BibTeX
@MISC{Bozzano02automatedverification,
author = {Marco Bozzano and Giorgio Delzanno},
title = {Automated Verification of Security Protocols},
year = {2002}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
In this paper we investigate the applicability of a bottom-up evaluation strategy for a first order fragment of linear logic we introduced in [8] for the purposes of automated verification of security protocols. Following [12], we use multi-conclusion clauses to represent the behaviour of agents in a protocol session, and we adopt the Dolev-Yao intruder model and related message and cryptographic assumptions. Also, we use universal quantification to provide a formal, declarative way to express creation of nonces. Our approach is well suited to verify properties which can be specified by means of minimal conditions. Unlike traditional approaches based on model-checking, we can reason about parametric, infinite-state systems, thus we do not pose any limitation on the number of parallel runs of a given protocol. Furthermore, our approach can be used both to find attacks and to prove correctness of protocols. In this paper we apply our method to analyze several classical examples of authentication protocols. Among them we consider the ffgg protocol [35]. This protocol is a challenging case study in that it is free from sequential attacks, whereas it suffers from parallel attacks that occur only when at least two sessions are run in parallel. The other case studies...
Keyphrases
security protocol case study sequential attack universal quantification automated verification protocol session multi-conclusion clause dolev-yao intruder model cryptographic assumption parallel run authentication protocol first order fragment several classical example linear logic ffgg protocol declarative way parallel attack related message infinite-state system minimal condition bottom-up evaluation strategy traditional approach
