Efficient construction of machine-checked symbolic protocol security proofs

Meier, Simon; Cremers, Cas; Basin, David

doi:10.3233/jcs-2012-0455

Cited by 11 publications

(17 citation statements)

References 39 publications

(78 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use a version [34] of the SCYTHER-PROOF tool [30] to generate proofs of the authentication properties. Given a description of a protocol and its security properties, the tool generates a proof script that is afterwards automatically checked by the Isabelle/HOL theorem prover [33].…”

Section: Generating Machine-checked Correctness Proofsmentioning

confidence: 99%

“…The interpretation mapping a message pattern to its corresponding message in the context of a thread i and the variable store σ is modeled by the family of partial functions inst σ,i : Pat Msg. In the semantics presented in [30,31], these functions were total. However, we now use partial functions because the lookup of a shared symmetric long-term key always fails if one of the variables is not instantiated to an agent name.…”

Section: A1 Bidirectional Keysmentioning

confidence: 99%

“…To generate the correctness proofs, we first extend the SCYTHER-PROOF tool [30] to handle bidirectional keys and injective authentication properties. We then use the tool to generate proof scripts that are checked independently by the Isabelle/HOL theorem prover.…”

Section: Introductionmentioning

confidence: 99%

“…will use the related SCYTHER-PROOF tool [30] to generate machine-checked proofs of the corrected versions. SCYTHER performs an automatic analysis of security protocols in a Dolev-Yao style model, for an unbounded number of instances.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Provably repairing the ISO/IEC 9798 standard for entity authentication1

Basin

Cremers

Meier

2013

JCS

Self Cite

View full text Add to dashboard Cite

We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even the most basic authentication guarantees. We analyze the cause of these weaknesses, propose repaired versions of the protocols, and provide automated, machine-checked proofs of their correctness. From an engineering perspective, we propose two design principles for security protocols that suffice to prevent all the weaknesses. Moreover, we show how modern verification tools can be used for the falsification and certified verification of security standards. Based on our findings, the ISO working group responsible for the ISO/IEC 9798 standard has released an updated version of the standard.

show abstract

Section: Generating Machine-checked Correctness Proofsmentioning

confidence: 99%

Section: A1 Bidirectional Keysmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Provably repairing the ISO/IEC 9798 standard for entity authentication1

Basin

Cremers

Meier

2013

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Over the past decade, we have conducted numerous case studies with model-checking tools for security protocols, some of which we have developed ourselves. [1][2][3][4] Our analysis shows that many standards su er from security weaknesses, including basic mistakes and well-known aws. In some cases, these weaknesses have been quite serious.…”

mentioning

confidence: 98%

Improving the Security of Cryptographic Protocol Standards

Basin

Cremers

Miyazaki

et al. 2015

IEEE Secur. Privacy

Self Cite

View full text Add to dashboard Cite

show abstract

A Hybrid Analysis for Security Protocols with State

Ramsdell

Dougherty

Guttman

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Cryptographic protocols rely on message-passing to coordinate activity among principals. Many richly developed tools, based on wellunderstood foundations, are available for the design and analysis of pure message-passing protocols. However, in many protocols, a principal uses non-local, mutable state to coordinate its local sessions. Cross-session state poses difficulties for protocol analysis tools.We provide a framework for modeling stateful protocols, and a hybrid analysis method. We leverage theorem-proving-specifically, PVS-for reasoning about computations over state. An "enrich-byneed" approach-embodied by CPSA-focuses on the message-passing part. The Envelope Protocol, due to Mark Ryan furnishes a case study.Protocol analysis is largely about message-passing in a model in which every message transmitted is made available to the adversary. The adversary can deliver the messages transmitted by the regular (i.e. compliant) principals, if desired, or not. The adversary can also retain them indefinitely, so that in the future he can deliver them, or messages built from them, repeatedly.However, some protocols also interact with long-term state.

show abstract

Efficient construction of machine-checked symbolic protocol security proofs

Cited by 11 publications

References 39 publications

Provably repairing the ISO/IEC 9798 standard for entity authentication1

Provably repairing the ISO/IEC 9798 standard for entity authentication1

Improving the Security of Cryptographic Protocol Standards

A Hybrid Analysis for Security Protocols with State

Contact Info

Product

Resources

About