article

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

Author:

Bruno BlanchetAuthors Info & Claims

Foundations and Trends in Privacy and Security, Volume 1, Issue 1-2

Pages 1 - 135

https://doi.org/10.1561/3300000004

Published: 31 October 2016 Publication History

Abstract

ProVerif is an automatic symbolic protocol verifier. It supports a wide range of cryptographic primitives, defined by rewrite rules or by equations. It can prove various security properties: secrecy, authentication, and process equivalences, for an unbounded message space and an unbounded number of sessions. It takes as input a description of the protocol to verify in a dialect of the applied pi calculus, an extension of the pi calculus with cryptography. It automatically translates this protocol description into Horn clauses and determines whether the desired security properties hold by resolution on these clauses. This survey presents an overview of the research on ProVerif.

References

[1]

Abadi, M. 1999. "Secrecy by Typing in Security Protocols". Journal of the ACM. 46(5): 749-786.

Digital Library

[2]

Abadi, M. and B. Blanchet. 2005a. "Analyzing Security Protocols with Secrecy Types and Logic Programs". Journal of the ACM. 52(1): 102-146.

Digital Library

[3]

Abadi, M. and B. Blanchet. 2005b. "Computer-Assisted Verification of a Protocol for Certified Email". Science of Computer Programming. 58(1-2): 3-27. Special issue SAS'03.

Digital Library

[4]

Abadi, M., B. Blanchet, and C. Fournet. 2007. "Just Fast Keying in the Pi Calculus". ACM Transactions on Information and System Security (TISSEC). 10(3): 1-59.

Digital Library

[5]

Abadi, M., B. Blanchet, and C. Fournet. 2016. "The Applied Pi Calculus: Mobile Values, New Names, and Secure Communication". Report arXiv:1609.03003v1. Available at http://arxiv.org/abs/1609.03003v1.

[6]

Abadi, M. and V. Cortier. 2006. "Deciding Knowledge in Security Protocols under Equational Theories". Theoretical Computer Science. 367(1-2): 2-32.

[7]

Abadi, M. and C. Fournet. 2001. "Mobile Values, New Names, and Secure Communication". In: 28th ACM Symposium on Principles of Programming Languages (POPL'01). London, UK: ACM. 104-115.

[8]

Abadi, M. and C. Fournet. 2004. "Private authentication". Theoretical Computer Science. 322(3): 427-476.

Digital Library

[9]

Abadi, M., N. Glew, B. Horne, and B. Pinkas. 2002. "Certified Email with a Light On-line Trusted Third Party: Design and Implementation". In: 11th International World Wide Web Conference. Honolulu, Hawaii: ACM. 387-395.

[10]

Abadi, M. and A. D. Gordon. 1998. "A Bisimulation Method for Cryptographic Protocols". Nordic Journal of Computing. 5(4): 267-303.

Digital Library

[11]

Abadi, M. and A. D. Gordon. 1999. "A Calculus for Cryptographic Protocols: The Spi Calculus". Information and Computation. 148(1): 1-70. An extended version appeared as Digital Equipment Corporation Systems Research Center report No. 149, January 1998.

Digital Library

[12]

Abadi, M. and R. Needham. 1996. "Prudent Engineering Practice for Cryptographic Protocols". IEEE Transactions on Software Engineering. 22(1): 6-15.

Digital Library

[13]

Abadi, M. and P. Rogaway. 2002. "Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)". Journal of Cryptology. 15(2): 103-127.

Digital Library

[14]

Abdalla, M., P.-A. Fouque, and D. Pointcheval. 2005. "Password-Based Authenticated Key Exchange in the Three-Party Setting". In: 2005 International Workshop on Practice and Theory in Public Key Cryptography (PKC'05). Ed. by S. Vaudenay. Vol. 3386. Lecture Notes in Computer Science. Les Diablerets, Switzerland: Springer. 65-84.

[15]

Adrian, D., K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green, J. A. Halderman, N. Heninger, D. Springall, E. Thomé, L. Valenta, B. VanderSloot, E. Wustrow, S. Zanella-Béguelin, and P. Zimmermann. 2015. "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice". In: 22nd ACM Conference on Computer and Communications Security.

[16]

Aiello, W., S. M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, K. Keromytis, and O. Reingold. 2004. "Just Fast Keying: Key Agreement in a Hostile Internet". ACM Transactions on Information and System Security. 7(2): 242-273.

Digital Library

[17]

Aizatulin, M., A. D. Gordon, and J. Jürjens. 2011. "Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution". In: 18th ACM Conference on Computer and Communications Security (CCS'11). Chicago, IL, USA: ACM. 331-340.

[18]

Aizatulin, M., A. D. Gordon, and J. Jürjens. 2012. "Computational Verification of C Protocol Implementations by Symbolic Execution". In: 19th ACM Conference on Computer and Communications Security (CCS'12). Raleigh, NC, USA: ACM. 712-723.

[19]

Allamigeon, X. and B. Blanchet. 2005. "Reconstruction of Attacks against Cryptographic Protocols". In: 18th IEEE Computer Security Foundations Workshop (CSFW-18). Aix-en-Provence, France: IEEE. 140-154.

[20]

Almeida, J. B., M. Barbosa, G. Barthe, and F. Dupressoir. 2013. "Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations". In: ACM Conference on Computer and Communications Security (CCS'13). Berlin, Germany: ACM. 1217-1230.

