Niveau: Supérieur, Doctorat, Bac+8
Mechanizing Game-Based Proofs of Security Protocols Bruno BLANCHET 1 INRIA, École Normale Supérieure, CNRS, Paris, France Abstract. After a short introduction to the field of security protocol verification, we present the automatic protocol verifier CryptoVerif. In contrast to most previ- ous protocol verifiers, CryptoVerif does not rely on the Dolev-Yao model, but on the computational model. It produces proofs presented as sequences of games, like those manually done by cryptographers; these games are formalized in a probabilis- tic process calculus. CryptoVerif provides a generic method for specifying security properties of the cryptographic primitives. It can prove secrecy and correspondence properties (including authentication). It produces proofs valid for any number of sessions, in the presence of an active adversary. It also provides an explicit formula for the probability of success of an attack against the protocol, as a function of the probability of breaking each primitive and of the number of sessions. Keywords. Security protocols; computational model; automatic proof; sequences of games; process calculi. Introduction A security protocol is a program that guarantees security properties, such as the secrecy of some piece of data, by relying on cryptographic primitives, such as encryption or sig- natures. Security protocols make it possible to securely exchange data on insecure net- works such as Internet. The design of security protocols is well-known to be error-prone.
- protocol
- key encryption
- security protocols
- input process
- security properties
- dolev-yao model
- computational model
- can provide