Filters








28,023 Hits in 3.4 sec

Proving properties of security protocols by induction

L.C. Paulson
Proceedings 10th Computer Security Foundations Workshop  
Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous.  ...  Protocols are inductively defined as sets of traces, which may involve many interleaved protocol runs. Protocol descriptions model accidental key losses as well as attacks.  ...  In contrast, inductive verification of protocols involves long and highly detailed proofs. Each safety property is proved by induction over the protocol.  ... 
doi:10.1109/csfw.1997.596788 dblp:conf/csfw/Paulson97 fatcat:6wvuziqupvffpljcpxenpg4pnm

Verification of DNSsec Delegation Signatures

Florian Kammuller
2014 2014 21st International Conference on Telecommunications (ICT)  
Relying on the inductive approach to security protocol verification, this formal analysis provides a more expressive representation than the widely accepted model checking analysis.  ...  In this paper, we present a formal model for the verification of the DNSsec Protocol in the interactive theorem prover Isabelle/HOL.  ...  PROVED PROPERTIES To build up some infrastructure for proving the security of DS_auth with the inductive definition, we prove some characteristic lemmas, before we show authenticity of DS in lemma server_response_publik_key_is_authentic  ... 
doi:10.1109/ict.2014.6845127 dblp:conf/ict/Kammuller14 fatcat:l6vauefhwngntnehwc6fh6uscm

Formalization in PVS of Balancing Properties Necessary for Proving Security of the Dolev-Yao Cascade Protocol Model

Mauricio Ayala-Rincón, Yuri Santos Rego
2013 Journal of Formalized Reasoning  
In a previous work, assuming that for balanced protocols admissible words produced by a potential intruder should be balanced, a formalization of the characterization of security of this kind of protocols  ...  In this work, the previously assumed property is also formalized, obtaining in this way a complete formalization which mathematically guarantees the security of these protocols.  ...  induction) and application of Lemma 9 in the inductive step.The proof of Lemma 11 is also done by induction.  ... 
doi:10.6092/issn.1972-5787/3720 dblp:journals/jfrea/Ayala-RinconR13 fatcat:qya34le3krbl7kxggbmsgqpz5e

Holistic analysis of mix protocols

Giampaolo Bella, Denis Butin, David Gray
2011 2011 7th International Conference on Information Assurance and Security (IAS)  
of Secure Electronic Transactions (SET).  ...  It bears potential for the analysis of complex protocols constructed by general composition of others.  ...  When proving a security property result about a protocol, we first give it a name, preceded by the command theorem or lemma.  ... 
doi:10.1109/isias.2011.6122843 dblp:conf/IEEEias/BellaBG11 fatcat:gvmrovsek5aqralnijlbtu6ssq

On Adversary Models and Compositional Security

Anupam Datta, Jason Franklin, Deepak Garg, Limin Jia, Dilsun Kaynar
2011 IEEE Security and Privacy  
We describe logic-based methods to reason about security properties of a system as a composition of properties of its components, and several successful applications of the method in explaining and predicting  ...  We present a representative development in the science of security that includes a generic model of computer systems, their security properties and adversaries who actively interfere with such systems.  ...  Proving this property requires induction because, as part of the protocol, the client blindly forwards an incoming message to the TGS.  ... 
doi:10.1109/msp.2010.203 fatcat:ailuix65hfhhlk65daqyhcdxve

Automated Reasoning for Security Protocol Analysis

Alessandro Armando, David Basin, Jorge Cuellar, Michaël Rusinowitch, Luca Viganò
2005 Journal of automated reasoning  
of protocols proposed by a consortium of credit card companies and software corporations to secure ecommerce transactions).  ...  Moreover, there has been another wave of progress in foundations for analyzing protocols and their properties by applying nonclassical logics, such as epistemic and belief logics.  ...  The starting point of the paper Attacking Group Protocols by Refuting Incorrect Inductive Conjectures, by Steel and Bundy, is the observation that automated tools for finding attacks on flawed security  ... 
doi:10.1007/s10817-005-9014-x fatcat:pfbxgpnoovcf5o34bucygwedxm

Modeling and Verifying Physical Properties of Security Protocols for Wireless Networks

Patrick Schaller, Benedikt Schmidt, David Basin, Srdjan Capkun
2009 2009 22nd IEEE Computer Security Foundations Symposium  
Our model extends standard, inductive, trace-based, symbolic approaches with a formalization of physical properties of the environment, namely communication, location, and time.  ...  This is understandable: the Dolev-Yao model was developed for classical security protocols, whose correctness is independent of the details of the physical environment.  ...  Security properties of the protocol are then proved by induction using the inherited protocol-independent facts.Most of our formalization consists of general results applicable to arbitrary protocols.  ... 
doi:10.1109/csf.2009.6 dblp:conf/csfw/SchallerSBC09 fatcat:th6expx4mndjfpadw552evd4xe

Attacking Group Protocols by Refuting Incorrect Inductive Conjectures

Graham Steel, Alan Bundy
2005 Journal of automated reasoning  
By posing inductive conjectures about the trace of messages exchanged, we can investigate novel properties of the protocol, such as tolerance to disruption, and whether it results in agreement on a single  ...  In this paper, we describe Coral, our system for finding security protocol attacks by refuting incorrect inductive conjectures. We have used Coral to model a group key protocol in a general way.  ...  Security properties can be proved by induction on traces, using the mechanized theorem prover Isabelle/HOL, [26] .  ... 
doi:10.1007/s10817-005-9016-8 fatcat:horv5rbuqvhg7khu4d5d3r54w4

