Filters








172 Hits in 6.9 sec

Decidable Inductive Invariants for Verification of Cryptographic Protocols with Unbounded Sessions [article]

Emanuele D'Osualdo, Felix Stutz
2020 arXiv   pre-print
We develop a theory of decidable inductive invariants for an infinite-state variant of the Applied pi-calculus, with applications to automatic verification of stateful cryptographic protocols with unbounded  ...  Since the problem is undecidable in general, we introduce depth-bounded protocols, a strict generalisation of a class from the literature, for which our decidable analysis is sound and complete.  ...  Acknowledgements We would like to thank Alwen Tiu, Roland Meyer and Véronique Cortier for the useful feedback.  ... 
arXiv:1911.05430v2 fatcat:qjafaoupizeu5ioorgvdxfwsne

Decidable Inductive Invariants for Verification of Cryptographic Protocols with Unbounded Sessions

Emanuele D'Osualdo, Felix Stutz, Igor Konnov, Laura Kovács
2020 International Conference on Concurrency Theory  
We develop a theory of decidable inductive invariants for an infinite-state variant of the Applied πcalc, with applications to automatic verification of stateful cryptographic protocols with unbounded  ...  Since the problem is undecidable in general, we introduce depth-bounded protocols, a strict generalisation of a class from the literature, for which our decidable analysis is sound and complete.  ...  Acknowledgements We would like to thank Alwen Tiu, Roland Meyer and Véronique Cortier for the useful feedback.  ... 
doi:10.4230/lipics.concur.2020.31 dblp:conf/concur/DOsualdoS20 fatcat:7fznao3pvnemxmylldz6uam6wm

Automatic Verification of Time Sensitive Cryptographic Protocols [chapter]

Giorgio Delzanno, Pierre Ganty
2004 Lecture Notes in Computer Science  
Our verification approach is based on data structures for symbolically representing sets of configurations of an arbitrary number of parallel protocol sessions.  ...  We investigate the applicability of symbolic exploration to the automatic verification of secrecy and authentication properties for time sensitive cryptographic protocols.  ...  One reason for the use of this abstraction is that all known decidability results for verification of crypto-protocols are given for untimed models (see e.g. [14, 18] ).  ... 
doi:10.1007/978-3-540-24730-2_27 fatcat:osg6bi2lnvdv7hlkittje4rm4u

A symbolic framework for multi-faceted security protocol analysis

Andrea Bracciali, Gianluigi Ferrari, Emilio Tuosto
2007 International Journal of Information Security  
Verification of software systems, and security protocol analysis as a particular case, requires frameworks that are expressive, so as to properly capture the relevant aspects of the system and its properties  ...  Additionally, security protocols also present hidden assumptions about the context, specific subtleties due to the nature of the problem and sources of complexity that tend to make verification incomplete  ...  Acknowledgements The authors wish to thank the anonymous referees for their helpful suggestions.  ... 
doi:10.1007/s10207-007-0043-9 fatcat:ihm7rmm4j5fxdjz3smymzbqcy4

Pattern-based abstraction for verifying secrecy in protocols

L. Bozga, Y. Lakhnech, M. Périn
2005 International Journal on Software Tools for Technology Transfer (STTT)  
We present a method based on abstract interpretation for verifying secrecy properties of cryptographic protocols.  ...  Our method allows one to verify secrecy properties in a general model allowing an unbounded number of sessions, an unbounded number of principals, and an unbounded size of messages.  ...  The main contribution of the paper is a verification algorithm that consists of computing an inductive invariant using super as symbolic representation.  ... 
doi:10.1007/s10009-005-0189-6 fatcat:pncsyk2tu5cthfkukrwidxkmha

Pattern-Based Abstraction for Verifying Secrecy in Protocols [chapter]

Liana Bozga, Yassine Lakhnech, Michael Périn
2003 Lecture Notes in Computer Science  
We present a method based on abstract interpretation for verifying secrecy properties of cryptographic protocols.  ...  Our method allows one to verify secrecy properties in a general model allowing an unbounded number of sessions, an unbounded number of principals, and an unbounded size of messages.  ...  The main contribution of the paper is a verification algorithm that consists of computing an inductive invariant using super as symbolic representation.  ... 
doi:10.1007/3-540-36577-x_22 fatcat:45qe5z4yifd6na73r5pegb5zke

Verification of Cryptographic Protocols: Tagging Enforces Termination [chapter]

Bruno Blanchet, Andreas Podelski
2003 Lecture Notes in Computer Science  
We investigate a resolution-based verification method for secrecy and authentication properties of cryptographic protocols.  ...  In this paper, we generalize the experimental evidence: we prove that the verification method always terminates for tagged protocols.  ...  . • It can verify protocols with an unbounded number of sessions. • It can easily handle a variety of cryptographic primitives, including shared-and publickey cryptography (encryption and signatures),  ... 
doi:10.1007/3-540-36576-1_9 fatcat:ofdaawic5bfddnt23k23x26boy

Verification of cryptographic protocols: tagging enforces termination

Bruno Blanchet, Andreas Podelski
2005 Theoretical Computer Science  
We investigate a resolution-based verification method for secrecy and authentication properties of cryptographic protocols.  ...  In this paper, we generalize the experimental evidence: we prove that the verification method always terminates for tagged protocols.  ...  . • It can verify protocols with an unbounded number of sessions. • It can easily handle a variety of cryptographic primitives, including shared-and publickey cryptography (encryption and signatures),  ... 
doi:10.1016/j.tcs.2004.10.018 fatcat:mhn44tbzcfe27onml3tn2j2vee

Exploiting Symmetries When Proving Equivalence Properties for Security Protocols

Vincent Cheval, Steve Kremer, Itsaka Rakotonirina
2019 Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security - CCS '19  
Verification of privacy-type properties for cryptographic protocols in an active adversarial environment, modelled as a behavioural equivalence in concurrent-process calculi, exhibits a high computational  ...  While undecidable in general, for some classes of common cryptographic primitives the problem is coNEXP-complete when the number of honest participants is bounded.  ...  The authors wish to thank the anonymous reviewers for their helpful comments.  ... 
doi:10.1145/3319535.3354260 dblp:conf/ccs/ChevalKR19 fatcat:wwssjgfi5zgbpklt6wyvhqgttq

Multihop Node Authentication Mechanisms for Wireless Sensor Networks [chapter]

Ismail Mansour, Damian Rusinek, Gérard Chalhoub, Pascal Lafourcade, Bogdan Ksiezopolski
2014 Lecture Notes in Computer Science  
For each protocol, we provide a formal proof using Scyther to verify the security of our proposals.  ...  Finally, we evaluate the overhead of protection of each solution, using AQoPA tool, by varying the security parameters and studying the effect on execution time overhead of each protocol for several network  ...  This tool can automatically find attacks on cryptographic protocols and prove their security for bounded and unbounded numbers of sessions.  ... 
doi:10.1007/978-3-319-07425-2_30 fatcat:j3mwfgnqpfhv3m6lndwzt5bxpa

Deciding Secrecy of Security Protocols for an Unbounded Number of Sessions: The Case of Depth-Bounded Processes

Emanuele DOsualdo, Luke Ong, Alwen Tiu
2017 2017 IEEE 30th Computer Security Foundations Symposium (CSF)  
We introduce a new class of security protocols with an unbounded number of sessions and unlimited fresh data for which the problem of secrecy is decidable.  ...  This decidable fragment of security protocols captures many real-world symmetric key protocols, including Needham-Schroeder Symmetric Key, Otway-Rees, and Yahalom.  ...  Our Contributions We show that the problem of secrecy is decidable for a class of security protocols with an unbounded number of sessions and unlimited fresh data.  ... 
doi:10.1109/csf.2017.32 dblp:conf/csfw/DOsualdoOT17 fatcat:ele5pktbjndejkztr2qx6opr7u

Continuous Formal Verification of Amazon s2n [chapter]

Andrey Chudnov, Nathan Collins, Byron Cook, Joey Dodds, Brian Huffman, Colm MacCárthaigh, Stephen Magill, Eric Mertens, Eric Mullen, Serdar Tasiran, Aaron Tomb, Eddy Westbrook
2018 Lecture Notes in Computer Science  
We describe formal verification of s2n, the open source TLS implementation used in numerous Amazon services.  ...  At each change to the code, proofs are automatically re-established with little to no interaction from the developers.  ...  Server decides to renew a session ticket ,sendCertificateStatus : Bit // Server decides to send the certificate // status message ,requestClientCert : Bit // Server requests a cert from the client  ... 
doi:10.1007/978-3-319-96142-2_26 fatcat:tefiqbkw7rdj7b23utmxg2uwia

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

Bruno Blanchet
2016 Foundations and Trends® in Privacy and Security  
It can prove various security properties: secrecy, authentication, and process equivalences, for an unbounded message space and an unbounded number of sessions.  ...  It takes as input a description of the protocol to verify in a dialect of the applied pi calculus, an extension of the pi calculus with cryptography.  ...  I would like to thank them for their contributions. I also thank Ben Smyth for helpful comments on a draft of this survey.  ... 
doi:10.1561/3300000004 fatcat:wgxw7fkdk5a4xohw2jhtfdxgya

A symbolic decision procedure for cryptographic protocols with time stamps

Liana Bozga, Cristian Ene, Yassine Lakhnech
2005 The Journal of Logic and Algebraic Programming  
We present a symbolic decision procedure for time-sensitive cryptographic protocols.  ...  Our approach is based on a logic representation of sets of configurations that combines a decidable logic with time constraints.  ...  It is well-known that the verification problem of unbounded cryptographic protocols is undecidable in the untimed case, and hence, it is so for the timed case.  ... 
doi:10.1016/j.jlap.2004.09.007 fatcat:mrx7b4x2szbyjnlmqbjwadndk4

A Symbolic Decision Procedure for Cryptographic Protocols with Time Stamps [chapter]

Liana Bozga, Cristian Ene, Yassine Lakhnech
2004 Lecture Notes in Computer Science  
We present a symbolic decision procedure for time-sensitive cryptographic protocols.  ...  Our approach is based on a logic representation of sets of configurations that combines a decidable logic with time constraints.  ...  It is well-known that the verification problem of unbounded cryptographic protocols is undecidable in the untimed case, and hence, it is so for the timed case.  ... 
doi:10.1007/978-3-540-28644-8_12 fatcat:aaqrrq65mvgj3co2xbmsak3al4
« Previous Showing results 1 — 15 out of 172 results