Title :
Code security analysis of a biometric authentication system using automated theorem provers
Author_Institution :
Dept. of Informatics, TU Munich
Abstract :
Understanding the security goals provided by cryptographic protocol implementations is known to be difficult, since security requirements such as secrecy, integrity and authenticity of data are notoriously hard to establish, especially in the context of cryptographic interactions. A lot of research has been devoted to developing formal techniques to analyze abstract specifications of cryptographic protocols. Less attention has been paid to the analysis of cryptoprotocol implementations, for which a formal link to specifications is often not available. In this paper, we apply an approach to determine security goals provided by a C implementation to an industrially-strength biometric authentication system. Our approach is based on control flow graphs and automated theorem provers for first-order logic
Keywords :
authorisation; biometrics (access control); cryptography; data flow graphs; formal logic; formal specification; theorem proving; abstract specification; automated theorem prover; biometric authentication system; code security analysis; control flow graph; cryptographic interaction; cryptographic protocol; cryptoprotocol implementation; data authenticity; data integrity; data secrecy; first-order logic; formal technique; security requirement; Access protocols; Application software; Authentication; Automatic control; Biometrics; Cryptographic protocols; Cryptography; Data security; Flow graphs; Logic;
Conference_Titel :
Computer Security Applications Conference, 21st Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-7695-2461-3
DOI :
10.1109/CSAC.2005.15
