Skip to main content
SpringerLink
Log in

Inductive study of confidentiality: for everyone

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

The Inductive Method is among the most established tools to analyse security protocols formally. It has successfully coped with large, deployed protocols, and its findings are widely published. However, perhaps due to its embedding in a theorem prover or to the lack of tutorial publications, it is at times criticised to require super-specialised skills and hence to be rather impractical. This paper aims at showing that criticism to be stereotypical. It pursues its aim by presenting the first tutorial-style paper to using the Inductive Method. This paper cannot cover every aspect of the method. It focuses on a key one, that is how the Inductive Method treats one of the main goals of security protocols: confidentiality against a threat model. The treatment of that goal, which may seem elegant in the Inductive Method, in fact forms a key aspect of all protocol analysis tools, hence the paper motivation rises still. With only standard skills as a requirement, the reader is guided step by step towards design and proof of significant confidentiality theorems. These are developed against two threat models, the standard Dolev–Yao and a more up-to-date one, the General Attacker, the latter turning out particularly useful also for didactic purposes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Arsac W, Bella G, Chantry X, Compagna L (2009) Attacking each other. In: Proceedings of the 17th international workshop on security protocols (CIWSP’09). LNCS Series. Springer, Berlin (in press)

  2. Arsac W, Bella G, Chantry X, Compagna L (2009) Validating security protocols under the general attacker. In: Degano P, Viganò L (eds) Proceedings of the joint workshop on automated reasoning for security protocol analysis and issues in the theory of security (ARSPA-WITS’09). LNCS, vol 5511. Springer, Berlin, pp 34–51

  3. Arsac W, Bella G, Chantry X, Compagna L (2010) Multi-attacker protocol validation. Springer Int J Automa Reason 46(3–4): 353–388

    MathSciNet  Google Scholar 

  4. Armando A, Compagna L (2005) An optimized intruder model for SAT-based model-checking of security protocols. In: Proceedings of the workshop on automated reasoning for security protocol analysis (ARSPA’04). ENTCS, vol 125. Elsevier, Amsterdam, pp 91–108

  5. Armando A, Carbone R, Cuellar J, Tobarra L, Compagna L (2008) Formal analysis of saml 2.0 web browser single sign-on: breaking the saml-based single sign-on for google apps. In: Proceedings of FMSE. ACM Press, New York

  6. Burrows M, Abadi M, Needham RM (1989) A logic of authentication. In: Proceedings of the Royal Society of London, vol 426, pp 233–271

  7. Benenson Z, Blass E-O, Freiling FC (2010) Attacker models for wireless sensor networks. Inf Technol 52(6): 320–324

    Google Scholar 

  8. Basin DA, Cremers CJF (2010) Modeling and analyzing security in the presence of compromising adversaries. In: Gritzalis D, Preneel B, Theoharidou M (eds) Proceedings of the 15th European symposium on research in computer security (ESORICS’10). LNCS, vol 6345. Springer, Berlin, pp 340–356

  9. Basin D, Capkun S, Schaller P, Schmidt B (2009) Let’s get physical: models and methods for real-world security protocols. In: Proceedings of the 22nd international conference on theorem proving in higher order logics. TPHOLs ’09. Springer, Berlin, pp 1–22. http://dx.doi.org/10.1007/978-3-642-03359-9_1

  10. Bella G (2007) Formal correctness of security protocols. Information security and cryptography. Springer, Berlin

    Book  MATH  Google Scholar 

  11. Bella G (2012) Inductive study of confidentiality. Archive of Formal Proofs, vol 2012. http://afp.sourceforge.net/entries/Inductive_Confidentiality.shtml

  12. Basagiannis S, Katsaros P, Pombortsis A (2010) An intruder model with message inspection for model checking security protocols. Comput Secur 29(1): 16–34

    Article  Google Scholar 

  13. Blanchet B (2011) Proverif: Cryptographic protocol verifier in the formal model. http://www.proverif.ens.fr/

  14. Boyd C, Mathuria A (2003) Protocols for authentication and key establishment. Information security and cryptography. Springer, Berlin

    Book  Google Scholar 

  15. Bella G, Massacci F, Paulson LC (2006) Verifying the SET purchase protocols. J Autom Reason 36(1–2): 5–37

    Article  MATH  Google Scholar 

  16. Bella G, Paulson LC (2006) Accountability protocols: formalized and verified. ACM Trans Inf Syst Secur 9(2): 1–24

    Article  Google Scholar 

  17. Cederquist J, Dashti MT (2006) An intruder model for verifying liveness in security protocols. In: Proceedings of the 4th ACM workshop on formal methods in security (FMSE’06). ACM Press, New York, pp 23–32. http://doi.acm.org/10.1145/1180337.1180340

  18. Comon-Lundh H, Cortier V (2004) Security properties: two agents are sufficient. Sci Comput Program 50(1–3): 51–71

    Article  MATH  MathSciNet  Google Scholar 

  19. Cordasco J, Wetzel S (2009) An attacker model for MANET routing security. In Proceedings of the 2nd ACM conference on wireless network security (WiSec’09). ACM Press, New York, pp 87–94. http://doi.acm.org/10.1145/1514274.1514288

  20. Dolev D, Yao A (1983) On the security of public-key protocols. IEEE Trans Inf Theory 2(29): 198–208

    Article  MathSciNet  Google Scholar 

  21. Nipkow T, Baader F (1999) Term rewriting and all that. Cambridge University Press, London

    MATH  Google Scholar 

  22. Camilla Fiazza M, Peroli M, Viganò L (2011) Attack interference in non-collaborative scenarios for security protocol analysis. In: Proceedings of the international conference on security and cryptography (Secrypt’11)

  23. Hrbacek K (1999) Introduction to set theory. CRC Press, Boca Raton

    MATH  Google Scholar 

  24. Liu D, Li X, Bai Y (2001) An intelligent intruder model for security protocol analysis. In: Qing S, Okamoto T, Zhou J (eds) Information and communications security. LNCS, vol 2229. Springer, Berlin, pp 13–22

  25. McMillan K (1993) Symbolic model checking. Kluwer Academic Publisher, Dordrecht

  26. Meadows CA (1996) The NRL protocol analyzer: an overview. J Logic Program 26(2): 113–131

    Article  MATH  Google Scholar 

  27. Miller FP, Vandome AF, McBrewster J (2009) Mathematical induction: mathematical proof, mathematical logic. Alphascript Publishing, Mauritius

  28. Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL: a proof assistant for higher-order logic. LNCS tutorial, vol 2283. Springer, Berlin

  29. Paulson LC (1994) Isabelle: a generic theorem prover. LNCS, vol 828. Springer, Berlin

  30. Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Secur 6: 85–128

    Google Scholar 

  31. Paulson LC (2010) Three years of experience with sledgehammer, a practical link between automatic and interactive theorem provers. http://www.cl.cam.ac.uk/~lp15/papers/Automation/paar.pdf

  32. Ryan PYA, Schneider S, Goldsmith M, Lowe G, Roscoe AW (2001) Modelling and analysis of security protocols. Addison-Wesley, Reading

  33. Thayer FJ, Herzog JC, Guttman JD (1999) Strand spaces: proving security protocols correct. J Comput Secur 7: 191–220

    Google Scholar 

  34. (2011) Cygwin: a Linux-like environment for Windows. http://www.cygwin.com

  35. (2011) Isabelle download page. http://www.cl.cam.ac.uk/Research/HVG/Isabelle/download.html

  36. (2011) Poly/ML: a full implementation of Standard ML. http://www.polyml.org

  37. (2011) Proof General: a generic interface for proof assistants. http://proofgeneral.inf.ed.ac.uk

  38. Wenzel M (2011) The Isabelle/Isar reference manual. http://isabelle.in.tum.de/doc/isar-ref.pdf

  39. Wiedijk F (ed) (2006) The seventeen provers of the world. LNAI, vol 3600. Springer, Heidelberg

Download references

Author information

Authors and Affiliations

  1. Software Technology Research Laboratory, De Montfort University, Leicester, UK

    Giampaolo Bella

  2. Dipartimento di Matematica e Informatica, Università di Catania, Viale A. Doria 6, I-95125, Catania, Italy

    Giampaolo Bella

Authors
  1. Giampaolo Bella
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Giampaolo Bella.

Additional information

Eerke Boiten

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bella, G. Inductive study of confidentiality: for everyone. Form Asp Comp 26, 3–36 (2014). https://doi.org/10.1007/s00165-012-0246-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-012-0246-3

Keywords

Search

Navigation