Challenges in the Automated Verification of Security Protocols

Abstract: Abstract. The application area of security protocols raises several problems that are relevant to automated deduction. We describe in this note some of these challenges.

“…5 We therefore consider two-sorted theories of the form E ∪ T s ∪ (E)Rec Σ , where T s is a theory of sort s. We make the following assumptions:…”

“…This allows us to significantly extend existing results on reasoning about functions defined using certain forms of recursion, or satisfying homomorphism properties [1,8,18], and at the same time shows how powerful and widely applicable the concept of local theory (extension) is in automated reasoning. As a by-product, the methods we use provide a possibility of presenting in a different light (and in a different form) locality phenomena studied in cryptography in [4,5,6]; we believe that they will allow to better separate rewriting from proving, and thus to give simpler proofs. The main results are summarized below:…”

Locality Results for Certain Extensions of Theories with Bridging Functions

“…5 We therefore consider two-sorted theories of the form E ∪ T s ∪ (E)Rec Σ , where T s is a theory of sort s. We make the following assumptions:…”

“…This allows us to significantly extend existing results on reasoning about functions defined using certain forms of recursion, or satisfying homomorphism properties [1,8,18], and at the same time shows how powerful and widely applicable the concept of local theory (extension) is in automated reasoning. As a by-product, the methods we use provide a possibility of presenting in a different light (and in a different form) locality phenomena studied in cryptography in [4,5,6]; we believe that they will allow to better separate rewriting from proving, and thus to give simpler proofs. The main results are summarized below:…”

Locality Results for Certain Extensions of Theories with Bridging Functions

“…The analysis of cryptographic protocols remains a constraining task [20] despite all the progress made in the field due to the complexity and undecidability of the problem [21]. Witness functions, using the general theorem or the little one, are beginning to gain ground and are proven to be a powerful means of detecting security breaches or designing correct protocols.…”

On the Security of Cryptographic Protocols Using the Little Theorem of Witness Functions

“…Both approaches were quite successful in finding attacks/proving security protocols. There are however open issues, that concern the extensions of the methods to larger classes of protocols/properties [11]. For instance, most efforts and successes only concerned, until recently, trace properties, i.e., security properties that can be checked on each individual sequence of messages corresponding to an execution of the protocol.…”

Automating Security Analysis: Symbolic Equivalence of Constraint Systems