[21]

Arapinis, M. and M. Duflot. 2007. "Bounding Messages for Free in Security Protocols". In: 27th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS'07). Ed. by V. Arvind and S. Prasad. Vol. 4855. Lecture Notes in Computer Science. New Delhi, India: Springer. 376-387.

[22]

Arapinis, M., J. Liu, E. Ritter, and M. Ryan. 2014. "Stateful Applied Pi Calculus". In: Principles of Security and Trust--Third International Conference. Ed. by M. Abadi and S. Kremer. Vol. 8414. Lecture Notes in Computer Science. Springer. 22-41.

[23]

Arapinis, M., E. Ritter, and M. D. Ryan. 2011. "StatVerif: Verification of stateful processes". In: 24th Computer Security Foundations Symposium (CSF'11). IEEE. Cernay-la-Ville, France. 33-47.

[24]

Armando, A., D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. H. Drielsma, P.-C. Héam, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganó, and L. Vigneron. 2005. "The AVISPA tool for Automated Validation of Internet Security Protocols and Applications". In: Computer Aided Verification, 17th International Conference, CAV 2005. Ed. by K. Etessami and S. K. Rajamani. Vol. 3576. Lecture Notes in Computer Science. Edinburgh, Scotland: Springer. 281-285.

[25]

Armando, A., R. Carbone, and L. Compagna. 2014. "SATMC: a SAT-based Model Checker for Security-critical Systems". In: Tools and Algorithms for the Construction and Analysis of Systems, 20th International Conference, TACAS 2014. Ed. by E. Ábrahám and K. Havelund. Vol. 8413. Lecture Notes in Computer Science. Grenoble, France: Springer. 31-45.

[26]

Avalle, M., A. Pironti, R. Sisto, and D. Pozza. 2011. "The JavaSPI Framework for Security Protocol Implementation". In: International Conference on Availability, Reliability and Security (ARES'11). IEEE. 746-751.

[27]

Bachmair, L. and H. Ganzinger. 2001. "Resolution Theorem Proving". In: Handbook of Automated Reasoning. Ed. by A. Robinson and A. Voronkov. Vol. 1. North Holland. Chap. 2. 19-100.

[28]

Backes, M., F. Bendun, M. Maffei, E. Mohammadi, and K. Pecina. 2015. "Symbolic Malleable Zero-Knowledge Proofs". In: 28th IEEE Computer Security Foundations Symposium (CSF'15). Verona, Italy: IEEE. 412-480.

[29]

Backes, M., C. Hritcu, and M. Maffei. 2008a. "Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-calculus". In: 21st IEEE Computer Security Foundations Symposium (CSF'08). Pittsburgh, PA: IEEE Computer Society. 195-209.

[30]

Backes, M., M. Maffei, and D. Unruh. 2008b. "Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol". In: 29th IEEE Symposium on Security and Privacy. Technical report version available at http://eprint.iacr.org/2007/289. IEEE. Oakland, CA. 202-215.

[31]

Backes, M., E. Mohammadi, and T. Ruffing. 2014. "Computational Soundness Results for ProVerif: Bridging the Gap from Trace Properties to Uniformity". In: Principles of Security and Trust (POST'14). Ed. by M. Abadi and S. Kremer. Vol. 8414. Lecture Notes in Computer Science. Grenoble, France: Springer. 42-62.

[32]

Bansal, C., K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis. 2013. "Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage". In: Principles of Security and Trust (POST 2013). Ed. by D. Basin and J. Mitchell. Vol. 7796. Lecture Notes in Computer Science. Rome, Italy: Springer. 126-146.

[33]

Bansal, C., K. Bhargavan, and S. Maffeis. 2012. "Discovering Concrete Attacks on Website Authorization by Formal Analysis". In: 25th IEEE Computer Security Foundations Symposium (CSF'12). IEEE. Cambridge, MA, USA. 247-262.

[34]

Barthe, G., F. Dupressoir, P.-A. Fouque, B. Grégoire, M. Tibouchi, and J.-C. Zapalowicz. 2014a. "Making RSA-PSS Provably Secure against Non-random Faults". In: Cryptographic Hardware and Embedded Systems (CHES'14). Ed. by L. Batina and M. Robshaw. Vol. 8731. Lecture Notes in Computer Science. Busan, South Korea: Springer. 206-222.

[35]

Barthe, G., F. Dupressoir, B. Grégoire, C. Kunz, B. Schmidt, and P.-Y. Strub. 2014b. "EasyCrypt: A Tutorial". In: Foundations of Security Analysis and Design VII. Ed. by A. Aldini, J. Lopez, and F. Martinelli. Vol. 8604. Lecture Notes in Computer Science. Springer. 146-166.

[36]

Barthe, G., B. Grégoire, S. Heraud, and S. Z. Béguelin. 2011. "Computer-Aided Security Proofs for the Working Cryptographer". In: Advances in Cryptology - CRYPTO 2011. Ed. by P. Rogaway. Vol. 6841. Lecture Notes in Computer Science. Santa Barbara, CA, USA: Springer. 71-90.

[37]

Barthe, G., B. Grégoire, and S. Zanella. 2009. "Formal Certification of Code-Based Cryptographic Proofs". In: 36th ACM SIGPLAN - SIGACT Symposium on Principles of Programming Languages (POPL'09). Savannah, Georgia: ACM. 90-101.

[38]

Basin, D., J. Dreier, and R. Casse. 2015. "Automated Symbolic Proofs of Observational Equivalence". In: 22nd ACM Conference on Computer and Communications Security (CCS'15). Denver, CO: ACM. 1144-1155.

