Recent approaches to the analysis of crypto-protocols build on concepts which are well-established in the field of process algebras, such as labelled transition systems (Its) and observational semantics. We outline some recent work in this direction that stems from using cryptographic versions of the pi-calculus ¡ª most notably Abadi and Gordon’s spi-calculus — as protocol description languages. We show the impact of these approaches on a specific example, a simplified version of the Kerberos protocol.


Process calculi Reasoning about security Protocol verification Semantics Formal methods 


  1. [1]
    M. Abadi, A.D. Gordon. Reasoning about cryptographic protocols in the spi calculus. CONCUR’97, Proceedings (A. Mazurkiewicz, J. Winkowsky, Eds.), LNCS 1243, pp.59–73, Springer-Verlag, 1997.Google Scholar
  2. [2]
    M. Abadi, A.D. Gordon. A calculus for cryptographic protocols: The spi calculus. Information and Computation, 148 (1): 1–70, Academic Press, 1999.MATHGoogle Scholar
  3. [3]
    M. Boreale, R. De Nicola. Testing equivalence for mobile processes. Information and Computation, 120:279–303, Academic Press, 1995.Google Scholar
  4. [4]
    M. Boreale, R. De Nicola, R. Pugliese. Proof Techniques for Cryptographic Processes. In Proc. of the 14th IEEE Symposium Logic In Computer Science (LICS’99), IEEE Computer Society Press, pp.157–166, 1999. (Full paper available at: http: //music. dsi. unif i. it)Google Scholar
  5. [5]
    M. Burrows, M. Abadi, R. Needham. A Logic of Authentication. ACM Transactions on Computer Systems, 8 (1): 18–36, 1990.CrossRefMATHGoogle Scholar
  6. [6]
    R. De Nicola, M.C.B. Hennessy. Testing Equivalence for Processes. Theoretical Computers Science, 34:83–133, Elsevier, 1984.Google Scholar
  7. [7]
    G. Lowe. Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR. TACAS’96, Proceedings (T. Margaria, B. Steffen, Eds.), LNCS 1055, pp. 147–166, Springer-Verlag, 1996.Google Scholar
  8. [8]
    S.P. Miller, C. Neumann, J.I. Schiller, J.H. Saltzer. Kerberos authentication and authorization system. In Project Athena Technical Plan, Section E.2.1, MIT, 1987.Google Scholar
  9. [9]
    R. Milner. The Polyadic 7r-calculus: a Tutorial. In Logic and Algebra of Specification (F.L. Hamer, W. Brauer, H. Schwichtenberg, Eds. ), Springer-Verlag, 1993.Google Scholar
  10. [10]
    R. Milner, J. Parrow, D. Walker. A calculus of mobile processes, (Part I and II). Information and Computation, 100:1–77, Academic Press, 1992.Google Scholar
  11. [11]
    R. Milner, D. Sangiorgi. Barbed Bisimulation. ICALP’92, Proceedings (W. Kuich, Ed.), LNCS 623, pp.685–695, Springer-Verlag, 1992.Google Scholar
  12. [12]
    L.C. Paulson. Provin Security Protocols Correct. In Proc. of the 14th IEEE Symposium Logic In Computer Science (LICS’99), IEEE Computer Society Press, pp. 370–381, 1999.Google Scholar
  13. [13]
    S. Schneider. Verifying Authentication Protocols in CSP. IEEE Transactions on Software Engineering, 24 (8): 743–758, IEEE Computer Society Press, 1998.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2000

Authors and Affiliations

  • Michele Boreale
    • 1
  • Rocco De Nicola
    • 1
  • Rosario Pugliese
    • 1
  1. 1.Dipartimento di Sistemi e InformaticaUniversità di FirenzeItaly

Personalised recommendations