Title :
Pitfalls in Formal Reasoning about Security Protocols
Author :
Moebius, Nina ; Stenzel, Kurt ; Reif, Wolfgang
Author_Institution :
Inst. for Software & Syst. Eng., Univ. of Augsburg, Augsburg, Germany
Abstract :
Formal verification can give more confidence in the security of cryptographic protocols. Application specific security properties like "The service provider does not loose money" can give even more confidence than standard properties like secrecy or authentication. However, it is surprisingly easy to get a meaningful property slightly wrong. The result is that an insecure protocol can be \´proven\´ secure. We illustrate the problem with a very small application, a copy card, that has only five different messages. The example is taken from a paper where the protocol is secure, but the proved property slightly wrong. We propose to solve the problem by incorporating more of the real-world application into the formal model.
Keywords :
cryptographic protocols; formal verification; authentication; copy card application; cryptographic protocols; formal reasoning; formal verification; insecure protocol; secrecy; security protocols; Authentication; Availability; Cryptographic protocols; Electronic mail; Formal verification; Reliability engineering; Security; Smart cards; Software systems; Systems engineering and theory; formal verification; security protocols;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.36
