International Journal on Software Tools for Technology Transfer

, Volume 4, Issue 4, pp 472–495

Security by typing

Authors

  • Mourad Debbabi
    • Département d’InformatiqueUniversité Laval
    • Panasonic Information and Networking Technologies Laboratory
  • Nancy Durgin
    • Computer Science DepartmentStanford University
  • Mohamed Mejri
    • Département d’InformatiqueUniversité Laval
  • John C. Mitchell
    • Computer Science DepartmentStanford University
Regular contribution

DOI: 10.1007/s10009-002-0100-7

Cite this article as:
Debbabi, M., Durgin, N., Mejri, M. et al. STTT (2003) 4: 472. doi:10.1007/s10009-002-0100-7

Abstract

We present an approach for analyzing cryptographic protocols that are subject to attack from an active intruder who takes advantage of knowledge of the protocol rules. The approach uses a form of type system in which types are communication steps and typing constraints characterize all the messages available to the intruder. This reduces verification of authentication and secrecy properties to a typing problem in our type system. We present the typing rules, prove soundness of a type inference algorithm, and establish the correctness of the typing rules with respect to the protocol execution and intruder actions. The protocol specifications used in the approach can be automatically extracted from the conventional, informal cryptographic protocol notation commonly found in the literature. To validate the approach, we implement our algorithm in a tool called DYMNA, which is a practical and efficient environment for the specification and analysis of cryptographic protocols.

Keywords

Cryptographic ProtocolsType SystemIntruder abilitiesAuthenticationSecrecyIntegrity

Copyright information

© Springer-Verlag 2002