Formal Support for Standardizing Protocols with State

Abstract: Abstract. Many cryptographic protocols are designed to achieve their goals using only messages passed over an open network. Numerous tools, based on well-understood foundations, exist for the design and analysis of protocols that rely purely on message passing. However, these tools encounter difficulties when faced with protocols that rely on non-local, mutable state to coordinate several local sessions. We adapt one of these tools, cpsa, to provide automated support for reasoning about state. We use Ryan's En… Show more

“…The TPM envelope protocol that we use here as an example motivated the work on StatVerif [4], however the first analysis of the protocol was done with a custom encoding in Horn clauses [17]. Joshua and his colleagues also took the TPM envelope protocol as inspiration to extend the CPSA tool based on strand spaces to handle stateful protocols [22]. Another tool that supports stateful protocols is the Tamarin prover [28], which uses multiset rewrite rules to describe security protocols and we employ here as our target language.…”

“…It should be read as a position paper that elaborates the idea of choreographies applied to security protocols and their endpoint projections by the means of an example, namely the envelope protocol, first proposed by Ables and Ryan [2] and analyzed by Delaune et al [17]. Joshua Guttman and colleagues [22] proposed an extension to the CPSA tool [18] to protocols with state, contributing to the first verification of the envelope protocol with unbounded reboots, while also introducing a modular approach that faithfully represents the interface offered by the trusted third party used in the protocol.…”

Security Protocols as Choreographies

“…The TPM envelope protocol that we use here as an example motivated the work on StatVerif [4], however the first analysis of the protocol was done with a custom encoding in Horn clauses [17]. Joshua and his colleagues also took the TPM envelope protocol as inspiration to extend the CPSA tool based on strand spaces to handle stateful protocols [22]. Another tool that supports stateful protocols is the Tamarin prover [28], which uses multiset rewrite rules to describe security protocols and we employ here as our target language.…”

“…It should be read as a position paper that elaborates the idea of choreographies applied to security protocols and their endpoint projections by the means of an example, namely the envelope protocol, first proposed by Ables and Ryan [2] and analyzed by Delaune et al [17]. Joshua Guttman and colleagues [22] proposed an extension to the CPSA tool [18] to protocols with state, contributing to the first verification of the envelope protocol with unbounded reboots, while also introducing a modular approach that faithfully represents the interface offered by the trusted third party used in the protocol.…”

Security Protocols as Choreographies

“…For each s ∈ Str , tr (s) is a finite sequence of transmission and reception events. Other types of events have also been used, for instance to model interaction with long term state [17,19], but only transmission and reception events will be needed here. We often do not distinguish carefully between a strand s and its trace tr (s).…”

Enrich-by-Need Protocol Analysis for Diffie-Hellman

Formal Support for Standardizing Protocols with State