Results 1 
3 of
3
Efficient Construction of MachineChecked Symbolic Protocol Security Proofs
, 2012
"... We embed an untyped security protocol model in the interactive theorem prover Isabelle/HOL and derive a theory for constructing proofs of secrecy and authentication properties. Our theory is based on two key ingredients. The first is an inference rule for enumerating the possible origins of messages ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
We embed an untyped security protocol model in the interactive theorem prover Isabelle/HOL and derive a theory for constructing proofs of secrecy and authentication properties. Our theory is based on two key ingredients. The first is an inference rule for enumerating the possible origins of messages known to the intruder. The second is a class of protocolspecific invariants that formalize type assertions about variables in protocol specifications. The resulting theory is wellsuited for interactively constructing humanreadable, protocol security proofs. We additionally give an algorithm that automatically generates Isabelle/HOL proof scripts based on this theory. We provide case studies showing that both interactive and automatic proof construction are efficient. The resulting proofs provide strong correctness guarantees since all proofs, including those deriving our theory from the security protocol model, are machinechecked. 1
From absence of certain vulnerabilities towards security proofs
 In New Security Paradigms Workshop
, 2004
"... The application of formal methods for rigorously validating cryptographic protocols has been getting increasing attention. The de facto standard for modeling such protocols in formal proof systems is the DolevYao model that, e.g., uses abstract encryption instead of eryptographic eneryption primiti ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
The application of formal methods for rigorously validating cryptographic protocols has been getting increasing attention. The de facto standard for modeling such protocols in formal proof systems is the DolevYao model that, e.g., uses abstract encryption instead of eryptographic eneryption primitives. The DolevYao model has been originally intended and successfully used for detecting flaws in many protocols. However, recent publications claim to perform actual proofs of security using this model, i.e., absence of any attack. We doubt this claim and challenge DolevYaobased models as being oversimplified for establishing security proofs against arbitrary attacks. We substantiate our claim by an example protocol. This protocol has been proven secure in a DolevYaobased model using formal methods. In a later publication, the protocol has been broken by describing
Pushing the Limits of Formal Verification
"... The application of formal methods for rigorously validating cryptographic protocols has been getting increasing attention. The de facto standard for modeling such protocols in formal proof systems is the DolevYao model that, e.g., uses abstract encryption instead of cryptographic encryption primiti ..."
Abstract
 Add to MetaCart
(Show Context)
The application of formal methods for rigorously validating cryptographic protocols has been getting increasing attention. The de facto standard for modeling such protocols in formal proof systems is the DolevYao model that, e.g., uses abstract encryption instead of cryptographic encryption primitives. The DolevYao model has been originally intended and successfully used for detecting flaws in many protocols. However, recent publications claim to perform actual proofs of security using this model, i.e., absence of any attack. We doubt this claim and challenge DolevYaobased models as being oversimplified for establishing security proofs against arbitrary attacks. We substantiate our claim by an example protocol. This protocol has been proven secure in a DolevYaobased model using formal methods. In a later publication, the protocol has been broken by describing a cryptographic attack. The attack was not detected in the formal analysis since any DolevYaobased model only comprises a predefined set of adversary capabilities. The particular attack to break the protocol was not comprised. The only reliable longterm remedy is to proof resilience against all attacks (both known and unknown ones). Recent approaches on cryptographic models of security have already made great progress towards this goal. Unfortunately, proofs in these are more complex and harder to automate. On the short run, it therefore is appropriate to improve the quality of formal analysis without striving for complete proofs. This can be achieved by means of evolving a catalog of adversary capabilities. Future formal analysis can then show resilience against any attack in this catalog. We initiate this discussion on an “adversary capability catalog ” by providing a cryptographer’s wish list. This list that points out several features which approaches based on the DolevYao model or future extensions of it should cover in order to be effective for cryptographic protocol verification.