{"title":"Proving properties of security protocols by induction","authors":"Lawrence Charles Paulson","doi":"10.1109/CSFW.1997.596788","DOIUrl":null,"url":null,"abstract":"Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous. The resulting proofs are complicated, but can be generated reasonably quickly using the proof tool Isabelle/HOL. There is no restriction to finite state systems and the approach is not based on belief logics. Protocols are inductively defined as sets of traces, which may involve many interleaved protocol runs. Protocol descriptions model accidental key losses as well as attacks. The model spy can send spoof messages made up of components decrypted from previous traffic. Several key distribution protocols have been studied, including Needham-Schroeder, Yahalom and Otway-Rees. The method applies to both symmetric key and public key protocols. A new attack has been discovered in a variant of Otway-Rees (already broken by W. Mao and C. Boyd (1993)). Assertions concerning secrecy and authenticity have been proved.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"305","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 10th Computer Security Foundations Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSFW.1997.596788","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 305
Abstract
Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous. The resulting proofs are complicated, but can be generated reasonably quickly using the proof tool Isabelle/HOL. There is no restriction to finite state systems and the approach is not based on belief logics. Protocols are inductively defined as sets of traces, which may involve many interleaved protocol runs. Protocol descriptions model accidental key losses as well as attacks. The model spy can send spoof messages made up of components decrypted from previous traffic. Several key distribution protocols have been studied, including Needham-Schroeder, Yahalom and Otway-Rees. The method applies to both symmetric key and public key protocols. A new attack has been discovered in a variant of Otway-Rees (already broken by W. Mao and C. Boyd (1993)). Assertions concerning secrecy and authenticity have been proved.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
