Abstract
We present the formalization and verification of a recent cryptographic protocol for certified email. Relying on a tool for automatic protocol analysis, we establish the key security properties of the protocol. This case study explores the use of general correspondence assertions in automatic proofs, and aims to demonstrate the considerable power of the tool and its applicability to non-trivial, interesting protocols.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. Abadi and B. Blanchet. Analyzing security protocols with secrecy types and logic programs. In 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’02), pages 33–44, Portland, OR, Jan. 2002. ACM Press.
M. Abadi, N. Glew, B. Horne, and B. Pinkas. Certified email with a light on-line trusted third party: Design and implementation. In 11th International World Wide Web Conference (WWW’02), Honolulu, Hawaii, USA, May 2002. ACM Press.
G. Bella, F. Massacci, and L. C. Paulson. The verification of an industrial payment protocol: The SET purchase phase. In V. Atluri, editor, 9th ACM Conference on Computer and Communications Security (CCS’02), pages 12–20, Washington, DC, Nov. 2002. ACM Press.
G. Bella and L. C. Paulson. Using Isabelle to prove properties of the Kerberos authentication system. In DIMACS Workshop on Design and Formal Verification of Security Protocols, Piscataway, NJ, Sept. 1997.
G. Bella and L. C. Paulson. Kerberos version IV: inductive analysis of the secrecy goals. In J.-J. Quisquater et al., editors, Computer Security-ESORICS 98, volume 1485 of Lecture Notes in Computer Science, pages 361–375, Louvain-la-Neuve, Belgium, Sept. 1998. Springer Verlag.
B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 82–96, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.
B. Blanchet. From secrecy to authenticity in security protocols. In M. Hermenegildo and G. Puebla, editors, 9th International Static Analysis Symposium (SAS’02), volume 2477 of Lecture Notes in Computer Science, pages 342–359, Madrid, Spain, Sept. 2002. Springer Verlag.
A. Gordon and A. Jeffrey. Authenticity by typing for security protocols. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 145–159, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.
A. Gordon and A. Jeffrey. Types and effects for asymmetric cryptographic protocols. In 15th IEEE Computer Security Foundations Workshop (CSFW-15), pages 77–91, Cape Breton, Nova Scotia, Canada, June 2002. IEEE Computer Society.
H. Krawczyk. SKEME: A versatile secure key exchange mechanism for internet. In Proceedings of the Internet Society Symposium on Network and Distributed Systems Security (NDSS’96), San Diego, CA, Feb. 1996. Available at http://bilbo.isu.edu/sndss/sndss96.html.
S. Kremer and J.-F. Raskin. Game analysis of abuse-free contract signing. In 15th IEEE Computer Security Foundations Workshop (CSFW-15), pages 206–222, Cape Breton, Nova Scotia, Canada, June 2002. IEEE Computer Society.
C. Meadows. Analysis of the Internet Key Exchange protocol using the NRL protocol analyzer. In IEEE Symposium on Security and Privacy, pages 216–231, Oakland, CA, May 1999. IEEE Computer Society.
J. C. Mitchell, V. Shmatikov, and U. Stern. Finite-state analysis of SSL 3.0. In 7th USENIX Security Symposium, pages 201–216, San Antonio, TX, Jan. 1998.
L. C. Paulson. Inductive analysis of the Internet protocol TLS. ACM Transactions on Information and System Security, 2(3):332–351, Aug. 1999.
S. Schneider. Formal analysis of a non-repudiation protocol. In 11th IEEE Computer Security Foundations Workshop (CSFW-11), pages 54–65, Rockport, Massachusetts, June 1998. IEEE Computer Society.
V. Shmatikov and J. C. Mitchell. Finite-state analysis of two contract signing protocols. Theoretical Computer Science, 283(2):419–450, June 2002.
T. Y. C. Woo and S. S. Lam. A semantic model for authentication protocols. In 1993 IEEE Symposium on Research on Security and Privacy, pages 178–194, Oakland, CA, 1993. IEEE Computer Society.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abadi, M., Blanchet, B. (2003). Computer-Assisted Verification of a Protocol for Certified Email. In: Cousot, R. (eds) Static Analysis. SAS 2003. Lecture Notes in Computer Science, vol 2694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44898-5_17
Download citation
DOI: https://doi.org/10.1007/3-540-44898-5_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40325-8
Online ISBN: 978-3-540-44898-3
eBook Packages: Springer Book Archive