Protocol Composition Logic (PCL)

Datta, Anupam; Derek, Ante; Mitchell, John C.

doi:10.1016/j.entcs.2007.02.012

Cited by 155 publications

(108 citation statements)

References 50 publications

Supporting

Mentioning

106

Contrasting

Order By: Relevance

“…For a summary of the proof system and the proof of soundness of the axioms and the rules, we refer the reader to [9,38,19]. Most protocol proofs use formulas of the form θ[P ] X φ, which means that starting from a state where formula θ is true, after actions P are executed by the thread X, the formula φ is true in the resulting state.…”

Section: Overview Of Proof Methodsmentioning

confidence: 99%

“…As a model checker, Murϕ is well suited for finding flaws but is insufficient to prove the correctness of a protocol. So to compliment Murϕ we use Protocol Composition Logic (PCL) [9] as a proof tool. Murϕ was useful in detecting some of the problems with the protocol specification as we first encountered it, while PCL was useful for proving that the fixes we suggested, and which were subsequently adopted, are correct.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Analysis of EAP-GPSK Authentication Protocol

Mitchell

Rowe

Scedrov

2008

Applied Cryptography and Network Security

Self Cite

View full text Add to dashboard Cite

Abstract. The EAP-GPSK protocol is a lightweight, flexible authentication protocol relying on symmetric key cryptography. It is part of an ongoing IETF process to develop authentication methods for the EAP framework. We analyze the protocol and find three weaknesses: a repairable Denial-of-Service attack, an anomaly with the key derivation function used to create a short-term master session key, and a ciphersuite downgrading attack. We propose fixes to these anomalies, and use a finite-state verification tool to search for remaining problems after making these repairs. We then prove the fixed version correct using a protocol verification logic. We discussed the attacks and our suggested fixes with the authors of the specification document which has subsequently been modified to include our proposed changes.

show abstract

Section: Overview Of Proof Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Analysis of EAP-GPSK Authentication Protocol

Mitchell

Rowe

Scedrov

2008

Applied Cryptography and Network Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…This is however pathologic, and is a consequence of ignoring the fact that k 1 , if created by the adversary, cannot correlate with n 1 , which was not yet sent around. Furthermore, this seems to contradict their axiom (which though does not appear in their computational PCL papers) saying that FirstSend(X, t, t ′ ) ∧ a(Y, t ′′ ) → Send(X, t ′ ) < a(Y, t ′′ ) where X ̸ = Y and t subterm of t ′′ (meaning in our case that the first send action of A sending N had to occur before B could do anything with N ) in Section 4.7 of [14]. This problem persists even if such a coincidence cannot be efficiently computed.…”

Section: Our Semantics and Computational Pclmentioning

confidence: 99%

Computational Semantics for First-Order Logical Analysis of Cryptographic Protocols

Bana

Hasebe

Okada

2009

Formal to Practical Security

View full text Add to dashboard Cite

Abstract. This paper is concerned about relating formal and computational models of cryptography in case of active adversaries when formal security analysis is done with first order logic As opposed to earlier treatments, we introduce a new, fully probabilistic method to assign computational semantics to the syntax. The idea is to make use of the usual mathematical treatment of stochastic processes, hence be able to treat arbitrary probability distributions, non-negligible probability of collision, causal dependence or independence, and so on. We present this via considering a simple example of such a formal model, the Basic Protocol Logic by K. Hasebe and M. Okada [20], but we think the technique is suitable for a wide range of formal methods for protocol correctness proofs. We first review our framework of proof-system, BPL, for proving correctness of authentication protocols, and provide computational semantics. Then we give a full proof of the soundness theorem. We also comment on the differences of our method and that of Computational PCL.

show abstract

“…The analysis of cryptographic protocols [12,29,17,26,14,6,4,15] has been an active area of research. Compared with cryptographic protocols, secure routing protocols have to deal with arbitrary network topologies and the programs of the protocols are more complicated: they may access local storage and commonly include recursive computations.…”

Section: Related Workmentioning

confidence: 99%

A Program Logic for Verifying Secure Routing Protocols

Chen

Jia

et al. 2014

Formal Techniques for Distributed Objects, Components, and Systems

View full text Add to dashboard Cite

Abstract. The Internet, as it stands today, is highly vulnerable to attacks. However, little has been done to understand and verify the formal security guarantees of proposed secure inter-domain routing protocols, such as Secure BGP (S-BGP). In this paper, we develop a sound program logic for SANDLog-a declarative specification language for secure routing protocols-for verifying properties of these protocols. We prove invariant properties of SANDLog programs that run in an adversarial environment. As a step towards automated verification, we implement a verification condition generator (VCGen) to automatically extract proof obligations. VCGen is integrated into a compiler for SANDLog that can generate executable protocol implementations; and thus, both verification and empirical evaluation of secure routing protocols can be carried out in this unified framework. To validate our framework, we encoded several proposed secure routing mechanisms in SANDLog, verified variants of path authenticity properties by manually discharging the generated verification conditions in Coq, and generated executable code based on SANDLog specification and ran the code in simulation.

show abstract

Protocol Composition Logic (PCL)

Cited by 155 publications

References 50 publications

Analysis of EAP-GPSK Authentication Protocol

Analysis of EAP-GPSK Authentication Protocol

Computational Semantics for First-Order Logical Analysis of Cryptographic Protocols

A Program Logic for Verifying Secure Routing Protocols

Contact Info

Product

Resources

About