[39]

Basin, D., S. Mödersheim, and L. Viganò. 2005. "OFMC: A symbolic model checker for security protocols". International Journal of Information Security. 4(3): 181-208.

Digital Library

[40]

Baudet, M. 2007. "Sécurité des protocoles cryptographiques: aspects logiques et calculatoires". PhD thesis. Ecole Normale Supérieure de Cachan.

[41]

Béguelin, S. Z., B. Grégoire, G. Barthe, and F. Olmedo. 2009. "Formally Certifying the Security of Digital Signature Schemes". In: 30th IEEE Symposium on Security and Privacy, S&P 2009. Oakland, CA: IEEE. 237-250.

[42]

Bellovin, S. M. and M. Merritt. 1992. "Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks". In: 1992 IEEE Computer Society Symposium on Research in Security and Privacy. 72-84.

[43]

Bellovin, S. M. and M. Merritt. 1993. "Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise". In: First ACM Conference on Computer and Communications Security. 244-250.

[44]

Bengtson, J., K. Bhargavan, C. Fournet, A. Gordon, and S. Maffeis. 2011. "Refinement Types for Secure Implementations". ACM Transactions on Programming Languages and Systems. 33(2).

[45]

Beurdouche, B., K. Bhargavan, A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, and J. K. Zinzindohoue. 2015. "A Messy State of the Union: Taming the Composite State Machines of TLS". In: IEEE Symposium on Security & Privacy 2015 (Oakland'15). IEEE.

[46]

Bhargavan, K., R. Corin, and C. Fournet. 2007. "Crypto-Verifying Protocol Implementations in ML". http://doc.utwente.nl/64107/1/fs2cv.pdf.

[47]

Bhargavan, K., R. Corin, C. Fournet, and E. Zalinescu. 2008. "Cryptographically Verified Implementations for TLS". In: 15th ACM Conference on Computer and Communications Security (CCS'08). ACM. 459-468.

[48]

Bhargavan, K., C. Fournet, and A. Gordon. 2004. "Verifying Policy-Based Security for Web Services". In: ACM Conference on Computer and Communications Security (CCS'04). Washington DC: ACM. 268-277.

[49]

Bhargavan, K., C. Fournet, and A. Gordon. 2010. "Modular Verification of Security Protocol Code by Typing". In: ACM Symposium on Principles of Programming Languages (POPL'10). Madrid, Spain: ACM. 445-456.

[50]

Bhargavan, K., C. Fournet, A. Gordon, and S. Tse. 2006. "Verified interoperable implementations of security protocols". In: 19th IEEE Computer Security Foundations Workshop (CSFW'06). Venice, Italy: IEEE Computer Society. 139-152.

[51]

Bhargavan, K., C. Fournet, M. Kohlweiss, A. Pironti, and P.-Y. Strub. 2013. "Implementing TLS with Verified Cryptographic Security". In: IEEE Symposium on Security & Privacy. 445-462.

[52]

Blanchet, B. 2004. "Automatic Proof of Strong Secrecy for Security Protocols". In: IEEE Symposium on Security and Privacy. Oakland, California. 86-100.

[53]

Blanchet, B. 2008a. "A Computationally Sound Mechanized Prover for Security Protocols". IEEE Transactions on Dependable and Secure Computing. 5(4): 193-207.

Digital Library

[54]

Blanchet, B. 2008b. "Vérification automatique de protocoles cryptographiques: modèle formel et modèle calculatoire". Mémoire d'habilitation à diriger des recherches. Université Paris-Dauphine.

[55]

Blanchet, B. 2009. "Automatic Verification of Correspondences for Security Protocols". Journal of Computer Security. 17(4): 363-434.

[56]

Blanchet, B. 2011. "Using Horn Clauses for Analyzing Security Protocols". In: Formal Models and Techniques for Analyzing Security Protocols. Ed. by V. Cortier and S. Kremer. Vol. 5. Cryptology and Information Security Series. IOS Press. 86-111.

[57]

Blanchet, B. 2012a. "Mechanizing Game-Based Proofs of Security Protocols". In: Software Safety and Security - Tools for Analysis and Verification. Ed. by T. Nipkow, O. Grumberg, and B. Hauptmann. Vol. 33. NATO Science for Peace and Security Series - D: Information and Communication Security. Proceedings of the 2011 MOD summer school. IOS Press. 1-25.

[58]

Blanchet, B. 2012b. "Security Protocol Verification: Symbolic and Computational Models". In: First Conference on Principles of Security and Trust (POST'12). Ed. by P. Degano and J. Guttman. Vol. 7215. Lecture Notes in Computer Science. Tallinn, Estonia: Springer. 3-29.

[59]

Blanchet, B. 2014. "Automatic Verification of Security Protocols in the Symbolic Model: the Verifier ProVerif". In: Foundations of Security Analysis and Design VII, FOSAD Tutorial Lectures. Ed. by A. Aldini, J. Lopez, and F. Martinelli. Vol. 8604. Lecture Notes in Computer Science. Springer. 54-87.

[60]

Blanchet, B., M. Abadi, and C. Fournet. 2008. "Automated Verification of Selected Equivalences for Security Protocols". Journal of Logic and Algebraic Programming. 75(1): 3-51.

[61]

Blanchet, B. and A. Chaudhuri. 2008. "Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage". In: IEEE Symposium on Security and Privacy. IEEE. Oakland, CA. 417-431.

[62]

Blanchet, B. and A. Podelski. 2005. "Verification of Cryptographic Protocols: Tagging Enforces Termination". Theoretical Computer Science. 333(1-2): 67-90. Special issue FoSSaCS'03.

Digital Library

[63]

Blanchet, B. and B. Smyth. 2016. "Automated reasoning for equivalences in the applied pi calculus with barriers". In: 29th IEEE Computer Security Foundations Symposium (CSF'16). Lisboa, Portugal: IEEE. 310-324.

[64]

Blanchet, B., B. Smyth, and V. Cheval. 2016. "ProVerif 1.94pl1: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial". Available at http://proverif.inria.fr/manual.pdf.

[65]

Boichut, Y., N. Kosmatov, and L. Vigneron. 2006. "Validation of Prouvé protocols using the automatic tool TA4SP". In: Third Taiwanese-French Conference on Information Technology (TFIT 2006). Nancy, France. 467-480.

[66]

Bruni, A., S. Mödersheim, F. Nielson, and H. R. Nielson. 2015. "Set-Pi: Set Membership Pi-Calculus". In: 28th IEEE Computer Security Foundations Symposium (CSF'15). Verona, Italy: IEEE. 185-198.

[67]

Cadé, D. and B. Blanchet. 2013. "From Computationally-Proved Protocol Specifications to Implementations and Application to SSH". Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA). 4(1): 4-31.

[68]

Cadé, D. and B. Blanchet. 2015. "Proved Generation of Implementations from Computationally Secure Protocol Specifications". Journal of Computer Security. 23(3): 331-402.

[69]

Canetti, R. and J. Herzog. 2006. "Universally Composable Symbolic Analysis of Mutual Authentication and Key Exchange Protocols". In: Proceedings, Theory of Cryptography Conference (TCC'06). Ed. by S. Halevi and T. Rabin. Vol. 3876. Lecture Notes in Computer Science. Extended version available at http://eprint.iacr.org/2004/334. New York, NY: Springer. 380-403.

[70]

Chadha, R., S. Ciobâca, and S. Kremer. 2012. "Automated Verification of Equivalence Properties of Cryptographic Protocols". In: 21st European Symposium on Programming (ESOP'12). Vol. 7211. Lecture Notes in Computer Science. Springer. 108-127.

[71]

Chaki, S. and A. Datta. 2009. "ASPIER: An Automated Framework for Verifying Security Protocol Implementations". In: 22nd IEEE Computer Security Foundations Symposium (CSF'09). Port Jefferson, NY, USA. 172-185.

[72]

Cheval, V. and B. Blanchet. 2013. "Proving More Observational Equivalences with ProVerif". In: 2nd Conference on Principles of Security and Trust (POST 2013). Ed. by D. Basin and J. Mitchell. Vol. 7796. Lecture Notes in Computer Science. Rome, Italy: Springer. 226-246.

Digital Library

[73]

Cheval, V., H. Comon-Lundh, and S. Delaune. 2011. "Trace Equivalence Decision: Negative Tests and Non-determinism". In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS'11). Chicago, Illinois, USA: ACM. 321-330.

[74]

Chevalier, Y., R. Küsters, M. Rusinowitch, and M. Turuani. 2003. "Deciding the Security of Protocols with Diffie-Hellman Exponentiation and Products in Exponents". In: FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science, 23rd Conference. Ed. by P. K. Pandya and J. Radhakrishnan. Vol. 2914. Lecture Notes in Computer Science. Mumbai, India: Springer. 124-135.

[75]

Chevalier, Y., R. Küsters, M. Rusinowitch, and M. Turuani. 2005. "An NP decision procedure for protocol insecurity with XOR". Theoretical Computer Science. 338(1-3): 247-274.

Digital Library

[76]

Chothia, T., B. Smyth, and C. Staite. 2015. "Automatically Checking Commitment Protocols in ProVerif without False Attacks". In: Principles of Security and Trust, 4th International Conference, POST 2015. Ed. by R. Focardi and A. Myers. Vol. 9036. Lecture Notes in Computer Science. London, UK: Springer. 137-155.

[77]

Chrétien, R., V. Cortier, and S. Delaune. 2015a. "Decidability of trace equivalence for protocols with nonces". In: 28th IEEE Computer Security Foundations Symposium (CSF'15). Verona, Italy: IEEE Computer Society. 170-184.

[78]

Chrétien, R., V. Cortier, and S. Delaune. 2015b. "From security protocols to pushdown automata". ACM Transactions on Computational Logic. 17(1:3).

[79]

Ciobâca, S. 2011. "Automated Verification of Security Protocols with Applications to Electronic Voting". PhD thesis. ENS Cachan.

[80]

Cohen, E. 2002. "Proving Protocols Safe from Guessing". In: Foundations of Computer Security. Copenhagen, Denmark.

[81]

Comon-Lundh, H. and V. Cortier. 2003. "New Decidability Results for Fragments of First-Order Logic and Application to Cryptographic Protocols". In: 14th Int. Conf. Rewriting Techniques and Applications (RTA'2003). Ed. by R. Nieuwenhuis. Vol. 2706. Lecture Notes in Computer Science. Valencia, Spain: Springer. 148-164.

[82]

Comon-Lundh, H. and S. Delaune. 2005. "The finite variant property: How to get rid of some algebraic properties". In: Proceedings of the 16th International Conference on Rewriting Techniques and Applications (RTA'05). Ed. by J. Giesl. Vol. 3467. Lecture Notes in Computer Science. Nara, Japan: Springer. 294-307.

