Secret-key agreement without public-key
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Kerberos Version 4: Inductive Analysis of the Secrecy Goals
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Implementation of a Provably Secure, Smartcard-Based Key Distribution Protocol
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
Low Cost Attacks on Tamper Resistant Devices
Proceedings of the 5th International Workshop on Security Protocols
Modelling Agents' Knowledge Inductively
Proceedings of the 7th International Workshop on Security Protocols
Mechanising BAN Kerberos by the Inductive Method
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Session key distribution using smart cards
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Mechanical Proofs about a Non-repudiation Protocol
TPHOLs '01 Proceedings of the 14th International Conference on Theorem Proving in Higher Order Logics
Inductive verification of smart card protocols
Journal of Computer Security
Verifying smart card applications: an ASM approach
IFM'07 Proceedings of the 6th international conference on Integrated formal methods
Formal verification of application-specific security properties in a model-driven approach
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Hi-index | 0.00 |
Paulson's Inductive Approach for verifying traditional cryptographic protocols is tailored to those where agents make use of smart cards. An intruder can actively exploit other agents' cards, which can be stolen or cloned. The approach is demonstrated on the Shoup-Rubin protocol, which is modelled and verified thoroughly. The protocol achieves strong goals of confidentiality, authentication and key distribution. However, our proofs highlight that a few messages require additional explicitness in order to guarantee those goals to the peers when the cards' data buses are unreliable.