Towards Producing Formally Checkable Security Proofs, Automatically

Goubault-Larrecq, Jean

doi:10.1109/csf.2008.21

Cited by 15 publications

(23 citation statements)

References 64 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast, our work, which is closer to the first kind of approach, shows that this proof generation procedure does indeed work in practice for many protocols, comparable to the results of [16]. We see the main benefit of our approach in the fact that we can indeed use the output of established verification tools dedicated to the domain of security protocols.…”

Section: Related and Future Workcontrasting

confidence: 42%

“…We see the main benefit of our approach in the fact that we can indeed use the output of established verification tools dedicated to the domain of security protocols. However, note that the work of [16] and ours have some major differences which makes results hard to compare. First, we consider a reference model where the protocol is modeled as a set of traces; the generated proofs are with respect to this reference model and all abstractions are merely part of the automatic tools.…”

Section: Related and Future Workmentioning

confidence: 89%

“…First, we consider a reference model where the protocol is modeled as a set of traces; the generated proofs are with respect to this reference model and all abstractions are merely part of the automatic tools. In contrast, [16] considers only one protocol model based on Horn clauses, close to the abstract model in our paper. Taking the soundness of all these abstractions for granted is a weakness of [16].…”

Section: Related and Future Workmentioning

confidence: 99%

“…The work most closely related to ours is a recent paper by Goubault-Larrecq who similarly considers generating proofs for an interactive theorem prover from the output of automated tools [16]. He considers a setting where the protocol and goal are given as a set S of Horn clauses; the tool output is a set S ∞ of Horn clauses that are in some sense saturated and such that the protocol has an attack iff a contradiction is derivable.…”

Section: Related and Future Workmentioning

confidence: 99%

See 3 more Smart Citations

Integrating Automated and Interactive Protocol Verification

Brucker¹,

Mödersheim

2010

Formal Aspects in Security and Trust

View full text Add to dashboard Cite

Abstract. A number of current automated protocol verification tools are based on abstract interpretation techniques and other over-approximations of the set of reachable states or traces. The protocol models that these tools employ are shaped by the needs of automated verification and require subtle assumptions. Also, a complex verification tool may suffer from implementation bugs so that in the worst case the tool could accept some incorrect protocols as being correct. These risks of errors are also present, but considerably smaller, when using an LCF-style theorem prover like Isabelle. The interactive security proof, however, requires a lot of expertise and time. We combine the advantages of both worlds by using the representation of the over-approximated search space computed by the automated tools as a "proof idea" in Isabelle. Thus, we devise proof tactics for Isabelle that generate the correctness proof of the protocol from the output of the automated tools. In the worst case, these tactics fail to construct a proof, namely when the representation of the search space is for some reason incorrect. However, when they succeed, the correctness only relies on the basic model and the Isabelle core.

show abstract

Section: Related and Future Workcontrasting

confidence: 42%

Section: Related and Future Workmentioning

confidence: 89%

Section: Related and Future Workmentioning

confidence: 99%

Section: Related and Future Workmentioning

confidence: 99%

See 2 more Smart Citations

Integrating Automated and Interactive Protocol Verification

Brucker¹,

Mödersheim

2010

Formal Aspects in Security and Trust

View full text Add to dashboard Cite

show abstract

“…As a result, sequences of games can sometimes be inferred automatically; yet, at the same time, the connection between CryptoVerif proofs and standard cryptographic proofs is not as strong as one would desire. Finally, CryptoVerif in its current form acts more like a proof engine than a proof checker, and thus does not comply with the objective of verifiable security-see however [17] for preliminary work on certifying successful runs of CryptoVerif. Courant et al [14] have also developed an automated prover for proving asymptotic security of encryption schemes based on one-way functions.…”

Section: Related Workmentioning

confidence: 99%

Beyond Provable Security Verifiable IND-CCA Security of OAEP

Barthe¹,

Grégoire²,

Lakhnech³

et al. 2011

Topics in Cryptology – CT-RSA 2011

View full text Add to dashboard Cite

Abstract. OAEP is a widely used public-key encryption scheme based on trapdoor permutations. Its security proof has been scrutinized and amended repeatedly. Fifteen years after the introduction of OAEP, we present a machine-checked proof of its security against adaptive chosenciphertext attacks under the assumption that the underlying permutation is partial-domain one-way. The proof can be independently verified by running a small and trustworthy proof checker and fixes minor glitches that have subsisted in published proofs. We provide an overview of the proof, highlight the differences with earlier works, and explain in some detail a crucial step in the reduction: the elimination of indirect queries made by the adversary to random oracles via the decryption oracle. We also provide-within the limits of a conference paper-a broader perspective on independently verifiable security proofs.

show abstract

Finite Models in FOL-Based Crypto-Protocol Verification

Jürjens

Weber

2009

Foundations and Applications of Security Analysis

View full text Add to dashboard Cite

Towards Producing Formally Checkable Security Proofs, Automatically

Cited by 15 publications

References 64 publications

Integrating Automated and Interactive Protocol Verification

Integrating Automated and Interactive Protocol Verification

Beyond Provable Security Verifiable IND-CCA Security of OAEP

Finite Models in FOL-Based Crypto-Protocol Verification

Contact Info

Product

Resources

About