[83]

Comon-Lundh, H. and V. Shmatikov. 2003. "Intruder deductions, constraint solving and insecurity decision in presence of exclusive or". In: Symposium on Logic in Computer Science (LICS'03). Ottawa, Canada: IEEE Computer Society. 271-280.

[84]

Corin, R., J. M. Doumen, and S. Etalle. 2004. "Analysing Password Protocol Security Against Off-line Dictionary Attacks". In: 2nd Int. Workshop on Security Issues with Petri Nets and other Computational Models (WISP). Electronic Notes in Theoretical Computer Science.

[85]

Corin, R., S. Malladi, J. Alves-Foss, and S. Etalle. 2003. "Guess What? Here is a New Tool that Finds some New Guessing Attacks". In: Workshop on Issues in the Theory of Security (WITS'03). Ed. by R. Gorrieri. Warsaw, Poland.

[86]

Cortier, V., H. Hördegen, and B. Warinschi. 2006. "Explicit Randomness is not Necessary when Modeling Probabilistic Encryption". In: Workshop on Information and Computer Security (ICS 2006). Ed. by C. Dima, M. Minea, and F. Tiplea. Vol. 186. Electronic Notes in Theoretical Computer Science. Timisoara, Romania: Elsevier. 49-65.

[87]

Cortier, V., S. Kremer, and B. Warinschi. 2011. "A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems". Journal of Automated Reasoning. 46(3-4): 225-259.

Digital Library

[88]

Cortier, V., M. Rusinowitch, and E. Zalinescu. 2007. "Relating two standard notions of secrecy". Logical Methods in Computer Science. 3(3).

[89]

Cortier, V. and C. Wiedling. 2012. "A formal analysis of the Norwegian E-voting protocol". In: Proceedings of the 1st International Conference on Principles of Security and Trust (POST'12). Ed. by P. Degano and J. D. Guttman. Vol. 7215. Lecture Notes in Computer Science. Tallinn, Estonia: Springer. 109-128.

[90]

Cremers, C. J. 2008. "Unbounded verification, falsification, and characterization of security protocols by pattern refinement". In: 15th ACM conference on Computer and Communications Security (CCS'08). Alexandria, Virginia, USA: ACM. 119-128.

[91]

Delaune, S. and F. Jacquemard. 2004. "A Theory of Dictionary Attacks and its Complexity". In: 17th IEEE Computer Security Foundations Workshop. Pacific Grove, CA: IEEE. 2-15.

[92]

Delaune, S., S. Kremer, and M. D. Ryan. 2009. "Verifying Privacy-type Properties of Electronic Voting Protocols". Journal of Computer Security. 17(4): 435-487.

[93]

Delaune, S., S. Kremer, M. D. Ryan, and G. Steel. 2011. "Formal analysis of protocols based on TPM state registers". In: Proceedings of the 24th IEEE Computer Security Foundations Symposium (CSF'11). Cernay-la-Ville, France: IEEE Computer Society. 66-82.

[94]

Delaune, S., M. Ryan, and B. Smyth. 2008. "Automatic verification of privacy properties in the applied pi calculus". In: Second Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM'08). Ed. by Y. Karabulut, J. Mitchell, P. Herrmann, and C. D. Jensen. Vol. 263. IFIP Advances in Information and Communication Technology. Trondheim, Norway: Springer. 263-278.

[95]

Denning, D. E. and G. M. Sacco. 1981. "Timestamps in Key Distribution Protocols". Communications of the ACM. 24(8): 533-536.

Digital Library

[96]

Diffie, W. and M. Hellman. 1976. "New Directions in Cryptography". IEEE Transactions on Information Theory. IT-22(6): 644-654.

Digital Library

[97]

Dolev, D. and A. C. Yao. 1983. "On the Security of Public Key Protocols". IEEE Transactions on Information Theory. IT-29(12): 198-208.

Digital Library

[98]

Dreier, J., P. Lafourcade, and Y. Lakhnech. 2013. "Formal Verification of e-Auction Protocols". In: Principles of Security and Trust (POST'13). Ed. by D. Basin and J. Mitchell. Vol. 7796. Lecture Notes in Computer Science. Rome, Italy: Springer. 247-266.

[99]

Drielsma, P. H., S. Mödersheim, and L. Viganò. 2005. "A Formalization of Off-line Guessing for Security Protocol Analysis". In: Logic for Programming, Artificial Intelligence, and Reasoning: 11th International Conference, LPAR 2004. Ed. by F. Baader and A. Voronkov. Vol. 3452. Lecture Notes in Computer Science. Montevideo, Uruguay: Springer. 363-379.

[100]

Dupressoir, F., A. D. Gordon, J. Jürjens, and D. A. Naumann. 2011. "Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols". In: 24th IEEE Symposium on Computer Security Foundations (CSF'11). Paris, France: IEEE Computer Society. 3-17.

[101]

Durgin, N., P. Lincoln, J. C. Mitchell, and A. Scedrov. 2004. "Multiset Rewriting and the Complexity of Bounded Security Protocols". Journal of Computer Security. 12(2): 247-311.

[102]

Escobar, S., J. Hendrix, C. Meadows, and J. Meseguer. 2007. "Diffie-Hellman cryptographic reasoning in the Maude-NRL protocol analyzer". In: Proc. 2nd International Workshop on Security and Rewriting Techniques (SecReT 2007).

