Strand spaces: proving security protocols correct
Journal of Computer Security
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Proving Properties of Security Protocols by Induction
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Honest Ideals on Strand Spaces
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Athena: a New Efficient Automatic Checker for Security Protocol Analysis
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
TAPS: A First-Order Verifier for Cryptographic Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Relating Strands and Multiset Rewriting for Security Protocol Analysis
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Security Protocol Design via Authentication Tests
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated analysis of cryptographic protocols using Mur/spl phi/
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
The correctness of an authentication protocol is based on, among others, the relation between nonces and data that is established in the course of execution of the protocol. In this paper, we formulate an inference system that derives the secrecy of nonces and the relation that binds nonces and data. It is easy to show the correctness of a protocol by directly deriving the binding relation using the inference rules. Depending on situations, it is also possible to extend the inference system by simply adding new inference rules. We give some example protocols whose correctness can only be shown using some conditions on nonces that are formulated as additional inference rules.