Abstract
We propose a direct and fully automated translation from standard security protocol descriptions to rewrite rules. This compilation defines non-ambiguous operational semantics for protocols and intruder behavior: they are rewrite systems executed by applying a variant of acnarrowing. The rewrite rules are processed by the theorem-prover daTac. Multiple instances of a protocol can be run simultaneously as well as a model of the intruder (among several possible). The existence of flaws in the protocol is revealed by the derivation of an inconsistency. Our implementation of the compiler CASRUL, together with the prover daTac, permitted us to derive security flaws in many classical cryptographic protocols.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
R. Anderson. Programming Satan’s computer. volume 1000 of Lecture Notes in Computer Science. Springer-Verlag. 148
L. Bachmair, N. Dershowitz, and D. Plaisted. Completion without Failure. In H. Aït-Kaci and M. Nivat, editors, Resolution of Equations in Algebraic Structures, Volume 2: Rewriting Techniques, pages 1–30. Academic Press inc., 1989. 152
L. Bachmair and H. Ganzinger. Associative-Commutative Superposition. In N. Dershowitz and N. Lindenstrauss, editors, Proc. 4th CTRS Workshop, Jerusalem (Israel), volume 968 of LNCS, pages 1–14. Springer-Verlag, 1995. 153
D. Basin. Lazy infinite-state analysis of security protocols. In Secure Networking — CQRE [Secure]’ 99, LNCS 1740, pages 30–42. Springer-Verlag, Berlin, 1999. 132
D. Bolignano. Towards the formal verification of electronic commerce protocols. In IEEE Computer Security Foundations Workshop, pages 133–146. IEEE Computer Society, 1997. 131, 142
D. Brand. Proving Theorems with the Modification Method. SIAM J. of Computing, 4:412–430, 1975. 152
J. Clark and J. Jacob. A survey of authentication protocol literature. http://www.cs.york.ac.uk/~jac/papers/drareviewps.ps, 1997. 131, 150, 151, 155
G. Denker, J. Meseguer, and C. Talcott. Protocol specification and analysis in Maude. In Formal Methods and Security Protocols, 1998. LICS’ 98 Workshop. 131, 133, 152
G. Denker and J. Millen. Capsl intermediate language. In Formal Methods and Security Protocols, 1999. FLOC’ 99 Workshop. 131, 132
N. Dershowitz and J.-P. Jouannaud. Handbook of Theoretical Computer Science, volume B, chapter 6: Rewrite Systems, pages 244–320. North-Holland, 1990. 133, 139
D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29:198–208, 1983. Also STAN-CS-81-854, May 1981, Stanford U. 133, 137
E. Domenjoud. A technical note on AC-unification. the number of minimal unifiers of the equation áx1 + … + áxp =AC βy1 + … + βyq. JAR, 8:39–44, 1992. 153
R. Focardi and R. Gorrieri. Cvs: A compiler for the analysis of cryptographic protocols. In 12th IEEE Computer Security Foundations Workshop. IEEE Computer Society, 1999. 131
J. Hsiang and M. Rusinowitch. Proving Refutational Completeness of Theorem-Proving Strategies: the Transfinite Semantic Tree Method. JACM, 38(3):559–587, July 1991. 152
J.-M. Hullot. Canonical forms and unification. In 5th International Conference on Automated Deduction, volume 87, pages 318–334. Springer-Verlag, LNCS, july 1980. 131, 137
D. E. Knuth and P. B. Bendix. Simple Word Problems in Universal Algebras. In J. Leech, editor, Computational Problems in Abstract Algebra, pages 263–297. Pergamon Press, Oxford, 1970. 152
G. Lowe. Casper: a compiler for the analysis of security protocols. Journal of Computer Security, 6(1):53–84, 1998. 131, 132, 132, 133, 136
G. Lowe. Towards a completeness result for model checking of security protocols. In 11th IEEE Computer Security Foundations Workshop, pages 96–105. IEEE Computer Society, 1998. 134
C. Meadows. Applying formal methods to the analysis of a key management protocol. Journal of Computer Security, 1(1):5–36, 1992. 133
C. Meadows. The NRL protocol analyzer: an overview. Journal of Logic Programming, 26(2):113–131, 1996. 133
J. Millen. CAPSL: Common Authentication Protocol Specification Language. Technical Report MP 97B48, The MITRE Corporation, 1997. 132, 132, 133
J. Mitchell, M. Mitchell, and U. Stern. Automated analysis of cryptographic protocols using Murö. In IEEE Symposium on Security and Privacy, pages 141–154. IEEE Computer Society, 1997. 131
R. Nieuwenhuis and A. Rubio. Paramodulation-based theorem proving. In J.A. Robinson and A. Voronkov, editors, Handbook of Automated Reasoning. Elsevier Science Publishers, 2000. 152
L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1):85–128, 1998. 131
G. Peterson and M. E. Stickel. Complete sets of reductions for some equational theories. JACM, 28:233–264, 1981. 153
G. Plotkin. Building-in equational theories. Machine Intelligence, 7:73–90, 1972. 152
G. A. Robinson and L. T. Wos. Paramodulation and First-Order Theorem Proving. In B. Meltzer and D. Mitchie, editors, Machine Intelligence 4, pages 135–150. Edinburgh University Press, 1969. 152
A. W. Roscoe. Modelling and verifying key-exchange protocols using CSP and FDR. In 8th IEEE Computer Security Foundations Workshop, pages 98–107. IEEE Computer Society, 1995. 132
M. Rusinowitch and L. Vigneron. Automated Deduction with Associative-Commutative Operators. Applicable Algebra in Engineering, Communication and Computation, 6(1):23–56, January 1995. 152, 153
B. Schneier. Applied Cryptography. John Wiley, 1996. 133
J. R. Slagle. Automated Theorem-Proving for theories with Simplifiers, Commutativity and Associativity. JACM, 21(4):622–642, 1974. 152
P. Syverson, C. Meadows, and I. Cervesato. Dolev-Yao is no better than Machiavelli. In WITS’00. Workshop on Issues in the Theory of Security, 2000. 146
L. Vigneron. Positive deduction modulo regular theories. In Proceedings of Computer Science Logic, Paderborn (Germany), pages 468–485. LNCS 1092, Springer-Verlag, 1995. 131, 152, 152
C. Weidenbach. Towards an automatic analysis of security protocols. In Proceedings of the 16th International Conference on Automated Deduction, pages 378–382. LNCS 1632, Springer-Verlag, 1999. 131
U. Wertz. First-Order Theorem Proving Modulo Equations. Technical Report MPI-I-92-216, MPI Informatik, April 1992. 153
T. Woo and S. Lam. A semantic model for authentication protocols. In IEEE Symposium on Research in Security and Privacy, pages 178–194. IEEE Computer Society, 1993. 134, 147
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jacquemard, F., Rusinowitch, M., Vigneron, L. (2000). Compiling and Verifying Security Protocols. In: Parigot, M., Voronkov, A. (eds) Logic for Programming and Automated Reasoning. LPAR 2000. Lecture Notes in Artificial Intelligence(), vol 1955. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44404-1_10
Download citation
DOI: https://doi.org/10.1007/3-540-44404-1_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41285-4
Online ISBN: 978-3-540-44404-6
eBook Packages: Springer Book Archive