Skip to main content
SpringerLink
Log in

Verification of Security Protocols

  • Conference paper
Verification, Model Checking, and Abstract Interpretation (VMCAI 2009)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5403))

Abstract

Security protocols are short programs aiming at securing communications over a network. They are widely used in our everyday life. They may achieve various goals depending on the application: confidentiality, authenticity, privacy, anonymity, fairness, etc. Their verification using symbolic models has shown its interest for detecting attacks and proving security properties. A famous example is the Needham-Schroeder protocol [23] on which G. Lowe discovered a flaw 17 years after its publication [20]. Secrecy preservation has been proved to be co-NPcomplete for a bounded number of sessions [24], and decidable for an unbounded number of sessions under some additional restrictions (e.g. [3,12,13,25]). Many tools have also been developed to automatically verify cryptographic protocols like [8,21].

This work has been partially supported by the ARA project AVOTÉ and the ARA SSIA FormaCrypt.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Blanchet, B., Fournet, C.: Just fast keying in the pi calculus. ACM Transactions on Information and System Security (TISSEC) 10(3), 1–59 (2007)

    Article  MATH  Google Scholar 

  2. Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology 2, 103–127 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  3. Amadio, R., Charatonik, W.: On name generation and set-based analysis in the dolev-yao model. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 499–514. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  4. Backes, M., Pfitzmann, B.: Limits of the cryptographic realization of dolev-yao-style xor. In: de Capitanidi Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 336–354. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Backes, M., Pfitzmann, B.: Relating cryptographic und symbolic key secrecy. In: 26th IEEE Symposium on Security and Privacy, Oakland, CA, pp. 171–182 (2005)

    Google Scholar 

  6. Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations (extended abstract). In: Proc. of 10th ACM Conference on Computer and Communications Security (CCS 2005), pp. 220–230 (2003)

    Google Scholar 

  7. Backes, M., Unruh, D.: Computational soundness of symbolic zero-knowledge proofs against active attackers. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF 2008), Pittsburgh, PA, USA, June 2008, pp. 255–269. IEEE Computer Society Press, Los Alamitos (2008)

    Chapter  Google Scholar 

  8. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proc. of the 14th Computer Security Foundations Workshop (CSFW 2001). IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  9. Blanchet, B.: From secrecy to authenticity in security protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 242–259. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Blanchet, B.: An automatic security protocol verifier based on resolution theorem proving (invited tutorial). In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS, vol. 3632, Springer, Heidelberg (2005)

    Google Scholar 

  11. Blanchet, B., Chaudhuri, A.: Automated formal analysis of a protocol for secure file sharing on untrusted storage. In: IEEE Symposium on Security and Privacy, Oakland, CA, May 2008, pp. 417–431. IEEE Computer Society Press, Los Alamitos (2008)

    Google Scholar 

  12. Blanchet, B., Podelski, A.: Verification of cryptographic protocols: Tagging enforces termination. In: Gordon, A.D. (ed.) FOSSACS 2003. LNCS, vol. 2620, pp. 136–152. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Comon-Lundh, H., Cortier, V.: New decidability results for fragments of first-order logic and application to cryptographic protocols. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 148–164. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  14. Cortier, V., Kremer, S., Küsters, R., Warinschi, B.: Computationally sound symbolic secrecy in the presence of hash functions. In: Arun-Kumar, S., Garg, N. (eds.) FSTTCS 2006. LNCS, vol. 4337, pp. 176–187. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Cortier, V., Warinschi, B.: Computationally Sound, Automated Proofs for Security Protocols. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 157–171. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  16. Cortier, V., Zalinescu, E.: Deciding key cycles for security protocols. In: Hermann, M., Voronkov, A. (eds.) LPAR 2006. LNCS, vol. 4246, pp. 317–331. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Datta, A., Derek, A., Mitchell, J.C., Shmatikov, V., Turuani, M.: Probabilistic Polynomial-time Semantics for a Protocol Security Logic. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 16–29. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of bounded security protocols. In: Proc. of the Workshop on Formal Methods and Security Protocols (1999)

    Google Scholar 

  19. Galindo, D., Garcia, F.D., van Rossum, P.: Computational soundness of non-malleable commitments. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 361–376. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  20. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  21. Lowe, G.: Casper: A compiler for the analysis of security protocols. In: Proc. of 10th Computer Security Foundations Workshop (CSFW 1997), Rockport, Massachusetts, USA. IEEE Computer Society Press, Los Alamitos (1997); Also in Journal of Computer Security 6, 53–84 (1998)

    Google Scholar 

  22. Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc. of the 8th ACM Conference on Computer and Communications Security (CCS 2001) (2001)

    Google Scholar 

  23. Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communication of the ACM 21(12), 993–999 (1978)

    Article  MATH  Google Scholar 

  24. Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theoretical Computer Science 299, 451–475 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  25. Seidl, H., Verma, K.N.: Flat and one-variable clauses: Complexity of verifying cryptographic protocols with single blind copying. In: Baader, F., Voronkov, A. (eds.) LPAR 2004. LNCS, vol. 3452, pp. 79–94. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  26. Warinschi, B.: A computational analysis of the Needham-Schroeder protocol. In: Proc. 16th IEEE Computer Science Foundations Workshop (CSFW 2003), pp. 248–262 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LORIA, CNRS, Nancy, France

    Véronique Cortier

Authors
  1. Véronique Cortier
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. (Emeritus University of Copenhagen), Bukkeballevej 88, 2960, Rungsted, Denmark

    Neil D. Jones

  2. Institut für Informatik, Fachbereich Mathematik und Informatik, Westfälische Wilhelms-Universität, 48149, Münster, Germany

    Markus Müller-Olm

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cortier, V. (2008). Verification of Security Protocols. In: Jones, N.D., Müller-Olm, M. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2009. Lecture Notes in Computer Science, vol 5403. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-93900-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-93900-9_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-93899-6

  • Online ISBN: 978-3-540-93900-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation