The inductive approach to verifying cryptographic protocols
Journal of Computer Security
The Byzantine Generals Problem
ACM Transactions on Programming Languages and Systems (TOPLAS)
Intercepting mobile communications: the insecurity of 802.11
Proceedings of the 7th annual international conference on Mobile computing and networking
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
TCS '00 Proceedings of the International Conference IFIP on Theoretical Computer Science, Exploring New Frontiers of Theoretical Informatics
Email-Based Identification and Authentication: An Alternative to PKI?
IEEE Security and Privacy
Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach
Proceedings of the 15th ACM conference on Computer and communications security
Why Don't We Encrypt Our Email?
IEEE Internet Computing
Secrecy of cryptographic protocols under equational theory
Knowledge-Based Systems
ASPIER: An Automated Framework for Verifying Security Protocol Implementations
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Public-key encryption in a multi-user setting: security proofs and improvements
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Proceedings of the 13th international conference on Security protocols
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
A formal approach for the specification and verification of trustworthy component-based systems
Journal of Systems and Software
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Formal analysis of an electronic voting system: An experience report
Journal of Systems and Software
An approach for adapting moodle into a secure infrastructure
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Extracting and verifying cryptographic models from C protocol code by symbolic execution
Proceedings of the 18th ACM conference on Computer and communications security
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
On the security of public key protocols
IEEE Transactions on Information Theory
Verifying cryptographic code in c: some experience and the csec challenge
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Hi-index | 0.00 |
In this work we propose a methodology for incorporating the verification of the security properties of network protocols as a fundamental component of their design. This methodology can be separated in two main parts: context and requirements analysis along with its informal verification; and formal representation of protocols and the corresponding procedural verification. Although the procedural verification phase does not require any specific tool or approach, automated tools for model checking and/or theorem proving offer a good trade-off between effort and results. In general, any security protocol design methodology should be an iterative process addressing in each step critical contexts of increasing complexity as result of the considered protocol goals and the underlying threats. The effort required for detecting flaws is proportional to the complexity of the critical context under evaluation, and thus our methodology avoids wasting valuable system resources by analyzing simple flaws in the first stages of the design process. In this work we provide a methodology in coherence with the step-by-step goals definition and threat analysis using informal and formal procedures, being our main concern to highlight the adequacy of such a methodology for promoting trust in the accordingly implemented communication protocols. Our proposal is illustrated by its application to three communication protocols: MANA III, WEP's Shared Key Authentication and CHAT-SRP.