Using horn clauses for analyzing security protocols

Cryptology and Information Security Series

Volumn 5, Issue , 2011, Pages 86-111

  Blanchet, Bruno ^a  

^a ECOLE NORMALE SUPÉRIEURE   (France)

Author keywords

Automatic verification; Horn clauses; secrecy; security protocols

Indexed keywords

LOGIC PROGRAMMING;

ABSTRACT REPRESENTATION; AUTOMATIC VERIFICATION; CRYPTOGRAPHIC PRIMITIVES; HORN CLAUSE; PROCESS EQUIVALENCE; SECRECY; SECURITY PROPERTIES; SECURITY PROTOCOLS;

NETWORK SECURITY;

EID: 84865448973     PISSN: 18716431     EISSN: 18798101     Source Type: Book Series    
DOI: 10.3233/978-1-60750-714-7-86     Document Type: Article

References (88)

1. M. Abadi. Security protocols and their properties. In Foundations of Secure Computation, NATO Science Series, pages 39-60. IOS Press, 2000.
2. M. Abadi and B. Blanchet. Secrecy types for asymmetric communication. In Foundations of Software Science and Computation Structures (FoSSaCS 2001), volume 2030 of LNCS, pages 25-41. Springer, Apr. 2001.
3. M. Abadi and B. Blanchet. Analyzing security protocols with secrecy types and logic programs. Journal of the ACM, 52(1):102-146, Jan. 2005.
4. M. Abadi and B. Blanchet. Computer-assisted verification of a protocol for certified email. Science of Computer Programming, 58(1-2):3-27, Oct. 2005. Special issue SAS'03.
5. M. Abadi, B. Blanchet, and C. Fournet. Just Fast Keying in the pi calculus. ACM Transactions on Information and System Security (TISSEC), 10(3):1-59, July 2007.
6. M. Abadi and C. Fournet. Mobile values, new names, and secure communication. In 28th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'01), pages 104-115. ACM Press, Jan. 2001.
7. M. Abadi, N. Glew, B. Horne, and B. Pinkas. Certified email with a light on-line trusted third party: Design and implementation. In 11th International World Wide Web Conference, pages 387-395. ACM Press, May 2002.
8. M. Abadi and A. D. Gordon. A calculus for cryptographic protocols: The spi calculus. Information and Computation, 148(1):1-70, Jan. 1999.
9. M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 22(1):6-15, Jan. 1996.
10. W. Aiello, S. M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, K. Keromytis, and O. Reingold. Just Fast Keying: Key agreement in a hostile Internet. ACM Transactions on Information and System Security, 7(2):242-273, May 2004.
11. X. Allamigeon and B. Blanchet. Reconstruction of attacks against cryptographic protocols. In 18th IEEE Computer Security Foundations Workshop (CSFW-18), pages 140-154. IEEE, June 2005.
12. R. Anderson and R. Needham. Programming Satan's computer. In Computer Science Today: Recent Trends and Developments, volume 1000 of LNCS, pages 426-440. Springer, 1995.
13. M. Arapinis and M. Duflot. Bounding messages for free in security protocols. In 27th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS'07), volume 4855 of LNCS, pages 376-387. Springer, Dec. 2007.
14. L. Bachmair and H. Ganzinger. Resolution theorem proving. In Handbook of Automated Reasoning, volume 1, chapter 2, pages 19-100. North Holland, 2001.
15. M. Backes, A. Cortesi, and M. Maffei. Causality-based abstraction of multiplicity in security protocols. In 20th IEEE Computer Security Foundations Symposium (CSF'07), pages 355-369. IEEE, July 2007.
16. M. Backes, C. Hritcu, and M. Maffei. Automated verification of electronic voting protocols in the applied pi-calculus. In 21st IEEE Computer Security Foundations Symposium (CSF'08), pages 195-209. IEEE Computer Society, June 2008.
17. M. Backes, M. Maffei, and D. Unruh. Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In 29th IEEE Symposium on Security and Privacy, pages 202-215. IEEE, May 2008.
18. S. M. Bellovin and M. Merritt. Encrypted Key Exchange: Password-based protocols secure against dictionary attacks. In Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pages 72-84, May 1992.
19. S. M. Bellovin and M. Merritt. Augmented Encrypted Key Exchange: a password-based protocol secure against dictionary attacks and password file compromise. In Proceedings of the First ACM Conference on Computer and Communications Security, pages 244-250, Nov. 1993.
