. Parrennes, Cryptographic protocol analysis on real C code, in: Proc. 6th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05), Paris, France, January 2005, R. Cousot, ed., Lecture Notes in Computer Science, Vol. 3385, Springer-Verlag, 2005, pp. 363-379.
45. J. Goubault-Larrecq, M. Roger and K.N. Verma, Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically, Journal of Logic and Algebraic Programming 64(2) (2005), 219-251.
46. M. Hellman, A cryptanalytic time-memory tradeoff, IEEE Transactions on Information Theory 26 (1980), 401-406.
47. M. Hofmann, A simple model for quotient types, in: Proc. 2nd Intl. Conf. Typed Lambda Calculi and Applications (TLCA'95), Edinburgh, UK, April 1995, M. Dezani-Ciancaglini and G.D. Plotkin, eds, Lecture Notes in Computer Science, Vol. 902, Springer-Verlag, pp. 216-234.
48. P.V. Homeier, Quotient types, in: Supplemental Proceedings, 14th International Conference on Theorem Proving in Higher Order Logics (TPHOLs'01), R.J. Boulton and P.B. Jackson, eds, Number EDI-INF-RR-0046 in Informatics Report Series, Division of Informatics, University of Edinburgh, September 2001, pp. 191-206, available at: http://www.inf.ed.ac.uk/publications/report/0046.html.
49. A. Huima, Efficient infinite-state analysis of security protocols, in: Proc. Workshop on Formal Methods and Security Protocols (FMSP'99), Trento, Italy, July 1999.
50. Information technology - security techniques - evaluation criteria for IT security, ISO/IEC 15408 Standard, parts 1-3, 2005, available at: http://standards.iso.org/ittf/PubliclyAvailableStandards/ index.html.
51. R. Janvier, Y. Lakhnech and L. Mazaré, Relating the symbolic and computational models of security protocols using hashes, in: Proc. Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA'06), P. Degano, R. Küsters, L. Viganò and S. Zdancewic, eds, Seattle, Washington, USA, August 2006, pp. 67-89, available at: http://www.easychair.org/FLoC-06/fcs-arspa06.pdf.
52. I.L.K. Kao and R. Chow, An efficient and secure authentication protocol using uncertified keys, Operating Systems Review 29(3) (1995), 14-21.
53. D. Kapur and D.R. Musser, Proof by consistency, Artificial Intelligence 31 (1987), 125-157.
54. D.C. Kozen, Automata and Computability, Undergraduate Texts in Computer Science, Springer-Verlag, 1997.
55. H. Krawczyk, SKEME: A versatile secure key exchange mechanism for Internet, in: Proc. 4th Internet Society Symposium on Network and Distributed Systems Security (SNDSS'96), San Diego, CA, USA, IEEE Computer Society Press, 1996, pp. 114-127.
56. S. Kremer, Computational soundness of equational theories (tutorial), in: Proc. 3rd Symposium on Trustworthy Global Computing (TGC'07), Sophia-Antipolis, France, G. Barthe and C. Fournet, eds, Lecture Notes in Computer Science, Vol. 4912, Springer-Verlag, 2008, pp. 363-382.
57. R. Küsters and T. Trudering, On the automatic analysis of recursive security protocols with XOR, in: Proc. 24th Symposium on Theoretical Aspects of Computer Science (STACS'2007), Aachen, Germany, W. Thomas and P. Weil, eds, Lecture Notes in Computer Science, Vol. 4393, Springer-Verlag, 2007, pp. 646-657.
58. D.S. Lankford, A simple explanation of inductionless induction, Technical Report MTP-14, Math. Dept., Louisiana State University, 1981.
59. G. Lowe, An attack on the Needham-Schroeder public-key authentication protocol, Information Processing Letters 56(3) (1996), 131-133.
60. G. Lowe, A family of attacks upon authentication protocols, Technical Report 1997/5, Dept. Mathematics and Computer Science, Univ. Leicester, 1997.
61. J. Marcinkowski and L. Pacholski, Undecidability of the Horn clause implication problem. in: Proc. 33rd Annual Symposium on Foundations of Computer Science (FOCS'92), IEEE Computer Society Press, Pittsburgh, PA, 1992, pp. 354-362.
62. R. Matzinger, Computational representations of Herbrand models using grammars, Technical Report TR-WB-Mat-96-2, Technische Universität Wien, February 1997 (version 4.0).
63. W. McCune, Mace4 reference manual and guide, Technical Report ANL/MCS-TM-264, Argonne National Laboratory, 2003.
64. D. Micciancio and B. Warinschi, Soundness of formal encryption in the presence of active adversaries, in: Proc. 1st IACR Theory of Cryptography Conference (TCC'04), Cambridge, MA, February 2004, M. Naor, ed., Lecture Notes in Computer Science, Vol. 2951, Springer-Verlag, 2004, pp. 133-151.
