Title :
Proving security protocols correct
Author :
Paulson, Lawrence C.
Author_Institution :
Comput. Lab., Cambridge Univ., UK
Abstract :
Security protocols use cryptography to set up private communication channels on an insecure network. Many protocols contain flaws, and because security goals are seldom specified in detail, we cannot be certain what constitutes a flaw. Thanks to recent work by a number of researchers, security protocols can now be analyzed formally. The paper outlines the problem area, emphasizing the notion of freshness. It describes how a protocol can be specified using operational semantics and properties proved by rule induction, with machine support from the proof tool Isabelle. The main example compares two versions of the Yahalom protocol. Unless the model of the environment is sufficiently detailed, it cannot distinguish the correct protocol from a flawed version. The paper attempts to draw some general lessons on the use of formalisms. Compared with model checking, the inductive method performs a finer analysis, but the cost of using it is greater
Keywords :
cryptography; protocols; telecommunication channels; theorem proving; Yahalom protocol; cryptography; machine support; model checking; operational semantics; private communication channels; proof tool Isabelle; rule induction; security protocols; Communication channels; Computer networks; Costs; Cryptographic protocols; Cryptography; Independent component analysis; Laboratories; Performance analysis; Security; Web server;
Conference_Titel :
Logic in Computer Science, 1999. Proceedings. 14th Symposium on
Conference_Location :
Trento
Print_ISBN :
0-7695-0158-3
DOI :
10.1109/LICS.1999.782632