20. K. Bhargavan, R. Corin, C. Fournet, and A. Gordon. Secure sessions for web services. In ACM Workshop on Secure Web Services (SWS'04), Oct. 2004.
21. K. Bhargavan, R. Corin, C. Fournet, and E. Zǎlinescu. Cryptographically verified implementations for TLS. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS'08), pages 459-468. ACM, Oct. 2008.
22. K. Bhargavan, C. Fournet, and A. Gordon. Verifying policy-based security for web services. In ACM Conference on Computer and Communications Security (CCS'04), pages 268-277. ACM, Oct. 2004.
23. K. Bhargavan, C. Fournet, and A. Gordon. Verified reference implementations of WS-Security protocols. In 3rd International Workshop on Web Services and Formal Methods (WS-FM 2006), volume 4184 of LNCS, pages 88-106. Springer, Sept. 2006.
24. K. Bhargavan, C. Fournet, A. Gordon, and N. Swamy. Verified implementations of the information card federated identity-management protocol. In ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), pages 123-135. ACM, Mar. 2008.
25. K. Bhargavan, C. Fournet, A. Gordon, and S. Tse. Verified interoperable implementations of security protocols. In 19th IEEE Computer Security Foundations Workshop (CSFW'06), pages 139-152. IEEE Computer Society, July 2006.
26. K. Bhargavan, C. Fournet, A. D. Gordon, and R. Pucella. TulaFale: A security tool for web services. In Formal Methods for Components and Objects (FMCO 2003), volume 3188 of LNCS, pages 197-222. Springer, Nov. 2003. Paper and tool available at http://securing.ws/.
27. B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 82-96. IEEE Computer Society, June 2001.
28. B. Blanchet. Automatic proof of strong secrecy for security protocols. In IEEE Symposium on Security and Privacy, pages 86-100, May 2004.
29. B. Blanchet. Security protocols: From linear to classical logic by abstract interpretation. Information Processing Letters, 95(5):473-479, Sept. 2005.
30. B. Blanchet. Automatic verification of correspondences for security protocols. Report arXiv:0802.3444v1, 2008. Available at http://arxiv.org/abs/ 0802.3444v1.
31. B. Blanchet. Vérification automatique de protocoles cryptographiques: modèle formel et modèle calculatoire. Mémoire d'habilitation à diriger des recherches, Université Paris-Dauphine, Nov. 2008.
32. B. Blanchet. Automatic verification of correspondences for security protocols. Journal of Computer Security, 17(4):363-434, July 2009.
33. B. Blanchet, M. Abadi, and C. Fournet. Automated verification of selected equivalences for security protocols. Journal of Logic and Algebraic Programming, 75(1):3-51, Feb.-Mar. 2008.
34. B. Blanchet and A. Chaudhuri. Automated formal analysis of a protocol for secure file sharing on untrusted storage. In IEEE Symposium on Security and Privacy, pages 417-431. IEEE, May 2008.
35. B. Blanchet and A. Podelski. Verification of cryptographic protocols: Tagging enforces termination. Theoretical Computer Science, 333(1-2):67-90, Mar. 2005. Special issue FoSSaCS'03.
36. C. Bodei. Security Issues in Process Calculi. PhD thesis, Università di Pisa, Jan. 2000.
37. C. Bodei, M. Buchholtz, P. Degano, F. Nielson, and H. R. Nielson. Static validation of security protocols. Journal of Computer Security, 13(3):347-390, 2005.
38. C. Bodei, P. Degano, F. Nielson, and H. R. Nielson. Control flow analysis for the Π-calculus. In International Conference on Concurrency Theory (CONCUR'98), volume 1466 of LNCS, pages 84-98. Springer, Sept. 1998.
39. Y. Boichut, N. Kosmatov, and L. Vigneron. Validation of prouvé protocols using the automatic tool TA4SP. In Proceedings of the Third Taiwanese-French Conference on Information Technology (TFIT 2006), pages 467-480, Mar. 2006.
40. D. Bolignano. Towards a mechanization of cryptographic protocol verification. In 9th International Conference on Computer Aided Verification (CAV'97), volume 1254 of LNCS, pages 131-142. Springer, 1997.
41. L. Bozga, Y. Lakhnech, and M. Périn. Pattern-based abstraction for verifying secrecy in protocols. International Journal on Software Tools for Technology Transfer (STTT), 8(1):57-76, Feb. 2006.
