Tools for cryptographic protocols analysis: A technical and experimental comparison

Authors:
Manuel Cheminod;Ivan Cibrario Bertolotti;Luca Durante;Riccardo Sisto;Adriano Valenzano
Affiliations:
IEIIT-CNR, c.so Duca degli Abruzzi 24, I-10129 Torino, Italy;IEIIT-CNR, c.so Duca degli Abruzzi 24, I-10129 Torino, Italy;IEIIT-CNR, c.so Duca degli Abruzzi 24, I-10129 Torino, Italy;Politecnico di Torino, c.so Duca degli Abruzzi 24, I-10129 Torino, Italy;IEIIT-CNR, c.so Duca degli Abruzzi 24, I-10129 Torino, Italy
Venue:
Computer Standards & Interfaces
Year:
2009

Citing 16
Cited 0

The Interrogator: Protocol Secuity Analysis

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Verifying Authentication Protocols in CSP

IEEE Transactions on Software Engineering
A calculus for cryptographic protocols

Information and Computation
The inductive approach to verifying cryptographic protocols

Journal of Computer Security
Verifying security protocols with Brutus

ACM Transactions on Software Engineering and Methodology (TOSEM)
A compiler for analyzing cryptographic protocols using noninterference

ACM Transactions on Software Engineering and Methodology (TOSEM)
Experimenting with STA, a tool for automatic analysis of security protocols

Proceedings of the 2002 ACM symposium on Applied computing
Proof Techniques for Cryptographic Processes

SIAM Journal on Computing
A Framework for the Analysis of Security Protocols

CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
Modelling and verifying key-exchange protocols using CSP and FDR

CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Casper: A Compiler for the Analysis of Security Protocols

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Athena: a New Efficient Automatic Checker for Security Protocol Analysis

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Automated analysis of cryptographic protocols using Mur/spl phi/

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Automatic testing equivalence verification of spi calculus specifications

ACM Transactions on Software Engineering and Methodology (TOSEM)
CDiff: a new reduction technique for constraint-based analysis of security protocols

Proceedings of the 10th ACM conference on Computer and communications security
Improving the security of industrial networks by means of formal verification

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

The tools for cryptographic protocols analysis based on state exploration are designed to be completely automatic and should carry out their job with a reasonable amount of computing and storage resources, even when run by users having a limited amount of expertise in the field. This paper compares four tools of this kind to highlight their features and ability to detect bugs under the same experimental conditions. To this purpose, the ability of each tool to detect known flaws in a uniform set of well-known cryptographic protocols has been checked. Results are also given on the relative performance of the tools when analysing several known-good protocols with an increasing number of parallel sessions.