Automated analysis of security protocols

Cryptographic protocols such as IKE, SET, TLS, Kerberos have been developed to secure electronic transactions. However the design of such protocols often appears to be problematic even assuming that the cryptographic primitives are perfect, i.e. even assuming we cannot decrypt a message without the right key. An intruder may intercept messages, analyse them, modify them with low computing power and then carry out malevolent actions. This may lead to a variety of attacks such as well-known Man-In-The-Middle attacks. Even in this abstract model, the so-called Dolev-Yao model, protocol analysis is complex since the set of states to consider is huge or infinite. One should consider messages of any size, infinite number of sessions. The interleaving of parallel sessions generates a large search space. Also when we try to slightly relax the perfect encryption hypothesis by taking into account some algebraic properties of operators then the task gets even more difficult. We have developed in Cassis/LORIA team several translation and constraint solving techniques for automating protocol analysis in Dolev-Yao model and some moderate extensions of it. Protocol specifications as they can be found in white papers are compiled by the CASRUL system [8,2] and then are passed on decision procedures for checking whether they are exposed to flaws 1 .