Communicating sequential processes
Communicating sequential processes
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Communicating sequential processes
Communications of the ACM
From Secrecy to Authenticity in Security Protocols
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Lazy Infinite-State Analysis of Security Protocols
Proceedings of the International Exhibition and Congress on Secure Networking - CQRE (Secure) '99
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Analyzing security protocols with secrecy types and logic programs
Journal of the ACM (JACM)
A Computationally Sound Mechanized Prover for Security Protocols
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Cryptographically Sound Theorem Proving
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Cryptographically-Sound Protocol-Model Abstractions
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
A framework for game-based security proofs
ICICS'07 Proceedings of the 9th international conference on Information and communications security
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Provably repairing the ISO/IEC 9798 standard for entity authentication
POST'12 Proceedings of the First international conference on Principles of Security and Trust
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
A formal methodology for integral security design and verification of network protocols
Journal of Systems and Software
Provably repairing the ISO/IEC 9798 standard for entity authentication
Journal of Computer Security - Security and Trust Principles
Efficient construction of machine-checked symbolic protocol security proofs
Journal of Computer Security
Hi-index | 0.00 |
Governments and international standards bodies have established certification procedures for security-critical technologies, such as cryptographic algorithms. Such standards have not yet been established for cryptographic protocols and hence it is difficult for users of these protocols to know whether they are trustworthy. This is a serious problem as many protocols proposed in the past have failed to achieve their stated security properties. In this paper, we propose a framework for certifying cryptographic protocols. Our framework specifies procedures for both protocol designers and evaluators for certifying protocols with respect to three different assurance levels. This framework is being standardized as ISO/IEC 29128 in ISO/IEC JTC1 SC27/WG3, in which three of the authors are project co-editors. As a case study in the application of our proposal, we also present the plan for the open evaluation of entity-authentication protocols within the CRYPTREC project.