B. Donovan, P. Norris, and G. Lowe. Analyzing Library of Security Protocols using Casper and FDR. In Proc. of the Workshop on Formal Methods and Security Protocols, 1999. Home/Search Document Details and Download
Summary Related Articles Check |
This paper is cited in the following contexts:
A Bound on Attacks on Authentication Protocols - Stoller (2001) (9 citations) (Correct)
....veri cation. Allowing an unbounded number of concurrent protocol executions makes the number of reachable states unbounded, so automated veri cation using state space exploration is not directly applicable. The case studies in [MCF87, Ros95, HTWW96, DK97, LR97, MMS97, MCJ97, MSS98, Bol98, DNL99] show that state space exploration of authentication protocols and similar cryptographic protocols is feasible when small upper bounds are imposed on the size of messages and the number of protocol executions. However, in most of those case studies, the bounds were not rigorously justi ed, so the ....
Ben Donovan, Paul Norris, and Gavin Lowe. Analyzing a library of security protocols using Casper and FDR. In Proc.
A BRUTUS Logic for a Spi-Calculus Dialect - Gnesi, Latella, Lenzini (Correct)
....that many cryptographic protocols considered secure for years, have been successively proved to be easily breakable. Many researchers have dedicated their efforts to propose new formal frameworks in which security properties of cryptographic protocols can be studied and analyzed (see for example [20, 26, 23, 27, 28, 11, 16]) Within the model checking approaches [7] we remind the studies, oriented to define an effective theoretical framework in [18, 15, 14] and the recent BRUTUS model checker [19] This paper focuses on spi calculus [4] a process algebra derived from the calculus [21, 22] with operators to ....
B. Donovan, P. Norris, and G. Lowe. Analyzing Library of Security Protocols using Casper and FDR. In Proc. of the Workshop on Formal Methods and Security Protocols, 1999.
Experimenting with STA, a tool for automatic analysis of.. - Boreale, Buscemi (Correct)
....nonce) 7 A 4 5 B : O NB QX KB This example is interesting because it exhibits a type dependent flaw. This kind of flaws is normally not detected using traditional finite state techniques, unless the specification is tailored towards finding specific, hence, a priori known bugs (see, e.g. [6]) We analyze two parallel runs of the protocol: A acts as responder and as initiator, respectively, while B acts only as responder. The interaction of S with A and B can be interleaved. This version of the protocol can be specified in STA by modifying the scripts for the previous example. e.g. ....
B. Donovan, P. Norris, and G. Lowe. Analyzing a library of security protocols using Casper and FDR. In Proc. of Workshop on Formal Methods and Security Protocols, Trento, 1999.
A Bound on Attacks on Payment Protocols - Stoller (2001) (7 citations) (Correct)
....executed corresponding other actions (e.g. a payment gateway approves a charge to customer C s account only if customer C previously authorized that charge) Allowing an unbounded number of concurrent protocol instances makes the number of reachable states unbounded. The case studies in, e.g. [13, 6, 19, 10, 17] show that statespace exploration of security protocols is feasible when small upper bounds are imposed on the size of messages and the number of protocol instances. In most of those case studies, the bounds are not rigorously justified, so the results do not prove correctness of the protocols. ....
B. Donovan, P. Norris, and G. Lowe. Analyzing a library of security protocols using Casper and FDR. In Proc.
A Bound on Attacks on Payment Protocols - Stoller (2001) (7 citations) (Correct)
....approves a charge to customer C s account only if customer C previously authorized that charge) Allowing an unbounded number of concurrent protocol instances makes the number of reachable states unbounded. The case studies in, e.g. MCF87, Ros95, HTWW96, DK97, LR97, MMS97, MCJ97, MSS98, Bol98, DNL99, MM99] show that state space exploration of security protocols is feasible when small upper bounds are imposed on the size of messages and the number of protocol instances. In most of those case studies, the bounds are not rigorously justi ed, so the results do not prove correctness of the ....
Ben Donovan, Paul Norris, and Gavin Lowe. Analyzing a library of security protocols using Casper and FDR. In Proc.
A Bound on Attacks on Authentication Protocols - Stoller (2000) (9 citations) (Correct)
....to the importance of rigorous veri cation. Allowing an unbounded number of concurrent protocol instances makes the number of reachable states unbounded, so state space exploration is not directly applicable. The case studies in [MCF87, Ros95, HTWW96, DK97, LR97, MMS97, MCJ97, MSS98, Bol98, DNL99] show that state space exploration of authentication protocols and similar cryptographic protocols is feasible when small upper bounds are imposed on the size of messages and the number of protocol instances. However, in most of those case studies, the bounds were not rigorously justi ed, so the ....
Ben Donovan, Paul Norris, and Gavin Lowe. Analyzing a library of security protocols using Casper and FDR. In Workshop on Formal Methods and Security Protocols, July 1999.
