Sciweavers

IEEEARES
2010
IEEE

Pitfalls in Formal Reasoning about Security Protocols

13 years 10 months ago
Pitfalls in Formal Reasoning about Security Protocols
Formal verification can give more confidence in the security of cryptographic protocols. Application specific security properties like “The service provider does not loose money” can give even more confidence than standard properties like secrecy or authentication. However, it is surprisingly easy to get a meaningful property slightly wrong. The result is that an insecure protocol can be ‘proven’ secure. We illustrate the problem with a very small application, a copy card, that has only five different messages. The example is taken from a paper where the protocol is secure, but the proved property slightly wrong. We propose to solve the problem by incorporating more of the real-world application into the formal model.
Nina Moebius, Kurt Stenzel, Wolfgang Reif
Added 17 May 2010
Updated 17 May 2010
Type Conference
Year 2010
Where IEEEARES
Authors Nina Moebius, Kurt Stenzel, Wolfgang Reif
Comments (0)