Prudent engineering practice for cryptographic protocols

Prudent Engineering Practice for Cryptographic Protocols - Software Engineering, IEEE Transactions on

We present principles for designing cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have prevented a number of published errors. Our principles are informal guidelines; they complement formal methods, but do not assume them. In order to demonstrate the actual applicability of these guidelines...

A Method for Patching Interleaving-Replay Attacks in Faulty Security Protocols

The verification of security protocols has attracted a lot of interest in the formal methods community, yielding two main verification approaches: i) state exploration, e.g. FDR [8] and OFMC [2]; and ii) theorem proving, e.g. the Isabelle inductive method [12] and Coral [13]. Complementing formal methods, Abadi and Needham’s principles aim to guide the design of security protocols in order to m...

A METHODOLOGY FOR MECHANICALLY VERIFYING PROTOCOLS USING AN AUTHENTICATION LOGIC Munna

This paper describes a methodology that can be used for rigorously developing authentication protocols for distributed systems. It is based on the logic of authentication proposed by Lampson et al. We implemented the logic of authentication using Higher Order Logic (HOL) as the theorem prover. Based on this implementation, a methodology was developed for analyzing authentication protocols for d...

A Java Beans Component Architecture for Cryptographic Protocols

Global networking has brought with it both new opportunities and new security threats on a worldwide scale. Since the Internet is inherently insecure, secure cryptographic protocols and a public key infrastructure are needed. In this paper we introduce a protocol component architecture that is well suited for the implementation of telecommunications protocols in general and cryptographic protoc...

Encapsulating Rules of Prudent Security Engineering