Pitfalls in Formal Reasoning about Security Protocols

14 years 6 months ago

Download www.informatik.uni-augsburg.de

Formal veriﬁcation can give more conﬁdence in the security of cryptographic protocols. Application speciﬁc security properties like “The service provider does not loose money” can give even more conﬁdence than standard properties like secrecy or authentication. However, it is surprisingly easy to get a meaningful property slightly wrong. The result is that an insecure protocol can be ‘proven’ secure. We illustrate the problem with a very small application, a copy card, that has only ﬁve different messages. The example is taken from a paper where the protocol is secure, but the proved property slightly wrong. We propose to solve the problem by incorporating more of the real-world application into the formal model.

Nina Moebius, Kurt Stenzel, Wolfgang Reif

Real-time Traffic

Application Speciﬁc Security | Cryptographic Protocols | Formal Veriﬁcation | IEEEARES 2010 | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	17 May 2010
Updated	17 May 2010
Type	Conference
Year	2010
Where	IEEEARES
Authors	Nina Moebius, Kurt Stenzel, Wolfgang Reif

Comments (0)

Sciweavers

Pitfalls in Formal Reasoning about Security Protocols

Application Speciﬁc Security | Cryptographic Protocols | Formal Veriﬁcation | IEEEARES 2010 | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers