Abstract
We introduce a definition of bisimulation for cryptographic protocols. The definition includes a simple and precise model of the knowledge of the environment with which a protocol interacts. Bisimulation is the basis of an effective proof technique, which yields proofs of classical security properties of protocols and also justifies certain protocol optimisations. The setting for our work is the spi calculus, an extension of the pi calculus with cryptographic primitives. We prove the soundness of the bisimulation proof technique within the spi calculus.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abadi. Secrecy by typing in security protocols. In Theoretical Aspects of Computer Software, volume 1281 of Lecture Notes in Computer Science, pages 611–638. Springer-Verlag, 1997.
M. Abadi and A. D. Gordon. A calculus for cryptographic protocols: The spi calculus. In Proceedings of the Fourth ACM Conference on Computer and Communications Security, pages 36–47, 1997.
M. Abadi and A. D. Gordon. A calculus for cryptographic protocols: The spi calculus. Technical Report 414, University of Cambridge Computer Laboratory, January 1997.
M. Abadi and A. D. Gordon. Reasoning about cryptographic protocols in the spi calculus. In CONCUR'97: Concurrency Theory, volume 1243 of Lecture Notes in Computer Science, pages 59–73. Springer-Verlag, 1997.
D. Bolignano. An approach to the formal verification of cryptographic protocols. In 3rd ACM Conference on Computer and Communications Security, pages 106–118, March 1996.
Data encryption standard. Fed. Inform. Processing Standards Pub. 46, National Bureau of Standards, Washington DC, January 1977.
R. Focardi and R. Gorrieri. A classification of security properties. Journal of Computer Security, 3(1), 1995.
J. Gray and J. McLean. Using temporal logic to specify and verify cryptographic protocols (progress report). In Proceedings of the 8th IEEE Computer Security Foundations Workshop, pages 108–116, 1995.
R. A. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7, 1989.
G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of Lecture Notes in Computer Science, pages 147–166. Springer-Verlag, 1996.
J. K. Millen, S. C. Clark, and S. B. Freedman. The Interrogator: Protocol security analysis. IEEE Transactions on Software Engineering, SE-13(2):274–288, February 1987.
C. Meadows. Applying formal methods to the analysis of a key management protocol. Journal of Computer Security, 1(1):5–36, 1992.
R. Milner. Communication and Concurrency. Prentice-Hall International, 1989.
J. K. Millen. The Interrogator model. In IEEE Symposium on Security and Privacy, pages 251–260, 1995.
R. Milner, J. Parrow, and D. Walker. A calculus of mobile processes, parts I and II. Information and Computation, pages 1–40 and 41–77, September 1992.
D. Park. Concurrency and automata on infinite sequences. In P. Deussen, editor, Theoretical Computer Science: 5th GI-Conference, Karlsruhe, volume 104 of Lecture Notes in Computer Science, pages 167–183. Springer-Verlag, March 1981.
L. Paulson. Proving properties of security protocols by induction. In Proceedings of the 10th IEEE Computer Security Foundations Workshop, pages 70–83, 1997.
A. M. Pitts and I. D. B. Stark. Observable properties of higher order functions that dynamically create local names, or: What's new? In Mathematical Foundations of Computer Science, Proc. 18th Int. Symp., Gdansk, 1993, volume 711 of Lecture Notes in Computer Science, pages 122–141. Springer-Verlag, 1993.
B. Pierce and D. Sangiorgi. Typing and subtyping for mobile processes. Mathematical Structures in Computer Science, 6(5):409–453, October 1996.
S. Schneider. Security properties and CSP. In IEEE Symposium on Security and Privacy, pages 174–187, 1996.
B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons, Inc., second edition, 1996.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abadi, M., Gordon, A.D. (1998). A bisimulation method for cryptographic protocols. In: Hankin, C. (eds) Programming Languages and Systems. ESOP 1998. Lecture Notes in Computer Science, vol 1381. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0053560
Download citation
DOI: https://doi.org/10.1007/BFb0053560
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64302-9
Online ISBN: 978-3-540-69722-0
eBook Packages: Springer Book Archive