Advertisement

Computer-Assisted Verification of a Protocol for Certified Email

  • Martín Abadi
  • Bruno Blanchet
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2694)

Abstract

We present the formalization and verification of a recent cryptographic protocol for certified email. Relying on a tool for automatic protocol analysis, we establish the key security properties of the protocol. This case study explores the use of general correspondence assertions in automatic proofs, and aims to demonstrate the considerable power of the tool and its applicability to non-trivial, interesting protocols.

Keywords

Security Protocol Security Property Horn Clause Closed Process Automatic Proof 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Abadi and B. Blanchet. Analyzing security protocols with secrecy types and logic programs. In 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’02), pages 33–44, Portland, OR, Jan. 2002. ACM Press.Google Scholar
  2. 2.
    M. Abadi, N. Glew, B. Horne, and B. Pinkas. Certified email with a light on-line trusted third party: Design and implementation. In 11th International World Wide Web Conference (WWW’02), Honolulu, Hawaii, USA, May 2002. ACM Press.Google Scholar
  3. 3.
    G. Bella, F. Massacci, and L. C. Paulson. The verification of an industrial payment protocol: The SET purchase phase. In V. Atluri, editor, 9th ACM Conference on Computer and Communications Security (CCS’02), pages 12–20, Washington, DC, Nov. 2002. ACM Press.Google Scholar
  4. 4.
    G. Bella and L. C. Paulson. Using Isabelle to prove properties of the Kerberos authentication system. In DIMACS Workshop on Design and Formal Verification of Security Protocols, Piscataway, NJ, Sept. 1997.Google Scholar
  5. 5.
    G. Bella and L. C. Paulson. Kerberos version IV: inductive analysis of the secrecy goals. In J.-J. Quisquater et al., editors, Computer Security-ESORICS 98, volume 1485 of Lecture Notes in Computer Science, pages 361–375, Louvain-la-Neuve, Belgium, Sept. 1998. Springer Verlag.CrossRefGoogle Scholar
  6. 6.
    B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 82–96, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.Google Scholar
  7. 7.
    B. Blanchet. From secrecy to authenticity in security protocols. In M. Hermenegildo and G. Puebla, editors, 9th International Static Analysis Symposium (SAS’02), volume 2477 of Lecture Notes in Computer Science, pages 342–359, Madrid, Spain, Sept. 2002. Springer Verlag.Google Scholar
  8. 8.
    A. Gordon and A. Jeffrey. Authenticity by typing for security protocols. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 145–159, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.Google Scholar
  9. 9.
    A. Gordon and A. Jeffrey. Types and effects for asymmetric cryptographic protocols. In 15th IEEE Computer Security Foundations Workshop (CSFW-15), pages 77–91, Cape Breton, Nova Scotia, Canada, June 2002. IEEE Computer Society.Google Scholar
  10. 10.
    H. Krawczyk. SKEME: A versatile secure key exchange mechanism for internet. In Proceedings of the Internet Society Symposium on Network and Distributed Systems Security (NDSS’96), San Diego, CA, Feb. 1996. Available at http://bilbo.isu.edu/sndss/sndss96.html.Google Scholar
  11. 11.
    S. Kremer and J.-F. Raskin. Game analysis of abuse-free contract signing. In 15th IEEE Computer Security Foundations Workshop (CSFW-15), pages 206–222, Cape Breton, Nova Scotia, Canada, June 2002. IEEE Computer Society.Google Scholar
  12. 12.
    C. Meadows. Analysis of the Internet Key Exchange protocol using the NRL protocol analyzer. In IEEE Symposium on Security and Privacy, pages 216–231, Oakland, CA, May 1999. IEEE Computer Society.Google Scholar
  13. 13.
    J. C. Mitchell, V. Shmatikov, and U. Stern. Finite-state analysis of SSL 3.0. In 7th USENIX Security Symposium, pages 201–216, San Antonio, TX, Jan. 1998.Google Scholar
  14. 14.
    L. C. Paulson. Inductive analysis of the Internet protocol TLS. ACM Transactions on Information and System Security, 2(3):332–351, Aug. 1999.CrossRefGoogle Scholar
  15. 15.
    S. Schneider. Formal analysis of a non-repudiation protocol. In 11th IEEE Computer Security Foundations Workshop (CSFW-11), pages 54–65, Rockport, Massachusetts, June 1998. IEEE Computer Society.Google Scholar
  16. 16.
    V. Shmatikov and J. C. Mitchell. Finite-state analysis of two contract signing protocols. Theoretical Computer Science, 283(2):419–450, June 2002.zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    T. Y. C. Woo and S. S. Lam. A semantic model for authentication protocols. In 1993 IEEE Symposium on Research on Security and Privacy, pages 178–194, Oakland, CA, 1993. IEEE Computer Society.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Martín Abadi
    • 1
  • Bruno Blanchet
    • 2
  1. 1.Computer Science DepartmentUniversity of CaliforniaSanta Cruz
  2. 2.Département d’Informatique, École Normale SupérieureParis and Max-Planck-Institut für InformatikSaarbrücken

Personalised recommendations