65. D. Monniaux, Abstracting cryptographic protocols with tree automata, in: Proc. 6th International Static Analysis Symposium (SAS'99), Venecia, Italy, Lecture Notes in Computer Science, Vol. 1694, Springer-Verlag, 1999, pp. 149-163.
66. R.M. Needham and M.D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM 21(12) (1978), 993-999.
67. R.M. Needham and M.D. Schroeder, Authentication revisited, ACM SIGOPS Operating Systems Review 21(1) (1987), 7.
68. F. Nielson, H.R. Nielson and H. Seidl, Normalizable Horn clauses, strongly recognizable relations and Spi, in: Proc. 9th International Static Analysis Symposium (SAS'02), Madrid, Spain, Lecture Notes in Computer Science, Vol. 2477, Springer-Verlag, 2002, pp. 20-35.
69. D. Otway and O. Rees, Efficient and timely mutual authentication, ACM SIGOPS Operating Systems Review 21(1) (1987), 8-10.
70. L.C. Paulson, Isabelle: The next 700 theorem provers, in: Logic and Computer Science, P. Odifreddi, ed., The APIC Series, Vol. 31, Academic Press, 1990, pp. 361-386.
71. L.C. Paulson, Proving properties of security protocols by induction, in: Proc. 10th IEEE Computer Security Foundations Workshop (CSFW'97), IEEE Computer Society Press, Rockport, MA, 1997, pp. 70-83.
72. L.C. Paulson, Relations between secrets: Two formal analyses of the Yahalom protocol, Journal of Computer Security 9(3) (2001), 197-216.
73. O. Pereira and J.-J. Quisquater, A security analysis of the cliques protocols suites, in: Proc. 14th IEEE Computer Security Foundations Workshop (CSFW'01), Cape Breton, NS, Canada, IEEE Computer Society Press, 2001, pp. 73-81.
74. X. Rival and J. Goubault-Larrecq, Experiments with finite tree automata in Coq, in: Proc. 14th International Conference on Theorem Proving in Higher Order Logics (TPHOLs'01), Edinburgh, Scotland, UK, September 2001, R.J. Boulton and P.B. Jackson, eds, Lecture Notes in Computer Science, Vol. 2152, Springer-Verlag, 2001, pp. 362-377.
75. J.A. Robinson and A. Voronkov (eds), Handbook of Automated Reasoning, North-Holland, Amsterdam, 2001.
76. P.Y.A. Ryan and S.A. Schneider, An attack on a recursive authentication protocol: A cautionary tale, Information Processing Letters 65(1) (1998), 7-10.
77. P. Selinger, Models for an adversary-centric protocol logic, Electronic Notes in Theoretical Computer Science 55(1) (2001), 73-87.
78. SPORE - security protocols open repository, 2005, available at: http://www.lsv.ens-cachan.fr/spore/.
79. C. Sprenger, M. Backes, D. Basin, B. Pfitzmann and M. Waidner, Cryptographically sound theorem proving, in: Proc. 19th IEEE Computer Security Foundations Symposium Workshop (CSFW'06), IEEE Computer Society Press, Washington, DC, USA, 2006, pp. 153-166.
80. M. Steiner, G. Tsudik and M. Waidner, Key agreement in dynamic peer groups, IEEE Transactions on Parallel and Distributed Systems 11(8) (2000), 769-780.
81. T. Tammet, Resolution methods for decision problems and finite-model building, PhD thesis, Göteborg University, 1992.
82. F.J. Thayer Fábrega, J.C. Herzog and J.D. Guttman, Strand spaces: Proving security protocols correct, Journal of Computer Security 7(2,3) (1999), 191-230.
83. C. Weidenbach, Towards an automatic analysis of security protocols, in: Proc. 16th International Conference on Automated Deduction (CADE-16), Trento, Italy, July 1999, H. Ganzinger, ed., LNAI, Vol. 1632, Springer-Verlag, 1999, pp. 378-382.
84. C. Weidenbach, Combining superposition, sorts and splitting, in: Handbook of Automated Reasoning, J.A. Robinson and A. Voronkov, eds, North-Holland, Amsterdam, 2001, pp. 1965-2013.
85. C. Weidenbach, U. Brahm, T. Hillenbrand, E. Keen, C. Theobald and D. Topić, SPASS version 2.0, in: Proc. 18th International Conference on Automated Deduction (CADE'02), Copenhagen, Denmark, A. Voronkov, ed., LNAI, Vol. 2392, Springer-Verlag, 2002, pp. 275-279.
86. Writing for the TPHOLs community, Part of the guide for authors of TPHOL conferences (theorem proving in higher-order logics) since 1999, 1999, available at: http://www-sop.inria.fr/croap/ TPHOLs99/authors.html.