The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols

Tool Paper
  • Cas J. F. Cremers
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5123)


With the rise of the Internet and other open networks, a large number of security protocols have been developed and deployed in order to provide secure communication. The analysis of such security protocols has turned out to be extremely difficult for humans, as witnessed by the fact that many protocols were found to be flawed after deployment. This has driven the research in formal analysis of security protocols. Unfortunately, there are no effective approaches yet for constructing correct and efficient protocols, and work on concise formal logics that might allow one to easily prove that a protocol is correct in a formal model, is still ongoing. The most effective approach so far has been automated falsification or verification of such protocols with state-of-the-art tools such as ProVerif [1] or the Avispa tools [2]. These tools have shown to be effective at finding attacks on protocols (Avispa) or establishing correctness of protocols (ProVerif).


Operational Semantic Security Protocol Attack Trace Computer Security Foundation Workshop Security Claim 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pp. 82–96. IEEE, Los Alamitos (2001)CrossRefGoogle Scholar
  2. 2.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, L., Drielsma, P., Heám, P., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Cremers, C.: Feasibility of multi-protocol attacks. In: Proc. of The 1st Int. Conf. on Availability, Reliability and Security (ARES), pp. 287–294. IEEE, Los Alamitos (2006)CrossRefGoogle Scholar
  4. 4.
    Cremers, C., Mauw, S.: Operational semantics of security protocols. In: Leue, S., Systä, T.J. (eds.) Scenarios: Models, Transformations and Tools. LNCS, vol. 3466, pp. 66–89. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Song, D.: An Automatic Approach for Building Secure Systems. PhD thesis, UC Berkeley (December 2003)Google Scholar
  6. 6.
    Doghmi, S., Guttman, J.D., Thayer, F.: Skeletons, homomorphisms, and shapes: Characterizing protocol executions. In: Proc. of the 23rd Conf. on the Mathematical Foundations of Programming Semantics (MFPS XXIII). ENTCS, vol. 173, pp. 85–102. Elsevier ScienceDirect, Amsterdam (2007)Google Scholar
  7. 7.
    Security Protocols Open Repository,
  8. 8.
    Cremers, C.: Scyther - Semantics and Verification of Security Protocols. Ph.D. dissertation, Eindhoven University of Technology (2006)Google Scholar
  9. 9.
    Cremers, C., Lafourcade, P.: Comparing state spaces in automatic protocol verification. In: Proc. of the 7th Int. Workshop on Automated Verification of Critical Systems (AVoCS 2007). ENTCS (September 2007) (to appear)Google Scholar
  10. 10.
    Cremers, C., Mauw, S.: Generalizing Needham-Schroeder-Lowe for multi-party authentication, CSR 06-04, Eindhoven University of Technology (2006)Google Scholar
  11. 11.
    Andova, S., Cremers, C., Gjøsteen, K., Mauw, S., Mjølsnes, S., Radomirović, S.: A framework for compositional verification of security protocols. Information and Computation 206, 425–459 (2008)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Cremers, C.: On the protocol composition logic PCL. In: Abe, M., Gligor, V. (eds.) Proc. of the ACM Symposium on Information, Computer & Communication Security (ASIACCS 2008), Tokyo, pp. 66–76. ACM Press, New York (2008)CrossRefGoogle Scholar
  13. 13.
    Meier, S.: A formalization of an operational semantics of security protocols. Diploma thesis, ETH Zurich (August 2007),

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Cas J. F. Cremers
    • 1
  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland

Personalised recommendations