Richard A. Kemmerer. Analyzing encryption protocols using formal veri cation techniques. IEEE Journal on Selected Areas in Communications, 7(4):448-457, May 1989.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....protocols have been adapted for establishing the secrecy authenticity of the cryptographic protocols. Approaches can be broadly categorized as follows: 1) State Machine Models [11, 14] 2) Calculus Based Models [1] 3) Methods Based on Belief Logics [5] and (4) Theorem Prover based Methods [8, 3, 16, 4, 19, 9]. 17] provides an annotated bibliography. In the area provably correct systems, there have been quite considerable efforts in the speci cation and veri cation of reactive systems [7] The family of synchronous languages [2] has been well studied for the design and synthesis of provably correct ....

R. Kemmerer, Analyzing encryption protocols using formal veri cation techniques, IEEE J. on Selected Areas in Communications, 7(4), (1989) 448-457.

....A typical cancellation rule is D(E(m) m. This abstraction simplifies proofs of larger protocols considerably, and it gave rise to a large body of literature on analyzing the security of protocols using techniques for formal verification of computer programs (a very partial list of work includes [29, 26, 20, 9, 27, 21, 24, 33, 39, 1]) Since this line of work turned out to be very successful, the interesting question arose whether these abstractions are indeed justified from the view of cryptography, i.e. whether properties proved for the abstractions are still valid for the cryptographic implementation. Abadi et al. ....

R. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448--457, 1989.

....of cryptography are used. They are almost always based on the so called Dolev Yao model [10] This model simplifies proofs of larger protocols considerably and gave rise to a large body of literature on analyzing the security of protocols using various techniques for formal verification, e.g. [19, 17, 14, 7, 21, 1]. A prominent example demonstrating the usefulness of the formal methods approach is the work of Lowe [15] where he found a man in the middle attack on the well known Needham Schroeder publickey protocol [20] Lowe later proposed a repaired version of the protocol [16] and used the model checker ....

R. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448--457, 1989.

....for the abstract protocol, they also hold for the real protocol. Related work The Dolev Yao model is from [16] Cryptographic definitions of public key encryption and signature schemes were developed in [38, 20, 15, 21] First automated proof tools based on the Dolev Yao model were presented in [30, 28, 24]. Early examples of the large body of work of embedding the Dolev Yao model in standard tools are [1, 27] Simulatability, the basic notion for comparing an abstract and a real system, was first invented for multi party function evaluation [37, 19, 7, 29, 9] i.e. systems with only one initial ....

R. Kemmerer. Analyzing encryption protocols using formal verfication techniques. IEEE Journal on Selected Areas in Communications, 7(4):448 457, 1989.

....are both consistent and they have both been useful, but they come from two mostly separate communities and they are quite di#erent. In one of them, cryptographic operations are seen as functions on a space of symbolic (formal) expressions; their security properties are also modeled formally (e.g. [5, 13, 16 18, 28 30, 32, 34 37, 41]) In the other, cryptographic operations are seen as functions on strings of bits; their security properties are defined in terms of the probability and computational complexity of successful attacks (e.g. 7 9, 11, 22 26, 44] There is an uncomfortable gap between these two views. In ....

....Thus, the idealized security properties of encryption are modeled (rather than defined) They are built into the model of computation on expressions. This body of literature starts with the work of Dolev and Yao [17] DeMillo, Lynch, and Merritt [15] Millen, Clark, and Freedman [35] Kemmerer [30], Burrows, Abadi, and Needham [13] and Meadows [34] It includes many di#erent agendas and approaches, with a variety of techniques from the fields of rewriting, modal logic, process algebra, and others. Over the years, it has been used in the design of protocols, it has helped develop confidence ....

Richard A. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448--457, May 1989.

....used for I O automata differ greatly from the usual process algebraic notations and methods; notably, work based on I O automata uses explicit, structured representations of automaton states. Many researchers have stated and proved invariant assertions for security protocols (see, for example, [19, 36, 33, 30]) On the other hand, simulation relations have not been used much in prior work on reasoning about security protocols. An example of work using simulation relation ideas is the work on safe simplifying transformations by Hui and Lowe [18] Also, Abadi and co workers have used simulation ....

....value resulting from applying an easy function (one in EN C ) to values in has may be added to has . We restrict the reveal(u) output so that u 2 has , that is, Eve can only report a value that it has . Similar treatments of known information appear elsewhere in the literature, for example, in [12, 19, 28, 27]. Eve(C; P; A) eavesdrop(u) p;q;a , u 2 set C , p; q 2 P , p 6= q, a 2 A learn(u)a , u 2 set C , a 2 A reveal (u)a , u 2 set C , a 2 A compute(u; f)a , f 2 EN C , a 2 A has set C , initially ; u 2 has compute(u; f)a fu1 ; ukg s:has u = f(u1 ; uk ) ....

