Abstract
The Inductive Method is among the most established tools to analyse security protocols formally. It has successfully coped with large, deployed protocols, and its findings are widely published. However, perhaps due to its embedding in a theorem prover or to the lack of tutorial publications, it is at times criticised to require super-specialised skills and hence to be rather impractical. This paper aims at showing that criticism to be stereotypical. It pursues its aim by presenting the first tutorial-style paper to using the Inductive Method. This paper cannot cover every aspect of the method. It focuses on a key one, that is how the Inductive Method treats one of the main goals of security protocols: confidentiality against a threat model. The treatment of that goal, which may seem elegant in the Inductive Method, in fact forms a key aspect of all protocol analysis tools, hence the paper motivation rises still. With only standard skills as a requirement, the reader is guided step by step towards design and proof of significant confidentiality theorems. These are developed against two threat models, the standard Dolev–Yao and a more up-to-date one, the General Attacker, the latter turning out particularly useful also for didactic purposes.
Similar content being viewed by others
References
Arsac W, Bella G, Chantry X, Compagna L (2009) Attacking each other. In: Proceedings of the 17th international workshop on security protocols (CIWSP’09). LNCS Series. Springer, Berlin (in press)
Arsac W, Bella G, Chantry X, Compagna L (2009) Validating security protocols under the general attacker. In: Degano P, Viganò L (eds) Proceedings of the joint workshop on automated reasoning for security protocol analysis and issues in the theory of security (ARSPA-WITS’09). LNCS, vol 5511. Springer, Berlin, pp 34–51
Arsac W, Bella G, Chantry X, Compagna L (2010) Multi-attacker protocol validation. Springer Int J Automa Reason 46(3–4): 353–388
Armando A, Compagna L (2005) An optimized intruder model for SAT-based model-checking of security protocols. In: Proceedings of the workshop on automated reasoning for security protocol analysis (ARSPA’04). ENTCS, vol 125. Elsevier, Amsterdam, pp 91–108
Armando A, Carbone R, Cuellar J, Tobarra L, Compagna L (2008) Formal analysis of saml 2.0 web browser single sign-on: breaking the saml-based single sign-on for google apps. In: Proceedings of FMSE. ACM Press, New York
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. In: Proceedings of the Royal Society of London, vol 426, pp 233–271
Benenson Z, Blass E-O, Freiling FC (2010) Attacker models for wireless sensor networks. Inf Technol 52(6): 320–324
Basin DA, Cremers CJF (2010) Modeling and analyzing security in the presence of compromising adversaries. In: Gritzalis D, Preneel B, Theoharidou M (eds) Proceedings of the 15th European symposium on research in computer security (ESORICS’10). LNCS, vol 6345. Springer, Berlin, pp 340–356
Basin D, Capkun S, Schaller P, Schmidt B (2009) Let’s get physical: models and methods for real-world security protocols. In: Proceedings of the 22nd international conference on theorem proving in higher order logics. TPHOLs ’09. Springer, Berlin, pp 1–22. http://dx.doi.org/10.1007/978-3-642-03359-9_1
Bella G (2007) Formal correctness of security protocols. Information security and cryptography. Springer, Berlin
Bella G (2012) Inductive study of confidentiality. Archive of Formal Proofs, vol 2012. http://afp.sourceforge.net/entries/Inductive_Confidentiality.shtml
Basagiannis S, Katsaros P, Pombortsis A (2010) An intruder model with message inspection for model checking security protocols. Comput Secur 29(1): 16–34
Blanchet B (2011) Proverif: Cryptographic protocol verifier in the formal model. http://www.proverif.ens.fr/
Boyd C, Mathuria A (2003) Protocols for authentication and key establishment. Information security and cryptography. Springer, Berlin
Bella G, Massacci F, Paulson LC (2006) Verifying the SET purchase protocols. J Autom Reason 36(1–2): 5–37
Bella G, Paulson LC (2006) Accountability protocols: formalized and verified. ACM Trans Inf Syst Secur 9(2): 1–24
Cederquist J, Dashti MT (2006) An intruder model for verifying liveness in security protocols. In: Proceedings of the 4th ACM workshop on formal methods in security (FMSE’06). ACM Press, New York, pp 23–32. http://doi.acm.org/10.1145/1180337.1180340
Comon-Lundh H, Cortier V (2004) Security properties: two agents are sufficient. Sci Comput Program 50(1–3): 51–71
Cordasco J, Wetzel S (2009) An attacker model for MANET routing security. In Proceedings of the 2nd ACM conference on wireless network security (WiSec’09). ACM Press, New York, pp 87–94. http://doi.acm.org/10.1145/1514274.1514288
Dolev D, Yao A (1983) On the security of public-key protocols. IEEE Trans Inf Theory 2(29): 198–208
Nipkow T, Baader F (1999) Term rewriting and all that. Cambridge University Press, London
Camilla Fiazza M, Peroli M, Viganò L (2011) Attack interference in non-collaborative scenarios for security protocol analysis. In: Proceedings of the international conference on security and cryptography (Secrypt’11)
Hrbacek K (1999) Introduction to set theory. CRC Press, Boca Raton
Liu D, Li X, Bai Y (2001) An intelligent intruder model for security protocol analysis. In: Qing S, Okamoto T, Zhou J (eds) Information and communications security. LNCS, vol 2229. Springer, Berlin, pp 13–22
McMillan K (1993) Symbolic model checking. Kluwer Academic Publisher, Dordrecht
Meadows CA (1996) The NRL protocol analyzer: an overview. J Logic Program 26(2): 113–131
Miller FP, Vandome AF, McBrewster J (2009) Mathematical induction: mathematical proof, mathematical logic. Alphascript Publishing, Mauritius
Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL: a proof assistant for higher-order logic. LNCS tutorial, vol 2283. Springer, Berlin
Paulson LC (1994) Isabelle: a generic theorem prover. LNCS, vol 828. Springer, Berlin
Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Secur 6: 85–128
Paulson LC (2010) Three years of experience with sledgehammer, a practical link between automatic and interactive theorem provers. http://www.cl.cam.ac.uk/~lp15/papers/Automation/paar.pdf
Ryan PYA, Schneider S, Goldsmith M, Lowe G, Roscoe AW (2001) Modelling and analysis of security protocols. Addison-Wesley, Reading
Thayer FJ, Herzog JC, Guttman JD (1999) Strand spaces: proving security protocols correct. J Comput Secur 7: 191–220
(2011) Cygwin: a Linux-like environment for Windows. http://www.cygwin.com
(2011) Isabelle download page. http://www.cl.cam.ac.uk/Research/HVG/Isabelle/download.html
(2011) Poly/ML: a full implementation of Standard ML. http://www.polyml.org
(2011) Proof General: a generic interface for proof assistants. http://proofgeneral.inf.ed.ac.uk
Wenzel M (2011) The Isabelle/Isar reference manual. http://isabelle.in.tum.de/doc/isar-ref.pdf
Wiedijk F (ed) (2006) The seventeen provers of the world. LNAI, vol 3600. Springer, Heidelberg
Author information
Authors and Affiliations
Corresponding author
Additional information
Eerke Boiten
Rights and permissions
About this article
Cite this article
Bella, G. Inductive study of confidentiality: for everyone. Form Asp Comp 26, 3–36 (2014). https://doi.org/10.1007/s00165-012-0246-3
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-012-0246-3