Abstract :
We describe a proof method for cryptographic protocols, based on a strong secrecy invariant that catalogues conditions under which messages can be published. For typical protocols, a suitable first-order invariant can be generated automatically from the program text, independent of the properties being verified, allowing safety properties to be proved by ordinary first-order reasoning. We have implemented the method in an automatic verifier, TAPS, that proves safety properties roughly equivalent to those in published Isabelle verifications, but does so much faster (usually within a few seconds) and with little or no guidance from the user. We have used TAPS to analyze about 60 protocols, including all but three protocols from the Clark and Jacob survey; on average, these verifications each require less than 4 seconds of CPU time and less than 4 bytes of hints from the user
Keywords :
cryptography; formal verification; inference mechanisms; protocols; theorem proving; CPU time; Isabelle; TAPS; cryptographic protocol verification; first-order reasoning; first-order verifier; proof method; safety properties; strong secrecy invariant; Authentication; Automation; Cryptographic protocols; Cryptography; Jacobian matrices; Logic; Performance analysis; Safety; State-space methods; Testing;
