Validating Integrity for the Ephemerizer’s Protocol with CL-Atse

  • Charu Arora
  • Mathieu Turuani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5458)


It is usually very difficult in Computer Science to make an information “disappear” after a certain time, once it has been published or mirrored by servers world wide. This, however, is the goal of the IBM ephemerizer’s protocol by Radia Perlman. We present in this paper the general structure of the CL-Atse protocol analysis tool from the AVISPA’s tool-suite, and symbolic analysis of the ephemerizer’s protocol and its extensions using CL-Atse. This protocol allows transmitting a data which retrieval is guarantied to be impossible after a certain time. We show that this protocol is secure for this property plus the secrecy of the data, but is trivially non secure for its integrity. We model a standard integrity check as a first extension to this protocol, which is natural and close to common usage, and we present a second extension for integrity that is much less obvious and deeply integrated in the structure of the ephemerizer’s protocol. Then, we show that while the first extension guaranty the basic integrity property under certain conditions, the second one is much stronger and allows faster computations.


Security Protocol Security Property Cryptographic Protocol Expiration Time Asymmetric Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amadio, R., Lugiez, D., Vanackère, V.: On the symbolic reduction of processes with cryptographic functions. Theor. Comput. Sci. 290(1), 695–740 (2003)CrossRefzbMATHGoogle Scholar
  2. 2.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Team. The Avispa Tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Armando, A., Compagna, L.: An Optimized Intruder Model for SAT-based Model-Checking of Security Protocols. In: Proceedings of the Workshop on Automated Reasoning for Security Protocol Analysis (ARSPA 2004). ENTCS, vol. 125(1), pp. 91–108 (2005)Google Scholar
  4. 4.
    Arora, C.: The Ephemerizer’s specification files in HLPSL,
  5. 5.
    Baader, F., Schulz, K.U.: Unification in the Union of Disjoint Equational Theories: Combining Decision Procedures. Journal of Symbolic Computing 21(2), 211–243 (1996)CrossRefzbMATHGoogle Scholar
  6. 6.
    Basin, D., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. International Journal of Information Security 4(3), 181–208 (2005)CrossRefGoogle Scholar
  7. 7.
    Boichut, Y., Héam, P.-C., Kouchnarenko, O.: Automatic Verification of Security Protocols Using Approximations. INRIA Research Report RR-5727 (October 2005),
  8. 8.
    Blanchet, B.: An Ecient Cryptographic Protocol Verier Based on Prolog Rules. In: Proceedings of 14th IEEE Computer Security Foundations Workshop (CSFW). IEEE Computer Society, Los Alamitos (2001)Google Scholar
  9. 9.
    Boreale, M.: Symbolic trace analysis of cryptographic protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 667–681. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with xor. In: Proceedings of LICS 2003 (2003)Google Scholar
  11. 11.
    Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: Deciding the Security of Protocols with Diffie-Hellman Exponentiation and Products in Exponents. In: Pandya, P.K., Radhakrishnan, J. (eds.) FSTTCS 2003. LNCS, vol. 2914, pp. 124–135. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Chevalier, Y., Vigneron, L.: A Tool for Lazy Verification of Security Protocols. In: Proceedings of the Automated Software Engineering Conference (ASE 2001), IEEE CSP, Los Alamitos (2001)Google Scholar
  13. 13.
    Clark, J., Jacob, J.: A Survey of Authentication Protocol Literature: Version 1.0, November 17 (1997),
  14. 14.
    Corin, R., Etalle, S.: An improved constraint-based system for the verification of security protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 326–341. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Cremers, C.J.F.: Unbounded verification, falsification, and characterization of security protocols by pattern refinement. In: Proceedings of the 15th ACM conference on Computer and Communications Security. ACM, New York (2008)Google Scholar
  16. 16.
    Cremers, C., Lafourcade, P.: Comparing State Spaces in Automatic Protocol Verification. In: Proceedings of the Seventh International Workshop on Automated Verification of Critical Systems (AVoCS 2007), Elsevier Science Direct, Amsterdam (2007)Google Scholar
  17. 17.
    Dolev, D., Yao, A.C.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)CrossRefzbMATHGoogle Scholar
  18. 18.
    Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: Proceedings of DISCEX 2000, pp. 237–250. IEEE Computer Society Press, Los Alamitos (2000)Google Scholar
  19. 19.
    Millen, J., Shmatikov, V.: Symbolic protocol analysis with products and Diffie-Hellman exponentiation. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW 2003), pp. 47–61 (2003)Google Scholar
  20. 20.
    Perlman, R.: The Ephemerizer: Making Data Disappear. Technical report, Sun Labs (2005),
  21. 21.
    Rusinowitch, M., Turuani, M.: Protocol Insecurity with Finite Number of Sessions is NP-complete. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), pp. 174–190 (2001)Google Scholar
  22. 22.
    Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Charu Arora
    • 1
  • Mathieu Turuani
    • 2
  1. 1.Indian Institute of TechnologyDelhiIndia
  2. 2.Loria-INRIAVandoeuvre-lès-NancyFrance

Personalised recommendations