42. M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Proceedings of the Royal Society of London A, 426:233-271, 1989.
43. R. Canetti and J. Herzog. Universally composable symbolic analysis of mutual authentication and key exchange protocols. In Proceedings, Theory of Cryptography Conference (TCC'06), volume 3876 of LNCS, pages 380-403. Springer, Mar. 2006.
44. L. Cardelli, G. Ghelli, and A. D. Gordon. Secrecy and group creation. In CONCUR 2000: Concurrency Theory, volume 1877 of LNCS, pages 365-379. Springer, Aug. 2000.
45. Y. Chevalier, R. Küsters, M. Rusinowitch, and M. Turuani. Deciding the security of protocols with Diffie-Hellman exponentiation and products in exponents. In FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science, 23rd Conference, volume 2914 of LNCS, pages 124-135. Springer, Dec. 2003.
46. Y. Chevalier, R. Küsters, M. Rusinowitch, and M. Turuani. An NP decision procedure for protocol insecurity with XOR. Theoretical Computer Science, 338(1-3):247-274, June 2005.
47. H. Comon-Lundh and V. Cortier. New decidability results for fragments of first-order logic and application to cryptographic protocols. In 14th Int. Conf. Rewriting Techniques and Applications (RTA'2003), volume 2706 of LNCS, pages 148-164. Springer, June 2003.
48. H. Comon-Lundh and V. Cortier. Security properties: two agents are sufficient. In Programming Languages and Systems: 12th European Symposium on Programming (ESOP'03), volume 2618 of LNCS, pages 99-113. Springer, Apr. 2003.
49. H. Comon-Lundh and V. Shmatikov. Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In Symposium on Logic in Computer Science (LICS'03), pages 271-280. IEEE Computer Society, June 2003.
50. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In 6th Annual ACM Symposium on Principles of Programming Languages, pages 269-282, 29-31 Jan. 1979.
51. H. de Nivelle. Ordering Refinements of Resolution. PhD thesis, Technische Universiteit Delft, Oct. 1995.
52. G. Denker, J. Meseguer, and C. Talcott. Protocol specification and analysis in Maude. In Workshop on Formal Methods and Security Protocols, 25 June 1998.
53. D. E. Denning and G. M. Sacco. Timestamps in key distribution protocols. Commun. ACM, 24(8):533-536, Aug. 1981.
54. W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644-654, Nov. 1976.
55. D. Dolev and A. C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(12):198-208, Mar. 1983.
56. N. Durgin, P. Lincoln, J. C. Mitchell, and A. Scedrov. Multiset rewriting and the complexity of bounded security protocols. Journal of Computer Security, 12(2):247-311, 2004.
57. S. Escobar, C. Meadows, and J. Meseguer. A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties. Theoretical Computer Science, 367(1-2):162-202, 2006.
58. G. Filé and R. Vigo. Expressive power of definite clauses for verifying authenticity. In 22nd IEEE Computer Security Foundations Symposium (CSF'09), pages 251-265. IEEE, July 2009.
59. T. Genet and F. Klay. Rewriting for cryptographic protocol verification. In 17th International Conference on Automated Deduction (CADE-17), volume 1831 of LNCS, pages 271-290. Springer, June 2000.
60. J. C. Godskesen. Formal verification of the ARAN protocol using the applied pi-calculus. In 6th International IFIP WG 1.7 Workshop on Issues in the Theory of Security (WITS'06), pages 99-113, Mar. 2006.
61. A. Gordon and A. Jeffrey. Authenticity by typing for security protocols. Journal of Computer Security, 11(4):451-521, 2003.
62. J. Goubault-Larrecq. A method for automatic cryptographic protocol verification (extended abstract), invited paper. In Fifth International Workshop on Formal Methods for Parallel Programming: Theory and Applications (FMPPTA'2000), volume 1800 of LNCS, pages 977-984. Springer, May 2000.
63. 1 by resolution. Information Processing Letters, 95(3):401-408, Aug. 2005.
64. J. Goubault-Larrecq and F. Parrennes. Cryptographic protocol analysis on real C code. In Proceedings of the 6th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05), volume 3385 of LNCS, pages 363-379. Springer, Jan. 2005.
