Efficient construction of machine-checked symbolic protocol security proofs

Journal of Computer Security

Volumn 21, Issue 1, 2013, Pages 41-87

  Meier, Simon ^a   Cremers, Cas ^a   Basin, David ^a  

^a ETH ZURICH   (Switzerland)

Author keywords

automatic proof generation; formal methods; Security protocols; theorem proving

Indexed keywords

AUTOMATIC PROOF GENERATION; AUTOMATIC PROOFS; EFFICIENT CONSTRUCTION; HUMAN-READABLE; INFERENCE RULES; INTERACTIVE THEOREM PROVER; ISABELLE/HOL; PROTOCOL SECURITY; PROTOCOL SPECIFICATIONS; SECURITY PROTOCOLS;

FORMAL METHODS; THEOREM PROVING;

NETWORK SECURITY;

EID: 84874349098     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2012-0455     Document Type: Article

References (43)

1. M. Arapinis and M. Duflot, Bounding messages for free in security protocols, in: Proceedings of the 27th International Conference on Foundations of Software Technology and Theoretical Computer Science, Lecture Notes in Computer Science, Vol. 4855, Springer, Berlin, 2007, pp. 376-387.
2. C. Ballarin, Interpretation of locales in Isabelle: theories and proof contexts, in: MKM, J.M. Borwein and W.M. Farmer, eds, Lecture Notes in Computer Science, Vol. 4108, Springer, Berlin, 2006, pp. 31-43.
3. G. Barthe, B. Grégoire, S. Heraud and S. Zanella Béguelin, Computer-aided security proofs for the working cryptographer, in: Advances in Cryptology-CRYPTO 2011, Lecture Notes in Computer Science, Vol. 6841, Springer, Berlin, 2011, pp. 71-90.
4. G. Barthe, B. Grégoire and S. Zanella Béguelin, Formal certification of code-based cryptographic proofs, in: Proc. 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, ACM Press, New York, NY, 2009, pp. 90-101.
5. D. Basin, C. Cremers and S. Meier, Provably repairing the ISO/IEC 9798 standard for entity authentication, in: Proc. 1st International Conference on Principles of Security and Trust, Held as Part of ETAPS'2012, Tallinn, Lecture Notes in Computer Science, Vol. 7215, Springer, Berlin, 2012, pp. 129-148.
6. G. Bella, Formal Correctness of Security Protocols (Information Security and Cryptography), Springer, New York, NY, 2007.
7. G. Bella, F. Massacci and L.C. Paulson, Verifying the SET purchase protocols, J. Autom. Reason. 36 (2006), 5-37.
8. G. Bella and L.C. Paulson, Kerberos version 4: inductive analysis of the secrecy goals, in: ESORICS, J.-J. Quisquater, Y. Deswarte, C. Meadows and D. Gollmann, eds, Lecture Notes in Computer Science, Vol. 1485, Springer, Berlin, 1998, pp. 361-375.
9. K. Bhargavan, C. Fournet and A.D. Gordon, Modular verification of security protocol code by typing, in: POPL, M.V. Hermenegildo and J. Palsberg, eds, ACM Press, New York, NY, 2010, pp. 445-456.
10. B. Blanchet, A computationally sound mechanized prover for security protocols, IEEE Transactions on Dependable and Secure Computing 5(4) (2008), 193-207.
11. B. Blanchet, Automatic verification of correspondences for security protocols, J. Comput. Secur. 17(4) (2009), 363-434.
12. F. Blanqui, An Isabelle formalization of protocol-independent secrecy with an application to ecommerce, CoRR, abs/cs/0610069, 2006, available at: http://arxiv.org/abs/cs/0610069.
13. A. Brucker and S. Mödersheim, Integrating automated and interactive protocol verification, in: Fo r-mal Aspects in Security and Trust, P. Degano and J. Guttman, eds, Lecture Notes in Computer Science, Vol. 5983, Springer, Berlin, 2010, pp. 248-262.
14. E. Cohen, First-order verification of cryptographic protocols, J. Comput. Secur. 11(2) (2003), 189-216.
15. C. Cremers, Unbounded verification, falsification and characterization of security protocols by pattern refinement, in: Proceedings of the 15th ACM Conference on Computer and Communications Security, ACM Press, New York, NY, 2008, pp. 119-128.
16. C. Cremers and S. Mauw, Operational semantics of security protocols, in: Proc. International Workshop on Scenarios: Models, Transformations and Tools, Dagstuhl Castle, Germany, S. Leue and T. Systä, eds, Revised Selected Papers, Lecture Notes in Computer Science, Vol. 3466, Springer, Berlin, 2005.
17. C. Cremers, S. Mauw and E. de Vink, Injective synchronisation: an extension of the authentication hierarchy, Theor. Comput. Sci. 367 (2006), 139-161.
18. S. Delaune, S. Kremer and G. Steel, Formal analysis of PKCS#11, in: Proceedings of the 21st IEEE Computer Security Foundations Symposium, Pittsburgh, PA, IEEE Computer Society, Los Alamitos, CA, 2008, pp. 331-344.
