Abstract
We present a new technique for verifying authenticity in cryptographic protocols. This technique is fully automatic, it can handle an unbounded number of sessions of the protocol, and it is efficient in practice. It significantly extends a previous technique for the verification of secrecy. The protocol is represented in an extension of the pi calculus with fairly arbitrary cryptographic primitives. This protocol representation includes the authentication specification to be verified, but no other annotation. Our technique has been proved correct, implemented, and tested on various protocols from the literature. The experimental results show that we can verify these protocols in less than 1 s.
This work was supported in part by the RTD project IST-1999-20527 DAEDALUS of the european IST FP5 programme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Abadi and B. Blanchet. Analyzing Security Protocols with Secrecy Types and Logic Programs. In 29th Annual ACM Symposium on Principles of Programming Languages (POPL 2002), pages 33–44, Portland, Oregon, Jan. 2002. ACM Press.
M. Abadi and C. Fournet. Mobile Values, New Names, and Secure Communication. In 28th Annual ACM Symposium on Principles of Programming Languages (POPL’01), pages 104–115, London, United Kingdom, Jan. 2001. ACM Press.
M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. I EEE Transactions on Software Engineering, 22(1):6–15, Jan. 1996.
R. Amadio and S. Prasad. The game of the name in cryptographic tables. In P. S. Thiagarajan and R. Yap, editors, Advances in Computing Science-ASIAN’99, volume 1742 of LNCS, pages 15–27, Phuket, Thailand, Dec. 1999. Springer Verlag.
R. Anderson and R. Needham. Programming Satan’s Computer. In J. van Leeuven, editor, Computer Science Today: Recent Trends and Developments, volume 1000 of LNCS, pages 426–440. Springer Verlag, 1995.
B. Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 82–96, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society. Extended version available at http://www.di.ens.fr~blanchet/longcsfw14.ps.gz.
P. Broadfoot, G. Lowe, and B. Roscoe. Automating Data Independence. In 6th European Symposium on Research in Computer Security (ESORICS 2000), volume 1895 of LNCS, pages 175–190, Toulouse, France, Oct. 2000. Springer Verlag.
P. J. Broadfoot and A. W. Roscoe. Internalising agents in CSP protocol models. In Workshop on Issues in the Theory of Security (WITS’02), Portland, Oregon, Jan. 2002.
M. Burrows, M. Abadi, and R. Needham. A Logic of Authentication. Proceedings of the Royal Society of London A, 426:233–271, 1989.
J. Clark and J. Jacob. A Survey of Authentication Protocol Literature: Version1.0. Technical report, University of York, Department of Computer Science, Nov. 1997.
E. Cohen. TAPS: A First-Order Verifier for Cryptographic Protocols. In 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 144–158, Cambridge, England, July 2000.
V. Cortier, J. Millen, and H. Rueβ. Proving secrecy is easy enough. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 97–108, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.
M. Debbabi, M. Mejri, N. Tawbi, and I. Yahmadi. A New Algorithm for the Automatic Verification of Authentication Protocols: From Specifications to Flaws and Attack Scenarios. In DIM ACS Workshop on Design and Formal Verification of Security Protocols, Rutgers University, New Jersey, Sept. 1997.
A. Gordon and A. Jeffrey. Authenticity by Typing for Security Protocols. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 145–159, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.
A. Gordon and A. Jeffrey. Types and Effects for Asymmetric Cryptographic Protocols. In 15th IEEE Computer Security Foundations Workshop (CSFW-15), Cape Breton, Nova Scotia, Canada, June 2002. IEEE Computer Society.
J. Heather and S. Schneider. Towards automatic verification of authentication protocols on an unbounded network. In 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 132–143, Cambridge, England, July 2000.
H. Krawczyk. SKEME: A Versatile Secure Key Exchange Mechanism for Internet. In Proceedings of the Internet Society Symposium on Network and Distributed Systems Security, Feb. 1996.
G. Lowe. Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of LNCS, pages 147–166. Springer Verlag, 1996.
G. Lowe. A Hierarchy of Authentication Specifications. In Proceedings of the 10th Computer Security Foundations Workshop (CSFW’ 97), Rockport, Massachusetts, June 1997. IEEE Computer Society.
R. M. Needham and M. D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. Commun. ACM, 21(12):993–999, Dec. 1978.
D. Otway and O. Rees. Efficient and Timely Mutual Authentication. Operating Systems Review, 21(1):8–10, 1987.
L. C. Paulson. The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security, 6(1–2):85–128, 1998.
A. W. Roscoe and P. J. Broadfoot. Proving Security Protocols with Model Checkers by Data Independence Techniques. Journal of Computer Security, 7(2, 3):147–190, 1999.
D. X. Song. Athena: a New Efficient Automatic Checker for Security Protocol Analysis. In 12th IEEE Computer Security Foundation Workshop (CSFW-12), Mordano, Italy, June 1999.
C. Weidenbach. Towards an Automatic Analysis of Security Protocols in First-Order Logic. In H. Ganzinger, editor, 16th International Conference on Automated Deduction (CADE-16), volume 1632 of Lecture Notes in Artificial Intelligence, pages 314–328, Trento, Italy, July 1999. Springer Verlag.
T. Y. C. Woo and S. S. Lam. Authentication for distributed systems. Computer, 25(1):39–52, Jan. 1992.
T. Y. C. Woo and S. S. Lam. A Semantic Model for Authentication Protocols. In Proceedings IEEE Symposium on Research in Security and Privacy, pages 178–194, Oakland, California, May 1993.
T. Y. C. Woo and S. S. Lam. Authentication for distributed systems. In D. Denning and P. Denning, editors, Internet Besieged: Countering Cyberspace Scofflaws. ACM Press and Addison-Wesley, Oct. 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Blanchet, B. (2002). From Secrecy to Authenticity in Security Protocols. In: Hermenegildo, M.V., Puebla, G. (eds) Static Analysis. SAS 2002. Lecture Notes in Computer Science, vol 2477. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45789-5_25
Download citation
DOI: https://doi.org/10.1007/3-540-45789-5_25
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44235-6
Online ISBN: 978-3-540-45789-3
eBook Packages: Springer Book Archive