A Bound on Attacks on Payment Protocols - Stoller (2000) (7 citations) (Correct)
....that charge) Allowing an unbounded number of concurrent protocol instances makes the number of reachable states unbounded, so automated verification using state space exploration is not directly applicable. The case studies in [MCF87, Ros95, HTWW96, DK97, LR97, MMS97, MCJ97, MSS98, Bol98, DNL99] show that state space exploration of security protocols is feasible when small upper bounds are imposed on the size of messages and the number of protocol instances. However, in most of those case studies, the bounds were not rigorously justified, so the results do not prove correctness of the ....
Ben Donovan, Paul Norris, and Gavin Lowe. Analyzing a library of security protocols using Casper and FDR. In Workshop on Formal Methods and Security Protocols, July 1999.
Looking for Diamonds in the Desert - Extending Automatic.. - Perrig, Song (2000) (6 citations) (Correct)
....of the security properties are more complete than the ones in [SM95] For example, we distinguish between weak key freshness and strong key freshness, while [SM95] does not consider the strong key freshness. In fact, the Yahalom protocol [CJ97] has been proven to have key freshness property by [DNL99]. But actually Athena proved that Yahalom only has the weak key freshness, not the strong key freshness property. 5.3.1 Specification of security properties 1. Authentication between the initiator and the responder If A completes the protocol run with B in a session with N a and N b , then there ....
Ben Donovan, Paul Norris, and Gavin Lowe. Analyzing a library of security protocols using casper and fdr. In Workshop on Formal Methods and Security Protocols, 1999.
A Bound on Attacks on Authentication Protocols - Stoller (1999) (9 citations) (Correct)
....of ONR under Grant N00014 99 1 0358 Email: stoller cs.indiana.edu Web: http: www.cs.indiana.edu stoller Allowing an unbounded number of concurrent protocol instances makes the number of reachable states unbounded, so state space exploration is not directly applicable. The case studies in [MCF87, Ros95, HTWW96, DK97, LR97, MMS97, MCJ97, MSS98, Bol98, DNL99] show that state space exploration of authentication protocols and similar cryptographic protocols is feasible when small upper bounds are imposed on the size of messages and the number of protocol instances. However, in most of those case studies, the bounds were not rigorously justified, so the ....
Ben Donovan, Paul Norris, and Gavin Lowe. Analyzing a library of security protocols using Casper and FDR. In Workshop on Formal Methods and Security Protocols, July 1999.
A Security Analysis of the CLIQUES Protocol Suite - Delicata (2002) (1 citation) Self-citation (Lowe) (Correct)
No context found.
Ben Donovan, Paul Norris, and Gavin Lowe. Analyzing a library of security protocols using Casper and FDR. In Proceedings of the 1999.
Relating Multiset Rewriting and Process - Algebras For Security (Correct)
No context found.
B. Donovan, P. Norris, and G. Lowe. Analyzing Library of Security Protocols using Casper and FDR. In Proc. of the Workshop on Formal Methods and Security Protocols, 1999.
Formal Methods for Security Protocols: Three Examples of.. - Cremers, Mauw, de Vink (Correct)
No context found.
B. Donovan, P. Norris, and G. Lowe. Analyzing a library of security protocols using Casper and FDR, 1999.
Towards a Metalogic for Security Protocol Analysis.. - Caleiro, Vigano, Basin (Correct)
No context found.
B. Donovan, P. Norris, and G. Lowe. Analyzing a library of security protocols using Casper and FDR. In Proc. FLOC'99 Workshop on Formal Methods and Security Protocols (FMSP'99), 1999.
Modelling and Security Analysis of Authenticated Group Key.. - Pereira (2003) (4 citations) (Correct)
No context found.
B. Donovan, P. Norris, and G. Lowe. Analyzing a library of security protocols using casper and FDR. In Proceedings of the Workshop on Formal Methods and Security Protocols, 1999. http://www.mcs.le.ac.uk/~glowe/Security/Papers/ prots.ps.
A formal model of Diffie-Hellman using CSP and rank functions - Delicata, Schneider (2003) (1 citation) (Correct)
No context found.
B. DONOVAN, P. NORRIS, AND G. LOWE, Analyzing a library of security protocols using Casper and FDR, in Proceedings of the 1999.
Formal Methods for Security Protocols: Three Examples of.. - Cremers, Mauw, de Vink (Correct)
No context found.
B. Donovan, P. Norris, and G. Lowe. Analyzing a library of security protocols using Casper and FDR, 1999.
Formal Methods for Security Protocols: Three Examples of.. - Cremers, Mauw, de Vink (2003) (Correct)
No context found.
B. Donovan, P. Norris, and G. Lowe. Analyzing a library of security protocols using Casper and FDR, 1999.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC