International Journal on Software Tools for Technology Transfer

, Volume 4, Issue 4, pp 472–495

Security by typing

  • Mourad Debbabi
  • Nancy Durgin
  • Mohamed Mejri
  • John C. Mitchell
Regular contribution

DOI: 10.1007/s10009-002-0100-7

Cite this article as:
Debbabi, M., Durgin, N., Mejri, M. et al. STTT (2003) 4: 472. doi:10.1007/s10009-002-0100-7

Abstract

We present an approach for analyzing cryptographic protocols that are subject to attack from an active intruder who takes advantage of knowledge of the protocol rules. The approach uses a form of type system in which types are communication steps and typing constraints characterize all the messages available to the intruder. This reduces verification of authentication and secrecy properties to a typing problem in our type system. We present the typing rules, prove soundness of a type inference algorithm, and establish the correctness of the typing rules with respect to the protocol execution and intruder actions. The protocol specifications used in the approach can be automatically extracted from the conventional, informal cryptographic protocol notation commonly found in the literature. To validate the approach, we implement our algorithm in a tool called DYMNA, which is a practical and efficient environment for the specification and analysis of cryptographic protocols.

Keywords

Cryptographic ProtocolsType SystemIntruder abilitiesAuthenticationSecrecyIntegrity

Copyright information

© Springer-Verlag 2002

Authors and Affiliations

  • Mourad Debbabi
    • 1
    • 2
  • Nancy Durgin
    • 3
  • Mohamed Mejri
    • 1
  • John C. Mitchell
    • 3
  1. 1.Département d’InformatiqueUniversité LavalSainte-FoyCanada
  2. 2.Panasonic Information and Networking Technologies LaboratoryPrincetonUSA
  3. 3.Computer Science DepartmentStanford UniversityStanfordUSA