用归纳法证明安全协议的性质

Proceedings 10th Computer Security Foundations Workshop Pub Date : 1997-06-10 DOI:10.1109/CSFW.1997.596788

Lawrence Charles Paulson

{"title":"用归纳法证明安全协议的性质","authors":"Lawrence Charles Paulson","doi":"10.1109/CSFW.1997.596788","DOIUrl":null,"url":null,"abstract":"Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous. The resulting proofs are complicated, but can be generated reasonably quickly using the proof tool Isabelle/HOL. There is no restriction to finite state systems and the approach is not based on belief logics. Protocols are inductively defined as sets of traces, which may involve many interleaved protocol runs. Protocol descriptions model accidental key losses as well as attacks. The model spy can send spoof messages made up of components decrypted from previous traffic. Several key distribution protocols have been studied, including Needham-Schroeder, Yahalom and Otway-Rees. The method applies to both symmetric key and public key protocols. A new attack has been discovered in a variant of Otway-Rees (already broken by W. Mao and C. Boyd (1993)). Assertions concerning secrecy and authenticity have been proved.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"305","resultStr":"{\"title\":\"Proving properties of security protocols by induction\",\"authors\":\"Lawrence Charles Paulson\",\"doi\":\"10.1109/CSFW.1997.596788\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous. The resulting proofs are complicated, but can be generated reasonably quickly using the proof tool Isabelle/HOL. There is no restriction to finite state systems and the approach is not based on belief logics. Protocols are inductively defined as sets of traces, which may involve many interleaved protocol runs. Protocol descriptions model accidental key losses as well as attacks. The model spy can send spoof messages made up of components decrypted from previous traffic. Several key distribution protocols have been studied, including Needham-Schroeder, Yahalom and Otway-Rees. The method applies to both symmetric key and public key protocols. A new attack has been discovered in a variant of Otway-Rees (already broken by W. Mao and C. Boyd (1993)). Assertions concerning secrecy and authenticity have been proved.\",\"PeriodicalId\":305235,\"journal\":{\"name\":\"Proceedings 10th Computer Security Foundations Workshop\",\"volume\":\"47 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1997-06-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"305\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 10th Computer Security Foundations Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSFW.1997.596788\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 10th Computer Security Foundations Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSFW.1997.596788","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 305

摘要

对安全协议的非正式论证包括向后论证各种事件是不可能发生的。归纳定义可以使这样的论证变得严格。由此产生的证明是复杂的，但可以使用证明工具Isabelle/HOL相当快地生成。这种方法对有限状态系统没有限制，也不是基于信念逻辑。协议被归纳地定义为一组迹线，其中可能包含许多交错的协议运行。协议描述对意外密钥丢失和攻击进行建模。模型间谍可以发送由从以前的流量中解密的组件组成的欺骗消息。研究了几种关键的分布协议，包括Needham-Schroeder、Yahalom和Otway-Rees。该方法既适用于对称密钥协议，也适用于公钥协议。在Otway-Rees的一种变体中发现了一种新的攻击(w.m ao和c.b eboyd(1993)已经破解了)。关于保密性和真实性的断言已得到证实。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Proving properties of security protocols by induction

Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous. The resulting proofs are complicated, but can be generated reasonably quickly using the proof tool Isabelle/HOL. There is no restriction to finite state systems and the approach is not based on belief logics. Protocols are inductively defined as sets of traces, which may involve many interleaved protocol runs. Protocol descriptions model accidental key losses as well as attacks. The model spy can send spoof messages made up of components decrypted from previous traffic. Several key distribution protocols have been studied, including Needham-Schroeder, Yahalom and Otway-Rees. The method applies to both symmetric key and public key protocols. A new attack has been discovered in a variant of Otway-Rees (already broken by W. Mao and C. Boyd (1993)). Assertions concerning secrecy and authenticity have been proved.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings 10th Computer Security Foundations Workshop

自引率

0.00%

发文量