Formal Verification of Security Protocols: ProVerif and Extensions

Yao, Jiangyuan; Xu, Chunxiang; Li, Deshun; Lin, Shengjun; Cao, Xingcan

doi:10.1007/978-3-031-06788-4_42

Cited by 5 publications

(2 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To verify the security of the protocol, we can also use formal proofs, e.g., BAN logic [21], Real-Or-Random (ROR) [22], Random Oracle Model (ROM) [23], or Syverson-Van Oorschot (SVO) [24]. However, these proofs are very complex, so for verifying protocols, we mostly used the tools that automatically implement the described methods for verifying protocols (Scyther [25,26], Tamarin [27,28], ProVerif [29][30][31], AVISPA [32], or the tool mentioned in [5]).…”

Section: Related Workmentioning

confidence: 99%

Methodology of Testing the Security of Cryptographic Protocols Using the CMMTree Framework

Piątkowski,

Szymoniak

2023

Applied Sciences

View full text Add to dashboard Cite

Internet communication is one of the significant aspects of modern civilization. People use banking, health, social, or shopping platforms and send a lot of data. Each communication should be secured and protected against dishonest users’ activities during its transfer via network links. Cryptographic protocols provide such security and protection. Because of the evolution of the vulnerabilities and attackers’ methods, the cryptographic protocols should be regularly verified. This paper presents a methodology for testing the security of cryptographic protocols using the CMMTree framework. We developed and adapted a software package for analyzing cryptographic protocols regarding compatibility with the CMMTree framework using a predicate according to the approach described in Siedlecka-Lamch et al.’s works. We optimized and strengthened the mentioned approach with tree optimization methods and a lexicographic sort rule. Next, we researched the well-known security protocols using a developed tool and compared and verified the results using sorted and shuffled data. This work produced promising results. No attacks on the tested protocols were discovered.

show abstract

Section: Related Workmentioning

confidence: 99%

Methodology of Testing the Security of Cryptographic Protocols Using the CMMTree Framework

Piątkowski,

Szymoniak

2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…When verifying security protocols, we can use methods such as time automatics [28,29], BAN logic [30], GNY logic [31], real-or-random (ROR) [32], random Oracle model (ROM) [33], or Syverson-Van Oorschot (SVO) logic [34]. In addition, protocol verification is possible with such tools as Scyther [35,36], Tamarin [37,38], ProVerif [39][40][41], Avispa [42], or the tools mentioned in [22,43], or [44].…”

Section: Introductionmentioning

confidence: 99%

Key Agreement and Authentication Protocols in the Internet of Things: A Survey

Szymoniak

Kesar

2022

Applied Sciences

View full text Add to dashboard Cite

The rapid development of Internet of things (IoT) technology has made the IoT applicable in many areas of life and has contributed to the IoT’s improvement. IoT devices are equipped with various sensors that enable them to perform the tasks they were designed for. The use of such devices is associated with securing communication between devices and users. The key stages of communication are the processes of authentication and the process of agreeing on session keys because they are the basis of the subsequent communication phases. The specially designed security protocols are used to secure communication. These protocols define the course of communication and cryptographic techniques employed for securing. In this article, we have reviewed the latest communication protocols designed to secure authentication processes and agree on session keys in IoT environments. We analyzed the proposed protocols’ security level, vulnerability, and computational and communication costs. We showed our observations, describing the requirements that a secure protocol should meet.

show abstract