Attacking a Protocol for Group Key Agreement by Refuting Incorrect Inductive Conjectures [chapter]

Graham Steel, Alan Bundy, Monika Maidl
2004 Lecture Notes in Computer Science  
By posing inductive conjectures about the trace of messages exchanged, we can investigate novel properties of the protocol, such as tolerance to disruption, and whether it results in agreement on a single  ...  In this paper, we describe Coral, our system for finding security protocol attacks by refuting incorrect inductive conjectures. We have used Coral to model a group key protocol in a general way.  ...  Security properties can be proved by induction on traces, using the mechanized theorem prover Isabelle/HOL, [26] .  ... 
doi:10.1007/978-3-540-25984-8_8 fatcat:n2mxlvga4jhgvhxlt5gcmytezi

Inductive analysis of the Internet protocol TLS

Lawrence C. Paulson
1999 ACM Transactions on Privacy and Security  
Internet browsers use security protocols to protect sensitive messages. An inductive analysis of TLS (a descendant of SSL 3.0) has been performed using the theorem prover Isabelle.  ...  All the obvious security goals can be proved; session resumption appears to be secure even if old session keys have been compromised. The proofs suggest minor changes to simplify the analysis.  ...  It continues by presenting the Isabelle formalization of TLS (Section 4) and outlining some of the properties proved (Section 5).  ... 
doi:10.1145/322510.322530 fatcat:f5ej5t6tdnabjcyuk3zwgr45va

Verifying security protocols by knowledge analysis

Xiaoqi Ma, Xiaochun Cheng
2008 International Journal of Security and Networks (IJSN)  
As an example, the paper finds the flaw in the Needham-Schroeder public key authentication protocol and proves the secure properties and guarantees of the protocol with Lowe's fix to show the effectiveness  ...  The implementation of the method in a generic theorem proving environment, namely Isabelle, makes the verification of protocols mechanical and efficient; it can verify a medium-sized security protocol  ...  ACKNOWLEDGMENT Our research has been supported by EC, EPSRC, the National Natural Science Foundation of China, and Hong Kong K C Wong Education Foundation.  ... 
doi:10.1504/ijsn.2008.020092 fatcat:persfayq4zbfdcwfrz2kvwds2u

Let's Get Physical: Models and Methods for Real-World Security Protocols [chapter]

David Basin, Srdjan Capkun, Patrick Schaller, Benedikt Schmidt
2009 Lecture Notes in Computer Science  
Traditional security protocols are mainly concerned with key establishment and principal authentication and rely on predistributed keys and properties of cryptographic operators.  ...  In contrast, new application areas are emerging that establish and rely on properties of the physical world. Examples include protocols for secure localization, distance bounding, and device pairing.  ...  Security Proofs based on Properties of F In order to prove security properties of an instance of the protocol pattern, we show how security properties of the protocol can be reduced to properties of F  ... 
doi:10.1007/978-3-642-03359-9_1 fatcat:q2gktyflkfgdhe5kw53nxyrcgu

Relations between secrets: two formal analyses of the Yahalom protocol

Lawrence C. Paulson
2001 Journal of Computer Security  
The Yahalom protocol is one of those analyzed by Burrows et al. [5] . Based upon their analysis, they have proposed modifications to make the protocol easier to understand and to analyze.  ...  They use a fundamentally different formal model: the inductive method. They confirm the BAN analysis and the advantages of the proposed modifications.  ...  Properties are proved by induction over this definition.  ... 
doi:10.3233/jcs-2001-9302 fatcat:3r3vu5cszjafbcbttvqfs2jmr4

Formal Reasoning about Physical Properties of Security Protocols

David Basin, Srdjan Capkun, Patrick Schaller, Benedikt Schmidt
2011 ACM Transactions on Privacy and Security  
Traditional security protocols are mainly concerned with authentication and key establishment and rely on predistributed keys and properties of cryptographic operators.  ...  Our model extends standard, inductive, trace-based, symbolic approaches with a formalization of physical properties of the environment, namely communication, location, and time.  ...  Security properties of the protocol are then proved by induction using the inherited protocol-independent facts.  ... 
doi:10.1145/2019599.2019601 fatcat:yqrntfith5f6hayv5i7iwo5fta

Where Next for Formal Methods? [chapter]

James Heather, Kun Wei
2009 Lecture Notes in Computer Science  
In this paper we propose a novel approach to the analysis of security protocols, using the process algebra CSP to model such protocols and verifying security properties using a combination of the FDR model  ...  Using FDR and PVS together makes for a practical and interesting way to attack problems that would remain out of reach for either tool on its own.  ...  The alternative is the theorem-proving approach, in which a system and its properties are described by logical formulae, and the formal proof is established by proving theorems that state that such properties  ... 
doi:10.1007/978-3-642-04904-0_9 fatcat:2twz4hrxq5avfekwoqymtlhkp4
« Previous Showing results 1 — 15 out of 28,023 results