[103]

Escobar, S., D. Kapur, C. Lynch, C. Meadows, J. Meseguer, P. Narendran, and R. Sasse. 2011. "Protocol analysis in Maude-NPA using unification modulo homomorphic encryption". In: 13th international ACM SIGPLAN symposium on Principles and practices of declarative programming (PPDP'11). Odense, Denmark: ACM. 65-76.

[104]

Escobar, S., C. Meadows, and J. Meseguer. 2006. "A rewriting-based inference system for the NRL Protocol Analyzer and its metalogical properties". Theoretical Computer Science. 367(1-2): 162-202.

Digital Library

[105]

Fournet, C. and M. Kohlweiss. 2011. "Modular Cryptographic Verification by Typing". In: 7th Workshop on Formal and Computational Cryptography (FCC'11). Paris, France.

[106]

Godskesen, J. C. 2006. "Formal Verification of the ARAN Protocol Using the Applied Pi-calculus". In: Sixth International IFIP WG 1.7 Workshop on Issues in the Theory of Security (WITS'06). Vienna, Austria. 99-113.

[107]

Gordon, A. and A. Jeffrey. 2004. "Types and Effects for Asymmetric Cryptographic Protocols". Journal of Computer Security. 12(3/4): 435-484.

Digital Library

[108]

Goubault-Larrecq, J. 2005. "Deciding H1 by resolution". Information Processing Letters. 95(3): 401-408.

Digital Library

[109]

Goubault-Larrecq, J. and F. Parrennes. 2005. "Cryptographic Protocol Analysis on Real C Code". In: 6th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05). Ed. by R. Cousot. Vol. 3385. Lecture Notes in Computer Science. Paris, France: Springer. 363-379.

[110]

Heather, J., G. Lowe, and S. Schneider. 2000. "How to Prevent Type Flaw Attacks on Security Protocols". In: 13th IEEE Computer Security Foundations Workshop (CSFW-13). Cambridge, England. 255-268.

[111]

Hüttel, H. 2003. "Deciding Framed Bisimilarity". Electronic Notes in Theoretical Computer Science. 68(6): 1-20. Special issue Infinity'02: 4th International Workshop on Verification of Infinite-State Systems.

[112]

Kallahalla, M., E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. 2003. "Plutus: Scalable secure file sharing on untrusted storage". In: 2nd Conference on File and Storage Technologies (FAST'03). San Francisco, CA: Usenix. 29-42.

[113]

Khurana, H. and H.-S. Hahm. 2006. "Certified Mailing Lists". In: ACM Symposium on Communication, Information, Computer and Communication Security (ASIACCS'06). Taipei, Taiwan: ACM. 46-58.

[114]

Kowalski, R. 1974. "Predicate Logic as Programming Language". In: Proceedings IFIP Congress. Stockholm: North Holland. 569-574.

[115]

Kremer, S. and R. Künnemann. 2014. "Automated Analysis of Security Protocols with Global State". In: 35th IEEE Symposium on Security and Privacy (S&P'14). San Jose, CA, USA: IEEE Computer Society.

[116]

Kremer, S. and M. D. Ryan. 2005. "Analysis of an Electronic Voting Protocol in the Applied Pi Calculus". In: Programming Languages and Systems: 14th European Symposium on Programming, ESOP 2005. Ed. by M. Sagiv. Vol. 3444. Lecture Notes in Computer Science. Edimbourg, UK: Springer. 186-200.

[117]

Küsters, R. and T. Truderung. 2008. "Reducing protocol analysis with XOR to the XOR-free case in the Horn theory based approach". In: 15th ACM conference on Computer and communications security (CCS'08). Alexandria, Virginia, USA: ACM. 129-138.

[118]

Küsters, R. and T. Truderung. 2009. "Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation". In: 22nd IEEE Computer Security Foundations Symposium (CSF'09). Port Jefferson, New York, USA: IEEE. 157-171.

[119]

Lowe, G. 1996. "Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR". In: Tools and Algorithms for the Construction and Analysis of Systems. Vol. 1055. Lecture Notes in Computer Science. Springer. 147-166.

[120]

Lowe, G. 1997. "A Hierarchy of Authentication Specifications". In: 10th Computer Security Foundations Workshop (CSFW '97). IEEE Computer Society. Rockport, Massachusetts. 31-43.

[121]

Lowe, G. 2002. "Analyzing Protocols Subject to Guessing Attacks". In: Workshop on Issues in the Theory of Security (WITS'02). Portland, Oregon.

[122]

Lux, K. D., M. J. May, N. L. Bhattad, and C. A. Gunter. 2005. "WSEmail: Secure Internet Messaging Based on Web Services". In: International Conference on Web Services (ICWS'05). Orlando, Florida: IEEE Computer Society. 75-82.

[123]

Meadows, C. A. 1996. "The NRL Protocol Analyzer: An Overview". Journal of Logic Programming. 26(2): 113-131.

[124]

Meadows, C. and P. Narendran. 2002. "A Unification Algorithm for the Group Diffie-Hellman Protocol". In: Workshop on Issues in the Theory of Security (WITS'02). Portland, Oregon.

[125]

Meier, S., C. Cremers, and D. Basin. 2010. "Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs". In: 23rd IEEE Computer Security Foundations Symposium (CSF'10). Edinburgh, UK: IEEE. 231-245.

[126]

Milicia, G. 2002. "¿-Spaces: Programming Security Protocols". In: 14th Nordic Workshop on Programming Theory (NWPT'02). Tallinn, Estonia.

[127]

Millen, J. 1999. "A Necessarily Parallel Attack". In: Workshop on Formal Methods and Security Protocols (FMSP'99). Trento, Italy.

[128]

Milner, R., J. Parrow, and D. Walker. 1992. "A Calculus of Mobile Processes, parts I and II". Information and Computation. 100(Sept.): 1-40 and 41-77.

Digital Library

[129]

Mödersheim, S. 2010. "Abstraction by Set-Membership: Verifying Security Protocols and Web Services with Databases". In: 17th ACM Conference on Computer and Communications Security (CCS 2010). ACM. Chicago, IL, USA. 351-360.

[130]

Mödersheim, S. and L. Viganò. 2009. "The Open-source Fixed-point Model Checker for Symbolic Analysis of Security Protocols". In: Foundations of Security Analysis and Design V, FOSAD 2007 / 2008 / 2009 Tutorial Lectures. Ed. by A. Aldini, G. Barthe, and R. Gorrieri. Vol. 5705. Lecture Notes in Computer Science. Springer. 166-194.

[131]

Monniaux, D. 2003. "Abstracting Cryptographic Protocols with Tree Automata". Science of Computer Programming. 47(2-3): 177-202.

Digital Library

[132]

Mukhamedov, A., A. D. Gordon, and M. Ryan. 2013. "Towards a Verified Reference Implementation of a Trusted Platform Module". In: Security Protocols XVII. Ed. by B. Christianson, J. A. Malcolm, V. Matyá¿, and M. Roe. Vol. 7028. Lecture Notes in Computer Science. Springer. 69-81.

[133]

Needham, R. M. and M. D. Schroeder. 1978. "Using Encryption for Authentication in Large Networks of Computers". Communications of the ACM. 21(12): 993-999.

Digital Library

[134]

O'Shea, N. 2008. "Using Elyjah to Analyse Java Implementations of Cryptographic Protocols". In: Joint Workshop on Foundations of Computer Security, Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (FCS-ARSPA-WITS'08). Pittsburgh, PA, USA.

[135]

Pankova, A. and P. Laud. 2012. "Symbolic Analysis of Cryptographic Protocols Containing Bilinear Pairings". In: 25th IEEE Computer Security Foundations Symposium (CSF'12). Cambridge, MA: IEEE. 63-77.

[136]

Paulson, L. C. 1998. "The Inductive Approach to Verifying Cryptographic Protocols". Journal of Computer Security. 6(1-2): 85-128.

[137]

Pironti, A. and R. Sisto. 2010. "Provably Correct Java Implementations of Spi Calculus Security Protocols Specifications". Computers and Security. 29(3): 302-314.

Digital Library

[138]

Pottier, F. 2002. "A Simple View of Type-Secure Information Flow in the ¿-Calculus". In: 15th IEEE Computer Security Foundations Workshop. Cape Breton, Nova Scotia. 320-330.

[139]

Pottier, F. and V. Simonet. 2002. "Information Flow Inference for ML". In: 29th ACM Symposium on Principles of Programming Languages (POPL'02). Portland, Oregon. 319-330.

[140]

Pozza, D., R. Sisto, and L. Durante. 2004. "Spi2Java: Automatic cryptographic protocol Java code generation from spi calculus". In: 18th International Conference on Advanced Information Networking and Applications (AINA'04). Vol. 1. Fukuoka, Japan: IEEE Computer Society. 400-405.

[141]

Ramanujam, R. and S. Suresh. 2003. "Tagging Makes Secrecy Decidable with Unbounded Nonces as Well". In: FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science. Ed. by P. Pandya and J. Radhakrishnan. Vol. 2914. Lecture Notes in Computer Science. Mumbai, India: Springer. 363-374.

[142]

Rusinowitch, M. and M. Turuani. 2003. "Protocol Insecurity with Finite Number of Sessions is NP-complete". Theoretical Computer Science. 299(1-3): 451-475.

Digital Library

[143]

Santiago, S., S. Escobar, C. Meadows, and J. Meseguer. 2014. "A Formal Definition of Protocol Indistinguishability and Its Verification Using Maude-NPA". In: Security and Trust Management (STM'14). Ed. by S. Mauw and C. D. Jensen. Vol. 8743. Lecture Notes in Computer Science. Wroclaw, Poland: Springer. 162-177.

[144]

Schmidt, B., S. Meier, C. Cremers, and D. Basin. 2012. "Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties". In: 25th IEEE Computer Security Foundations Symposium (CSF'12). Cambridge, MA, USA: IEEE Computer Society. 78-94.

[145]

Schmidt, B., R. Sasse, C. Cremers, and D. Basin. 2014. "Automated Verification of Group Key Agreement Protocols". In: 2014 IEEE Symposium on Security and Privacy. San Jose, CA: IEEE. 179-194.

[146]

Smyth, B., M. D. Ryan, and L. Chen. 2015. "Formal analysis of privacy in Direct Anonymous Attestation schemes". Science of Computer Programming. 111(2): 300-317

Digital Library

[147]

Song, D., A. Perrig, and D. Phan. 2001. "AGVI--Automatic Generation, Verification, and Implementation of Security Protocols". In: Computer Aided Verification (CAV'01). Ed. by G. Berry, H. Comon, and A. Finkel. Vol. 2102. Lecture Notes in Computer Science. Paris, France: Springer. 241-245.

