Automated Reasoning for Security Protocol Analysis (original) (raw)

2006, Journal of Automated Reasoning

Experience over the past 20 years has shown that, even assuming perfect cryptography, the design of security protocols (or cryptographic protocols, as they are sometimes called) is highly error-prone and that conventional validation techniques based on informal arguments or testing are not up to the task. It is now widely recognized that only formal analysis can provide the level of assurance required by both the developers and the users of the protocols. Work in this direction initially started in the security community, but recently there has been a tremendous progress thanks to contributions from different automated reasoning communities, such as automated deduction, model checking, and artificial intelligence. Moreover, there has been another wave of progress in foundations for analyzing protocols and their properties by applying nonclassical logics, such as epistemic and belief logics. A large number of formal methods and tools have thus been developed that have been quite successful in analyzing many protocols, that is, in proving the correctness of the protocols or in identifying attacks on them. Thus, this progress can be seen as one of the recent success stories of the automated reasoning community. In July 2004, the first workshop on Automated Reasoning for Security Protocol Analysis (ARSPA '04) took place as a satellite event of the 2nd International Joint Conference on Automated Reasoning (IJCAR '04). This special issue is based on 21 submissions, following an open call for papers motivated by the success of the workshop. After refereeing, we selected five papers for publication. These papers offer a good overview of the current research on automated reasoning techniques and tools for the formal specification, analysis, and verification of security protocols. The paper Verifying the SET Purchase Protocols, by Bella, Massacci, and Paulson, details the first verification results for the complete purchase protocols of SET (Secure Electronic Transaction, a suite of protocols proposed by a consortium of credit card companies and software corporations to secure ecommerce transactions). Using Isabelle and the inductive method, they show that the protocols' primary goal is indeed met. However, a lack of explicitness in the dual signature makes some agreement properties fail: it is impossible to prove that the cardholder meant to send his credit card details to the very payment gateway that receives them. Although the protocols' complexity and size makes