A recent development in formal security protocol analysis is the Protocol Composition Logic (PCL). We identify a number of problems with this logic as well as with extensions of the logic, as defined in [9, 13, 14, 17, 20, 21]. The identified problems imply strong restrictions on the scope of PCL, and imply that some claimed PCL proofs cannot be proven within the logic, or make use of unsound axioms. This includes the proofs of the CR protocol from [13, 14] and the SSL/TLS and IEEE 802.11i protocols from [20,21]. Where possible, we propose solutions for these problems. Categories and Subject Descriptors C.2.2 [Computer-communication Networks]: Network Protocols--Protocol verification; F.3 [Logics and meanings of programs]: Specifying and Verifying and Reasoning about Programs General Terms Security, Theory Keywords Security protocol analysis, logic, composition
Cas J. F. Cremers