[148]

Swamy, N., J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, and J. Yang. 2011. "Secure Distributed Programming with Value-dependent Types". In: 16th International Conference on Functional Programming (ICFP 2011). Tokyo, Japan: ACM. 266-278.

[149]

Tiu, A. and J. Dawson. 2010. "Automating Open Bisimulation Checking for the Spi Calculus". In: 23rd IEEE Computer Security Foundations Symposium (CSF'10). Edinburgh, UK: IEEE. 307-321.

[150]

Turuani, M. 2006. "The CL-Atse Protocol Analyser". In: Term Rewriting and Applications, 17th International Conference, RTA 2006. Ed. by F. Pfenning. Vol. 4098. Lecture Notes in Computer Science. Seattle, WA: Springer. 277-286.

[151]

Weidenbach, C. 1999. "Towards an Automatic Analysis of Security Protocols in First-Order Logic". In: 16th International Conference on Automated Deduction (CADE-16). Ed. by H. Ganzinger. Vol. 1632. Lecture Notes in Artificial Intelligence. Trento, Italy: Springer. 314-328.

[152]

Woo, T. Y. C. and S. S. Lam. 1993. "A Semantic Model for Authentication Protocols". In: IEEE Symposium on Research in Security and Privacy. Oakland, California. 178-194.

Cited By

Lorch RLarraz DTinelli CChowdhury O(2024)A Comprehensive, Automated Security Analysis of the Uptane Automotive Over-the-Air Update FrameworkProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678927(594-612)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678927
Nelson TGreenman BPrasad SDyer TBove EChen QCutting CDel Vecchio TLeVine SRudner JRyjikov BVarga AWagner AWest LKrishnamurthi S(2024)Forge: A Tool and Language for Teaching Formal MethodsProceedings of the ACM on Programming Languages10.1145/36498338:OOPSLA1(613-641)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649833
Baloglu SBursuc SMauw SPang JQuek TGao DZhou JCardenas A(2024)Formal Verification and Solutions for Estonian E-VotingProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657009(728-741)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657009
Show More Cited By

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

Recommendations

Formal Verification of Security Protocols: ProVerif and Extensions
Artificial Intelligence and Security
Abstract
Secure protocols are built on cryptographic algorithms, which provide a variety of secure services to realize secure communications in a network environment. To improve the quality of security protocols and ensure their reliability, sufficient ...
Verifying Security Protocols Modelled by Networks of Automata
Special Issue on Concurrency Specification and Programming (CS&P)

In this paper we show a novel method for modelling behaviours of security protocols using networks of communicating automata in order to verify them with SAT-based bounded model checking. These automata correspond to executions of the participants as ...
An intruder model for verifying liveness in security protocols
FMSE '06: Proceedings of the fourth ACM workshop on Formal methods in security

We present a process algebraic intruder model for verifying a class of liveness properties of security protocols. For this class, the proposed intruder model is proved to be equivalent to a Dolev-Yao intruder that does not delay indefinitely the ...

Comments

Information & Contributors

Information

Published In

cover image Foundations and Trends in Privacy and Security

Foundations and Trends in Privacy and Security Volume 1, Issue 1-2

31 10 2016

138 pages

EISSN:2474-1566

Issue’s Table of Contents

Publisher

Now Publishers Inc.

Hanover, MA, United States

Publication History

Published: 31 October 2016

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

66
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lorch RLarraz DTinelli CChowdhury O(2024)A Comprehensive, Automated Security Analysis of the Uptane Automotive Over-the-Air Update FrameworkProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678927(594-612)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678927
Nelson TGreenman BPrasad SDyer TBove EChen QCutting CDel Vecchio TLeVine SRudner JRyjikov BVarga AWagner AWest LKrishnamurthi S(2024)Forge: A Tool and Language for Teaching Formal MethodsProceedings of the ACM on Programming Languages10.1145/36498338:OOPSLA1(613-641)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649833
Baloglu SBursuc SMauw SPang JQuek TGao DZhou JCardenas A(2024)Formal Verification and Solutions for Estonian E-VotingProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657009(728-741)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657009
Wang YLaing TMoreira JRyan MVilela JSchulmann HLi N(2024)Remote Registration of Multiple AuthenticatorsProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653273(379-390)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653273
Pérez-García JBraeken ABenslimane A(2024)Blockchain-Based Group Key Management Scheme for IoT With Anonymity of Group MembersIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.341466319(6709-6721)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3414663
Yuan XLiu JWang BWang WWang BLi TMa XPedrycz W(2024)FedComm: A Privacy-Enhanced and Efficient Authentication Protocol for Federated Learning in Vehicular Ad-Hoc NetworksIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332474719(777-792)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3324747
Wu FLiu JLi YNi M(2024)LπCETIET Information Security10.1049/2024/26347442024Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1049/2024/2634744
Shi QXu XZhang XCalandrino JTroncoso C(2023)Extracting protocol format as state machine via controlled static loop analysisProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620630(7019-7036)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620630
Linvill KKaki GWustrow E(2023)Verifying Indistinguishability of Privacy-Preserving ProtocolsProceedings of the ACM on Programming Languages10.1145/36228497:OOPSLA2(1442-1469)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622849
Tran DOgata KEscobar SAkleylek SOtmani A(2023)Kyber, Saber, and SK-MLWR Lattice-Based Key Encapsulation Mechanisms Model Checking with MaudeIET Information Security10.1049/2023/93998872023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1049/2023/9399887
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents