Abstract
The formal verification of security protocols is one of the successful applications of automated reasoning1. Techniques based on belief logics, model checking, and theorem proving have been successful in determining strengths and weaknesses of many protocols, some of which have been even fielded before being discovered badly wrong.
This tutorial presents the problems to the “security illiterate”, explaining aims, objectives and tools of this application of automated reasoning.
Indeed, the proposal to use tableaux for security verification dates back to 1983 [11].
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
R. Anderson and R. Needham. Programming Satan’s computer. In Computer Science Today, LNCS 1000, pp. 426–440. Springer-Verlag, 1996.
G. Bella and L. Paulson. Kerberos version IV: inductive analysis of the secrecy goals. In Proc. of ESORICS-98, LNCS 1485. Springer-Verlag, 1998.
D. Bolignano. An approach to the formal verification of cryptographic protocols. In Proc. of the 3th ACM Conf. on Comm. and Comp. Security, pp. 106–118, 1996.
S. Brackin. A HOL extension of GNY for automatically cryptographic protocols. In Proc. of the 9th IEEE Comp. Sec. Found. Workshop. IEEE Press, 1996.
M. Burrows, M. Abadi, and R. Needham. A logic for authentication. ACM TOCS, 8(1):18–36, 1990.
R. Focardi and R. Gorrieri. The compositional security checker: A tool for the verification of information flow security properties. IEEE TOSE, 23(9):550–571, 1997.
D. Gollmann. What do we mean by entity authentication. In Proc. of the 15th IEEE Symp. on Sec. and Privacy, pp. 46–54. IEEE Press, 1996.
International Organization for Standardization. ISO/IEC Draft Int. Std. 10181-2.2 IT-Open System Interconnection-Security Framework for Open Systems: Authentication Framework, 1993. Section 8.1.5.
G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR. In Proc. of TACAS, LNCS 1055, pp. 147–166. Springer-Verlag, 1996.
W. Mao and C. Boyd. Towards formal analysis of security protocols. In Proc. of the 6th IEEE Comp. Sec. Foundations Workshop, pp. 147–158. IEEE Press, 1993.
B. Marick. The VERUS design verification system. In Proc. of the 2nd IEEE Symp. on Sec. and Privacy, pp. 150–157. IEEE Press, 1983.
C. Meadows. Formal verification of cryptographic protocols: A survey. In Proc. of ASIACRYPT-94, LNCS 917, pp. 133–150. Springer-Verlag, 1995.
R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. CACM, 21(12):993–999, 1978.
L. Paulson. The inductive approach to verifying cryptographic protocols. J. of Computer Security, 1998.
P. Syverson, and P. van Oorschot. On Unifying Some Cryptographic Protocols Logics. In Proc. of the 13th IEEE Symp. on Sec. and Privacy. IEEE Press, 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Massacci, F. (1999). Automated Reasoning and the Verification of Security Protocols. In: Murray, N.V. (eds) Automated Reasoning with Analytic Tableaux and Related Methods. TABLEAUX 1999. Lecture Notes in Computer Science(), vol 1617. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48754-9_6
Download citation
DOI: https://doi.org/10.1007/3-540-48754-9_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66086-6
Online ISBN: 978-3-540-48754-8
eBook Packages: Springer Book Archive