Proving Security Protocols Correct
نویسنده
چکیده
Security protocols use cryptography to set up private communication channels on an insecure network. Many protocols contain flaws, and because security goals are seldom specified in detail, we cannot be certain what constitutes a flaw. Thanks to recent work by a number of researchers, security protocols can now be analyzed formally. The paper outlines the problem area, emphasizing the notion of freshness. It describes how a protocol can be specified using operational semantics and properties proved by rule induction, with machine support from the proof tool Isabelle. The main example compares two versions of the Yahalom protocol. Unless the model of the environment is sufficiently detailed, it cannot distinguish the correct protocol from a flawed version. The paper attempts to draw some general lessons on the use of formalisms. Compared with model checking, the inductive method performs a finer analysis, but the cost of using it is greater.
منابع مشابه
A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملTool-supported Veriication of Cryptographic Protocols
The correct and awless design of cryptographic protocols is crucial for the security of network services. As security aws within such protocols are in general very hard to detect, their security properties must be formally veriied. A computer-supported prove is highly desirable, but formal techniques as well as automatic theorem provers are hard to use for a non-specialist. To ooer a user-frien...
متن کاملA Method for Patching Interleaving-Replay Attacks in Faulty Security Protocols
The verification of security protocols has attracted a lot of interest in the formal methods community, yielding two main verification approaches: i) state exploration, e.g. FDR [8] and OFMC [2]; and ii) theorem proving, e.g. the Isabelle inductive method [12] and Coral [13]. Complementing formal methods, Abadi and Needham’s principles aim to guide the design of security protocols in order to m...
متن کاملAn Empirical Analysis of Automated Verification of Wireless Security Protocols
Formal verification of security protocols is an important step in the design of security protocols. It helps to reduce the potential of designing faulty protocols and thus increases the confidence in their use. Automated techniques reduce the potential for human errors during verification. This paper presents an empirical study of an automated proving system on the analysis of two wireless comm...
متن کاملAnalysing layered security protocols
Many security protocols are built as the composition of an applicationlayer protocol and a secure transport protocol, such as TLS. There are many approaches to proving the correctness of such protocols. One popular approach is verification by abstraction, in which the correctness of the application-layer protocol is proven under the assumption that the transport layer satisfies certain properti...
متن کامل