65. J. Goubault-Larrecq, M. Roger, and K. N. Verma. Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically. Journal of Logic and Algebraic Programming, 64(2):219-251, Aug. 2005.
66. J. Heather, G. Lowe, and S. Schneider. How to prevent type flaw attacks on security protocols. In 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 255-268, July 2000.
67. M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus: Scalable secure file sharing on untrusted storage. In 2nd Conference on File and Storage Technologies (FAST'03), pages 29-42. Usenix, Apr. 2003.
68. H. Khurana and H.-S. Hahm. Certified mailing lists. In Proceedings of the ACM Symposium on Communication, Information, Computer and Communication Security (ASIACCS'06), pages 46-58. ACM, Mar. 2006.
69. H. Krawczyk. SKEME: A versatile secure key exchange mechanism for Internet. In Internet Society Symposium on Network and Distributed Systems Security, Feb. 1996.
70. S. Kremer and M. D. Ryan. Analysis of an electronic voting protocol in the applied pi calculus. In Programming Languages and Systems: 14th European Symposium on Programming, ESOP 2005, volume 3444 of LNCS, pages 186-200. Springer, Apr. 2005.
71. R. Küsters and T. Truderung. Reducing protocol analysis with XOR to the XOR-free case in the Horn theory based approach. In Proceedings of the 15th ACM conference on Computer and communications security (CCS'08), pages 129-138. ACM, Oct. 2008.
72. R. Küsters and T. Truderung. Using ProVerif to analyze protocols with Diffie-Hellman exponentiation. In 22nd IEEE Computer Security Foundations Symposium (CSF'09), pages 157-171. IEEE, July 2009.
73. G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of LNCS, pages 147-166. Springer, 1996.
74. K. D. Lux, M. J. May, N. L. Bhattad, and C. A. Gunter. WSEmail: Secure internet messaging based on web services. In International Conference on Web Services (ICWS'05), pages 75-82. IEEE Computer Society, July 2005.
75. C. Lynch. Oriented equational logic programming is complete. Journal of Symbolic Computation, 21(1):23-45, 1997.
76. C. Meadows and P. Narendran. A unification algorithm for the group Diffie-Hellman protocol. In Workshop on Issues in the Theory of Security (WITS'02), Jan. 2002.
77. C. A. Meadows. The NRL protocol analyzer: An overview. Journal of Logic Programming, 26(2):113-131, 1996.
78. J. Millen and V. Shmatikov. Symbolic protocol analysis with an abelian group operator or Diffie-Hellman exponentiation. Journal of Computer Security, 13(3):515-564, 2005.
79. J. K. Millen, S. C. Clark, and S. B. Freedman. The Interrogator: Protocol security analysis. IEEE Transactions on Software Engineering, SE-13(2):274-288, Feb. 1987.
80. D. Monniaux. Abstracting cryptographic protocols with tree automata. Science of Computer Programming, 47(2-3):177-202, 2003.
81. R. M. Needham and M. D. Schroeder. Using encryption for authentication in large networks of computers. Commun. ACM, 21(12):993-999, Dec. 1978.
82. R. M. Needham and M. D. Schroeder. Authentication revisited. Operating Systems Review, 21(1):7, 1987.
83. D. Otway and O. Rees. Efficient and timely mutual authentication. Operating Systems Review, 21(1):8-10, 1987.
84. L. C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1-2):85-128, 1998.
85. R. Ramanujam and S. Suresh. Tagging makes secrecy decidable with unbounded nonces as well. In FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science, volume 2914 of LNCS, pages 363-374. Springer, Dec. 2003.
86. C. Weidenbach. Towards an automatic analysis of security protocols in first-order logic. In 16th International Conference on Automated Deduction (CADE-16), volume 1632 of Lecture Notes in Artificial Intelligence, pages 314-328. Springer, July 1999.
87. T. Y. C. Woo and S. S. Lam. Authentication for distributed systems. Computer, 25(1):39-52, Jan. 1992.
88. T. Y. C. Woo and S. S. Lam. Authentication for distributed systems. In Internet Besieged: Countering Cyberspace Scofflaws, pages 319-355. ACM Press and Addison-Wesley, Oct. 1997.