The inductive approach to verifying cryptographic protocols
Journal of Computer Security
The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Verifying authentication protocols with CSP
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Generic Insecurity of Cliques-Type Authenticated Group Key Agreement Protocols
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A decision procedure for the existence of a rank function
Journal of Computer Security
Injective synchronisation: an extension of the authentication hierarchy
Theoretical Computer Science - Automated reasoning for security protocol analysis
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Specifying authentication using signal events in CSP
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Verifying security protocols: an application of CSP
CSP'04 Proceedings of the 2004 international conference on Communicating Sequential Processes: the First 25 Years
Hi-index | 0.00 |
In this paper we present a fully formal correctness proof of a multi-party version of the Needham-Schroeder-Lowe public key authentication protocol. As the protocol allows for an arbitrary number of participants, the model consisting of all possible protocol executions exceeds any bounds imposed by model checking methods. By modelling the protocol in the CSP-framework and using the Rank Theorem we obtain an abstraction level that allows to give a correctness proof in PVS for the protocol with respect to authentication, for the protocol running in parallel in multiple instantiations, possibly with different numbers of agents for each instance. This specific result shows how, more generally, the formalisation in CSP and application of the theorem prover PVS make full formal verification of multi-party security protocols possible.