19. S.F. Doghmi, J.D. Guttman and F.J. Thayer, Searching for shapes in cryptographic protocols, in: TACAS, O. Grumberg and M. Huth, eds, Lecture Notes in Computer Science, Vol. 4424, Springer, Berlin, 2007, pp. 523-537.
20. N.A. Durgin, P. Lincoln and J.C. Mitchell, Multiset rewriting and the complexity of bounded security protocols, J. Comput. Secur. 12(2) (2004), 247-311.
21. N. Evans and S.A. Schneider, Verifying security protocols with PVS: widening the rank function approach, J. Log. Algebr. Program. 64(2) (2005), 253-284.
22. M.J.C. Gordon, Mechanizing programming logics in higher order logic, in: Current Trends in Hardware Verification and Automated Theorem Proving, G. Birtwistle and P.A. Subrahmanyam, eds, Springer, New York, 1989, pp. 387-439.
23. J. Goubault-Larrecq, Finite models for formal security proofs, J. Comput. Secur. 18(6) (2010), 1247-1299.
24. J.D. Guttman, Authentication tests and disjoint encryption: a design method for security protocols, J. Comput. Secur. 12 (2004), 409-433.
25. J. Heather, G. Lowe and S. Schneider, How to prevent type flaw attacks on security protocols, J. Comput. Secur. 11(2) (2003), 217-244.
26. International Organization for Standardization, Information technology-Security techniques-Entity Authentication-Part 1: General, 3rd edn, ISO/IEC 9798-1:2010, Genève, Switzerland, 2010.
27. B. Jacobs and I. Hasuo, Semantics and logic for security protocols, J. Comput. Secur. 17(6) (2009), 909-944.
28. Y. Li, W. Yang and C.-W. Huang, On preventing type flaw attacks on security protocols with a simplified tagging scheme, J. Inf. Sci. Eng. 21(1) (2005), 59-84.
29. G. Lowe, A hierarchy of authentication specifications, in: Proc. 10th Computer Security Foundations Workshop, Rockport, MA, IEEE Press, 1997, pp. 31-43.
30. S. Matsuo, K. Miyazaki, A. Otsuka and D.A. Basin, How to evaluate the security of real-life cryptographic protocols?-The cases of ISO/IEC 29128 and CRYPTREC, in: Financial Cryptography and Data Security, FC 2010 Workshops, RLCPS, WECSR and WLC 2010, Tenerife, Canary Islands, Spain, Revised Selected Papers, Lecture Notes in Computer Science, Vol. 6054, Springer, Berlin, 2010, pp. 182-194.
31. S. Meier, Source code of the scyther-proof tool and the corresponding Isabelle/HOL security protocol verification theory, May 2012, available at: http://hackage.haskell.org/package/scyther-proof-0.5.0.0.
32. S. Meier, C.J.F. Cremers and D.A. Basin, Strong invariants for the efficient construction of machine-checked protocol security proofs, in: CSF, IEEE Computer Society, 2010, pp. 231-245.
33. S. Mödersheim and L. Viganò, The open-source fixed-point model checker for symbolic analysis of security protocols, in: FOSAD, A. Aldini, G. Barthe and R. Gorrieri, eds, Lecture Notes in Computer Science, Vol. 5705, Springer, Berlin, 2009, pp. 166-194.
34. T. Nipkow, L.C. Paulson and M. Wenzel, Isabelle/HOL-A Proof Assistant for Higher-Order Logic, Lecture Notes in Computer Science, Vol. 2283, Springer, Berlin, 2002.
35. L.C. Paulson, The inductive approach to verifying cryptographic protocols, J. Comput. Secur. 6 (1998), 85-128.
36. L.C. Paulson, Inductive analysis of the internet protocol TLS, ACM Trans. Inf. Syst. Secur. 2(3) (1999), 332-351.
37. L.C. Paulson, Relations between secrets: two formal analyses of the Yahalom protocol, J. Comput. Secur. 9(3) (2001), 197-216.
38. B. Schmidt, S. Meier, C. Cremers and D.A. Basin, Automated analysis of Diffie-Hellman protocols and advanced security properties, in: Proceedings of the 25rd IEEE Computer Security Foundations Symposium, Cambridge MA, USA, IEEE Computer Society, Los Alamitos, CA, 2012, pp. 78-94.
39. S. Schneider, Verifying authentication protocols with CSP, in: Proc. 10th Computer Security Foundations Workshop, Rockport, MA, IEEE Press, 1997, pp. 3-17.
40. D. Song, S. Berezin and A. Perrig, Athena: a novel approach to efficient automatic security protocol analysis, J. Comput. Secur. 9 (2001), 47-74.
41. SPORE-Security Protocols Open Repository, 2005, http://www.lsv.ens- cachan.fr/spore.
42. F.J. Thayer, J.C. Herzog and J.D. Guttman, Strand spaces: proving security protocols correct, J. Comput. Secur. 7(1) (1999), 191-230.
43. M. Wenzel, L.C. Paulson and T. Nipkow, The Isabelle framework, in: TPHOLs, O.A. Mohamed, C. Muñoz and S. Tahar, eds, Lecture Notes in Computer Science, Vol. 5170. Springer, Berlin, 2008, pp. 33-38.