S. Brackin. Evaluating and improving protocol analysis by automatic proof. In Proceedings of the 11th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, June 1998.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....interest in them has waned somewhat as state exploration systems have improved. However, they have an advantage in that they are usually decidable and often even efficiently computable, and thus can be completely automated, as has been shown by Brackin s Automated Authentication Protocol Analyzer [10]. More recently, research has focused on state exploration tools and theorem proving techniques based on the Dolev Yao model, much of it sparked by Lowe s demonstration that it was possible to use a general purpose model checker, FDR, to find a man inthe middle attack on the Needham Schroeder ....

....best now is the analysis of straight line key distribution and authentication protocols, in which the lowest level of abstraction used is a black box model of a cryptographic algorithm. For these types of protocols there now exist belief logic tools that can do provide a totally automated analysis [10]. On a somewhat deeper level there are a number of state based analysis tools that can do a more thorough analysis with minimal input from the user. High level languages like CAPSL [57] also make it easy to specify these protocols in a way usable by the tools. In an earlier version of this paper ....

S. Brackin. Evaluating and improving protocol analysis by automatic proof. In Proceedings of the 11th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, June 1998.

....way for design rules to synergize with protocol logics is to build design checks directly into the logic. Brackin did precisely that in [Bra00] he designed the logic BGNY [Bra96] based on GNY. He later developed an associated automated HOL tool, AAPA (Automated Authentication Protocol Analyzer) Bra98] and a speci cation language similar to Millen s CAPSL [DM00,Mil] The resulting system appears to be easy to use. Brackin has analyzed the entire Clark Jacob library 11 using AAPA. He has also analyzed large commercial protocols such as the Cybercash main sequence protocol [Bra97] This alone ....

Stephen H. Brackin. Evaluating and improving protocol analysis by automatic proof. In 11th IEEE Computer Security Foundations Workshop, pages 138-152. IEEE CS Press, 1998.

....interest in them has waned somewhat as state exploration systems have improved. However, they have an advantage in that they are usually decidable and often even efficiently computable, and thus can be completely automated, as has been shown by Brackin s Automated Authentication Protocol Analyzer [3]. More recently, research has focused on state exploration tools and theorem proving techniques based on the Dolev Yao model, much of it sparked by Lowe s demonstration that it was possible to use a generalpurpose model checker, FDR, to find a man in themiddle attack on the Needham Schroeder ....

....what we do best now is the analysis of straight line key distribution and authentication protocols, in which the lowest level of abstraction used is a black box model of a cryptosystem. For these types of protocols there now exist belief logic tools that can do provide a totally automated analysis [3]. On a somewhat deeper level there are a number of state based analysis tools that can do a more thorough analysis with minimal input from the user. High level languages like CAPSL [35] also make it easy to specify these protocols in a way usable by the tools. We have noted, of course, that the ....

S. Brackin. Evaluating and improving protocol analysis by automatic proof. In Proceedings of the 11th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, June 1998.

....with the size of the protocol making it possible for the AAPA to quickly analyse large and complicated protocols. A creditable performance to evaluate the results of AAPA includes the analysis of fifty two protocols from A Survey of Authentication Protocol Literature by Clark and Jacob [79]. This is a continually updated library of protocols analysed in the protocol failure literature. As mentioned before, the time for protocol analysis proved to be quite brief; an experienced user needed eighty working hours to model and analyse fifty two protocols. However, AAPA misses some ....

Brackin S., Evaluating and Improving Protocol Analysis by Automatic Proof, Proceedings of the IEEE Computer Security Foundations Workshop XI, (1998) 138-152, IEEE Press

....In recent years, model checking has proved to be a very successful way for analyzing security protocols. In this paper we describe the application of model checking techniques to Clark and Jacob s library of security protocols [3] This library has been the subject of a previous study [2], with which we can compare our results. We have used FDR, a model checker for the process algebra CSP [9] for the analysis. The CSP descriptions of the protocols were prepared using Casper [7] a compiler that produces the CSP from a more concise description. The ease of our techniques is ....

....and to find new attacks. Of the 50 protocols in the library, we were able to analyze all but one. We found attacks on 20 of the 25 previously known to be insecure. Further, we found attacks upon ten protocols reported as secure, and six new attacks upon protocols reported to be flawed in [3, 2]. The main contributions of this paper are: ffl A tutorial on the Casper FDR approach to analyzing security protocols; ffl A study of how well these techniques can be applied to a large collection of protocols, together with an identification of a few shortcomings; ffl Identification of a few ....

[Article contains additional citation context not shown here]

S. H. Brackin. Evaluating and improving protocol analysis by automatic proof. In Proceedings of the 11th IEEE Computer Security Foundations Workshop, 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC