Skip to main content
SpringerLink
Log in
Book cover

International Static Analysis Symposium

SAS 2003: Static Analysis pp 316–335Cite as

Computer-Assisted Verification of a Protocol for Certified Email

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2694))

Abstract

We present the formalization and verification of a recent cryptographic protocol for certified email. Relying on a tool for automatic protocol analysis, we establish the key security properties of the protocol. This case study explores the use of general correspondence assertions in automatic proofs, and aims to demonstrate the considerable power of the tool and its applicability to non-trivial, interesting protocols.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Abadi and B. Blanchet. Analyzing security protocols with secrecy types and logic programs. In 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’02), pages 33–44, Portland, OR, Jan. 2002. ACM Press.

    Google Scholar 

  2. M. Abadi, N. Glew, B. Horne, and B. Pinkas. Certified email with a light on-line trusted third party: Design and implementation. In 11th International World Wide Web Conference (WWW’02), Honolulu, Hawaii, USA, May 2002. ACM Press.

    Google Scholar 

  3. G. Bella, F. Massacci, and L. C. Paulson. The verification of an industrial payment protocol: The SET purchase phase. In V. Atluri, editor, 9th ACM Conference on Computer and Communications Security (CCS’02), pages 12–20, Washington, DC, Nov. 2002. ACM Press.

    Google Scholar 

  4. G. Bella and L. C. Paulson. Using Isabelle to prove properties of the Kerberos authentication system. In DIMACS Workshop on Design and Formal Verification of Security Protocols, Piscataway, NJ, Sept. 1997.

    Google Scholar 

  5. G. Bella and L. C. Paulson. Kerberos version IV: inductive analysis of the secrecy goals. In J.-J. Quisquater et al., editors, Computer Security-ESORICS 98, volume 1485 of Lecture Notes in Computer Science, pages 361–375, Louvain-la-Neuve, Belgium, Sept. 1998. Springer Verlag.

    Chapter  Google Scholar 

  6. B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 82–96, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.

    Google Scholar 

  7. B. Blanchet. From secrecy to authenticity in security protocols. In M. Hermenegildo and G. Puebla, editors, 9th International Static Analysis Symposium (SAS’02), volume 2477 of Lecture Notes in Computer Science, pages 342–359, Madrid, Spain, Sept. 2002. Springer Verlag.

    Google Scholar 

  8. A. Gordon and A. Jeffrey. Authenticity by typing for security protocols. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 145–159, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.

    Google Scholar 

  9. A. Gordon and A. Jeffrey. Types and effects for asymmetric cryptographic protocols. In 15th IEEE Computer Security Foundations Workshop (CSFW-15), pages 77–91, Cape Breton, Nova Scotia, Canada, June 2002. IEEE Computer Society.

    Google Scholar 

  10. H. Krawczyk. SKEME: A versatile secure key exchange mechanism for internet. In Proceedings of the Internet Society Symposium on Network and Distributed Systems Security (NDSS’96), San Diego, CA, Feb. 1996. Available at http://bilbo.isu.edu/sndss/sndss96.html.

    Google Scholar 

  11. S. Kremer and J.-F. Raskin. Game analysis of abuse-free contract signing. In 15th IEEE Computer Security Foundations Workshop (CSFW-15), pages 206–222, Cape Breton, Nova Scotia, Canada, June 2002. IEEE Computer Society.

    Google Scholar 

  12. C. Meadows. Analysis of the Internet Key Exchange protocol using the NRL protocol analyzer. In IEEE Symposium on Security and Privacy, pages 216–231, Oakland, CA, May 1999. IEEE Computer Society.

    Google Scholar 

  13. J. C. Mitchell, V. Shmatikov, and U. Stern. Finite-state analysis of SSL 3.0. In 7th USENIX Security Symposium, pages 201–216, San Antonio, TX, Jan. 1998.

    Google Scholar 

  14. L. C. Paulson. Inductive analysis of the Internet protocol TLS. ACM Transactions on Information and System Security, 2(3):332–351, Aug. 1999.

    Article  Google Scholar 

  15. S. Schneider. Formal analysis of a non-repudiation protocol. In 11th IEEE Computer Security Foundations Workshop (CSFW-11), pages 54–65, Rockport, Massachusetts, June 1998. IEEE Computer Society.

    Google Scholar 

  16. V. Shmatikov and J. C. Mitchell. Finite-state analysis of two contract signing protocols. Theoretical Computer Science, 283(2):419–450, June 2002.

    Article  MATH  MathSciNet  Google Scholar 

  17. T. Y. C. Woo and S. S. Lam. A semantic model for authentication protocols. In 1993 IEEE Symposium on Research on Security and Privacy, pages 178–194, Oakland, CA, 1993. IEEE Computer Society.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of California, Santa Cruz

    Martín Abadi

  2. Département d’Informatique, École Normale Supérieure, Paris and Max-Planck-Institut für Informatik, Saarbrücken

    Bruno Blanchet

Authors
  1. Martín Abadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bruno Blanchet
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. École Polytechnique, STIX, 91128, Palaiseau cedex, France

    Radhia Cousot

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abadi, M., Blanchet, B. (2003). Computer-Assisted Verification of a Protocol for Certified Email. In: Cousot, R. (eds) Static Analysis. SAS 2003. Lecture Notes in Computer Science, vol 2694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44898-5_17

Download citation

  • DOI: https://doi.org/10.1007/3-540-44898-5_17

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40325-8

  • Online ISBN: 978-3-540-44898-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation