Computing Symbolic Models for Verifying Cryptographic Protocols
نویسندگان
چکیده
We consider the problem of automatically verifying infinite-state cryptographic protocols. Specifically, we present an algorithm that given a finite process describing a protocol in a hostile environment (trying to force the system into a “bad” state) computes a model of traces on which security properties can be checked. Because of unbounded inputs from the environment, even finite processes have an infinite set of traces; the main focus of our approach is the reduction of this infinite set to a finite set by a symbolic analysis of the knowledge of the environment. Our algorithm is sound (and we conjecture complete) for protocols with shared-key encryption/decryption that use arbitrary messages as keys; further it is complete in the common and important case in which the cryptographic keys are messages of bounded size.
منابع مشابه
Cryptographic Verification by Typing for a Sample Protocol Implementation
Type systems are effective tools for verifying the security of cryptographic protocols and implementations. They provide automation, modularity and scalability, and have been applied to large protocols. In this tutorial, we illustrate the use of types for verifying authenticity properties, first using a symbolic model of cryptography, then relying on a concrete computational assumption. (1) We ...
متن کاملVerifying Cryptographic Code in C: Some Experience and the Csec Challenge
The security of much critical infrastructure depends in part on cryptographic software coded in C, and yet vulnerabilities continue to be discovered in such software. We describe recent progress on checking the security of C code implementing cryptographic software. In particular, we describe projects that combine verification-condition generation and symbolic execution techniques for C, with m...
متن کاملASPASyA: an Automated tool for Security Protocol Analysis based on a Symbolic Approach
The quest for the formal certification of properties of security protocols is one of the most challenging research issues in the field of formal methods. It requires the development of formal models together with effective verification techniques, methods of detecting malicious behaviour, and so on. In this paper, we describes a formal methodology for verifying cryptographic protocols based on ...
متن کاملHow to prove security of communication protocols? A discussion on the soundness of formal models w.r.t. computational ones
Security protocols are short programs that aim at securing communication over a public network. Their design is known to be error-prone with flaws found years later. That is why they deserve a careful security analysis, with rigorous proofs. Two main lines of research have been (independently) developed to analyse the security of protocols. On the one hand, formal methods provide with symbolic ...
متن کاملA Compilation Method for the Verification of Temporal-Epistemic Properties of Cryptographic Protocols
We present a technique for automatically verifying cryptographic protocols specified in the mainstream specification language CAPSL. Our work is based on model checking multi-agent systems against properties given in AI logics. We present PC2IS, a compiler from CAPSL to ISPL, the input language of MCMAS, a symbolic model checker for MAS. The technique also reduces automatically the state space ...
متن کامل