Richard A. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448--457, May 1989.

....complex problem and has gained much interest among scientists in recent years. It is difficult to handle these problems without some sort of formal or semiformal approach. For that reason, several methods for formal design and analysis of security architectures have recently been introduced, e.g. [4, 11, 5]. These methods use formal notations, which are usually based on first order predicate calculus and a proof theory. The drawback of most methods known in the literature is that they are all concerned with analysis of protocols after these have already been designed and not during the process of ....

Kemmerer R. A., Analyzing Encryption Protocols Using Formal Verification Techniques, IEEE Journal on Selected Areas in Communications, Vol. 7, No. 4, May 1989.

....E Mail: teshrim ucdavis.edu 1 on strings at all. Instead, typically, they see encryption as a formal symbol, the properties of which are modeled (not de ned) by the manner in which this formal symbol may be manipulated. There are many such formal views towards cryptography; see, for example, [9, 17, 12, 6, 16, 15, 18, 2]. Building bridges. Quite recently, some work has emerged which starts to bridge the computational view and the formal one. Lincoln, Mitchell, Mitchell and Scedrov [14] develop a formal model that blends in computational aspects. P tzmann, Schunter and Waidner [19] and then P tzmann and Waidner ....

Richard A. Kemmerer. Analyzing encryption protocols using formal verication techniques. IEEE Journal on Selected Areas in Communications, 7(4):448-457, May 1989.

....of relying on well defined and largely used techniques. For example, formal verification can be done using theorem provers or simplifiers for standard logics which may take advantage of all research in the area of automatic or assisted proving. The main approaches are the approach of Kemmerer [16] based on the formal specification language Ina Jo, the approach of Chen and Glicor [11] also based on the Ina Jo specification language, but using the BAN logic [9] to model belief, Bieber s approach [6] based on the for mal specification language B [2] and finally the approach of Meadows [19, ....

....section we compare the proposed approach with formal method based approaches and modal logic based approaches. Among formal method based approaches some use proof based techniques. This is the case with the proposed approach. A good representative of this kind of approaches is Kemmerer s approach [16]. First general authentication properties which cannot be expressed as simple invariant properties, cannot be handled using Kemmerer s approach. Another significant difference comes from the fact that no specific modeling and axiomatization of the intruder knowledge is used. This is indeed a ....

R.A. Kemmerer. Analyzing encryption protocols using formal verification techniques. In IEEE Journal on Selected Areas in Communications, volume 7(4), 1989.

No context found.

Richard A. Kemmerer. Analyzing encryption protocols using formal veri cation techniques. IEEE Journal on Selected Areas in Communications, 7(4):448-457, May 1989.

No context found.

R. A. Kemmerer, "Analyzing Encryption Protocols using Formal Verification Techniques", IEEE Journal on Selected Areas in Communications, 7(4):448457, 1989.

No context found.

R. A. Kemmerer, "Analyzing Encryption Protocols using Formal Verification Techniques", IEEE Journal on Selected Areas in Communications, 7(4):448-457, 1989.

No context found.

R. A. Kemmerer, "Analyzing Encryption Protocols using Formal Verification Techniques", IEEE J. on Selected Areas in Communications, 7(4):448-457, 1989.

No context found.

R. A. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7, 1989.

No context found.

R.A. Kemmerer, Analyzing Encryption Protocols Using Formal Verification Techniques. IEEE J. Selected Areas in Comm, 7(4), 1989, 448-457.

No context found.

R. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448--457, 1989.

No context found.

R. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448--457, 1989.

No context found.

R. A. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7, 1989.

No context found.

R. A. Kemmerer, "Analyzing Encryption Protocols using Formal Verification Techniques", IEEE J. on Selected Areas in Communications, 7(4):448-457, 1989.

No context found.

R. A. Kemmerer, "Analyzing Encryption Protocols using Formal Verification Techniques", IEEE Journal on Selected Areas in Communications, 7(4):448457, 1989.

No context found.

R. A. Kemmerer, "Analyzing Encryption Protocols using Formal Verification Techniques", IEEE Journal on Selected Areas in Communications, 7(4):448-457, 1989.

No context found.

R. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448--457, 1989.

No context found.

R. A. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7. 1989.

No context found.

R. A. Kemmerer, Analyzing Encryption Protocols Using Formal Veri#cation Techniques, IEEE Journal on SelectedAreas in Communications. Vol.7, No.4 #May 1989

No context found.

Kemmerer, Richard A., "Analyzing Encryption Protocols Using Formal Verification Techniques", IEEE Journal on Selected Areas in Communication, Volume 7, Number 4, May 1989, pp. 448-457.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC