Integrating Verification, Testing, and Learning for Cryptographic Protocols

  • Martijn Oostdijk
  • Vlad Rusu
  • Jan Tretmans
  • R. G. de Vries
  • T. A. C. Willemse
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4591)


The verification of cryptographic protocol specifications is an active research topic and has received much attention from the formal verification community. By contrast, the black-box testing of actual implementations of protocols, which is, arguably, as important as verification for ensuring the correct functioning of protocols in the “real” world, is little studied. We propose an approach for checking secrecy and authenticity properties not only on protocol specifications, but also on black-box implementations. The approach is compositional and integrates ideas from verification, testing, and learning. It is illustrated on the Basic Access Control protocol implemented in biometric passports.


Model Check Formal Parameter Security Protocol Security Property Cryptographic Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Burrows, M., Abadi, M., Needham, R.M.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990)CrossRefGoogle Scholar
  2. 2.
    Gong, L., Needham, R.M., Yahalom, R.: Reasoning about belief in cryptographic protocols. In: IEEE Symposium on Security and Privacy, pp. 234–248 (1990)Google Scholar
  3. 3.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Inf. Comput. 148(1), 1–70 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Lowe, G.: Casper: A compiler for the analysis of security protocols. Journal of Computer Security 6(1-2), 53–84 (1998)Google Scholar
  5. 5.
    Armando, A., Basin, D.A., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P.H., Héam, P.-C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The avispa tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)Google Scholar
  7. 7.
    Hughes, J., Warnier, M.: The coinductive approach to verifying cryptographic protocols. In: Wirsing, M., Pattinson, D., Hennicker, R. (eds.) Recent Trends in Algebraic Development Techniques. LNCS, vol. 2755, pp. 268–283. Springer, Heidelberg (2003)Google Scholar
  8. 8.
    Gunter, E.L., Felty, A.P. (eds.): TPHOLs 1997. LNCS, vol. 1275, pp. 19–22. Springer, Heidelberg (1997)zbMATHGoogle Scholar
  9. 9.
    Denker, G., Millen, J.K.: Modeling group communication protocols using multiset term rewriting. Electr. Notes Theor. Comput. Sci. 71 (2002)Google Scholar
  10. 10.
    Genet, T., Klay, F.: Rewriting for cryptographic protocol verification. In: McAlleste, D.A. (ed.) Automated Deduction - CADE-17. LNCS, vol. 1831, pp. 271–290. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Bozga, L., Lakhnech, Y., Périn, M.: Pattern-based abstraction for verifying secrecy in protocols. In: Garavel, H., Hatcliff, J. (eds.) ETAPS 2003 and TACAS 2003. LNCS, vol. 2619, pp. 299–314. Springer, Heidelberg (2003)Google Scholar
  12. 12.
    Monniaux, D.: Abstracting cryptographic protocols with tree automata. Sci. Comput. Program. 47(2-3), 177–202 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    ISO/IEC 9646. Conformance Testing Methodology and Framework (1992)Google Scholar
  14. 14.
    Jeffrey, A.S.A., Ley-Wild, R.: Dynamic model checking of C cryptographic protocol implementations. In: Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (fcs 2006) (2006)Google Scholar
  15. 15.
    Goubault-Larrecq, J., Parrennes, F.: Cryptographic protocol analysis on real C code. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 363–379. Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Bhargavan, K.: Provable implementations of security protocols. In: IEEE Symposium on Logic in Computer Science (LICS 2006), pp. 345–346 (2006)Google Scholar
  17. 17.
    Breunesse, C.-B., Hubbers, E., Koopman, P., Mostowski, W., Oostdijk, M., Rusu, V., de Vries, R., van Weelden, A., Schreur, R.W., Willemse, T.: Testing the dutch e-passport, Technical report, Radboud University, Nijmegen, The Netherlands (2006)Google Scholar
  18. 18.
    Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the IEEE 22nd Annual Symposium on Foundations of Computer Science, pp. 350–357 (1981)Google Scholar
  19. 19.
    Technical advisory group on Machine-Readable travel documents. Pki for machine-readable travel documents, version 1.1. Technical report, International Civil Aviation Organization (October 2004)Google Scholar
  20. 20.
    Lynch, N., Tuttle, M.: Introduction to IO automata. CWI Quarterly, vol. 3(2) (1999)Google Scholar
  21. 21.
    Carriero, N., Gelernter, D.: Linda in context. Commun. ACM 32(4), 444–458 (1989)CrossRefGoogle Scholar
  22. 22.
    Kupferman, O., Vardi, M.Y.: Model checking of safety properties. Formal Methods in System Design 19(3), 291–314 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: The maude 2.0 system. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 76–87. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Gaudel, M.-C., James, P.R.: Testing algebraic data types and processes: A unifying theory. Formal Asp. Comput. 10(5-6), 436–451 (1998)zbMATHCrossRefGoogle Scholar
  25. 25.
    Angluin, D.: Inference of reversible languages. Journal of the ACM 29(3), 741–765 (1982)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Martijn Oostdijk
    • 1
    • 4
    • 5
  • Vlad Rusu
    • 2
  • Jan Tretmans
    • 1
    • 3
  • R. G. de Vries
    • 1
  • T. A. C. Willemse
    • 1
    • 4
  1. 1.Radboud University, Nijmegen, NL 
  2. 2.Irisa/Inria Rennes, FR 
  3. 3.Embedded Systems Institute, Eindhoven, NL 
  4. 4.Eindhoven University of Technology, NL 
  5. 5.Riscure, Delft, NL 

Personalised recommendations