The Interrogator: Protocol Secuity Analysis
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Optimal privacy and authentication on a portable communications system
ACM SIGOPS Operating Systems Review
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Using encryption for authentication in large networks of computers
Communications of the ACM
Dr. Dobb's Journal
A logic for modeling the dynamics of beliefs in cryptographic protocols
ACSC '01 Proceedings of the 24th Australasian conference on Computer science
On the design of security protocols for mobile communications
ACISP '96 Proceedings of the First Australasian Conference on Information Security and Privacy
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Authentication and payment in future mobile systems
Journal of Computer Security
Analysis of a mobile communication security protocol
ISICT '03 Proceedings of the 1st international symposium on Information and communication technologies
ACM Transactions on Information and System Security (TISSEC)
Determining a parallel session attack on a key distribution protocol using a model checker
Proceedings of the 6th International Conference on Advances in Mobile Computing and Multimedia
A logic-based verification framework for authentication protocols
International Journal of Internet Technology and Secured Transactions
Computers and Electrical Engineering
A new mobile payment system with formal verification
International Journal of Internet Technology and Secured Transactions
Hi-index | 0.00 |
Traditionally, security protocols have been designed and verified using informal techniques. However, the absence of formal verification can lead to security errors remaining undetected. Formal verification techniques, on the other hand, provide a systematic way of discovering protocol flaws.This paper discusses the process of formal verification using modal logics. The verification process is demonstrated by way of case studies on three security protocols, which are designed for use in mobile communications. Our formal analysis discovers all known flaws in the three chosen protocols. Further, a hitherto unknown flaw is identified in these protocols. This flaw causes a protocol failure, which can be exploited in an attack where an adversary impersonates a legitimate protocol participant. A new protocol, resistant to this attack, is proposed and formally verified, giving confidence in the correctness of the protocol.The result of these case studies, where formal verification successfully discovers all these flaws, demonstrates that using formal verification techniques is an imperative step in the design of security protocols.