Secrecy Analysis in Protocol Composition Logic
نویسندگان
چکیده
We present formal proof rules for inductive reasoning about the way thatdata transmitted on the network remains secret from a malicious attacker. Extendinga compositional protocol logic with an induction rule for secrecy, we prove sound-ness for a conventional symbolic protocol execution model, adapt and extend previ-ous composition theorems, and illustrate the logic by proving properties of two keyagreement protocols. The first example is a variant of the Needham-Schroeder pro-tocol that illustrates the ability to reason about temporary secrets. The second ex-ample is Kerberos V5. The modular nature of the secrecy and authentication proofsfor Kerberos make it possible to reuse proofs about the basic version of the protocolfor the PKINIT version that uses public-key infrastructure instead of shared secretkeys in the initial steps.
منابع مشابه
Formal Analysis of Security Protocols: Protocol Composition Logic a Dissertation Submitted to the Department of Computer Science and the Committee on Graduate Studies of Stanford University in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy
We develop Protocol Composition Logic (PCL) – a Floyd-Hoare style logic for axiomatic proofs of protocol properties that is sound with respect to the standard symbolic model of protocol execution and attack. PCL can express temporal ordering of actions and knowledge, naturally capturing security properties such as authentication and secrecy. The induction rule for proving invariants and the com...
متن کاملProtocol Composition Logic
Protocol Composition Logic (PCL) is a logic for proving authentication and secrecy properties of network protocols. This chapter presents the central concepts of PCL, including a protocol programming language, the semantics of protocol execution in the presence of a network attacker, the syntax and semantics of PCL assertions, and axioms and proof rules for proving authentication properties. Th...
متن کاملD4.3 Tool Support for Evolution-Aware Security Checks and Monitor Generation
The composition of processes is in general not secrecy pre-serving under the Dolev-Yao attacker model. In this paper, we describean algorithmic decision procedure which determines whether the com-position of secrecy preserving processes is still secrecy preserving. As acase-study we consider a variant of the TLS protocol where, even thoughthe client and server considered sep...
متن کاملAutomatic Verification of Cryptographic Protocols in First-Order Logic
In this paper, a new first-order logical framework and method of formalizing and verifying cryptographic protocols is presented. From the point of view of an intruder, the protocol and abilities of the intruder are modeled in Horn clauses. Based on deductive reasoning method, secrecy of cryptographic protocols is verified automatically, and if the secrecy is violated, attack scenarios can be pr...
متن کاملTowards computationally sound symbolic analysis of key exchange protocols ( extended abstract )
We present a cryptographically sound formal method for proving correctness of key exchange protocols. Our main tool is a fragment of a symbolic protocol logic. We demonstrate that proofs of key agreement and key secrecy in this logic imply simulatability in Shoup’s secure multi-party framework for key exchange. As part of the logic, we present cryptographically sound abstractions of CMA-secure ...
متن کامل