ABSTRACT
A recent development in formal security protocol analysis is the Protocol Composition Logic (PCL). We identify a number of problems with this logic as well as with extensions of the logic, as defined in [9, 13, 14, 17, 20, 21]. The identified problems imply strong restrictions on the scope of PCL, and imply that some currently claimed PCL proofs cannot be proven within the logic, or make use of unsound axioms. Where possible, we propose solutions for these problems.
- A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, L. Cuellar, P. Drielsma, P. Heám, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, and L. Vigneron. The AVISPA tool for the automated validation of internet security protocols and applications. volume 3576 of Lecture Notes in Computer Science, pages 281--285. Springer-Verlag, 2005. Google ScholarDigital Library
- D. Basin, S. Mödersheim, and L. Viganò. An on-the-fly model-checker for security protocol analysis. In ESORICS, volume 2808 of Lecture Notes in Computer Science, pages 253--270. Springer-Verlag, 2003.Google Scholar
- M. Bellare and P. Rogaway. Entity authentication and key distribution. In CRYPTO '93: Proceedings of the 13th annual international cryptology conference on Advances in cryptology, pages 232--249, New York, NY, USA, 1994. Springer-Verlag. Google ScholarDigital Library
- B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pages 82--96. IEEE Computer Society, 2001. Google ScholarDigital Library
- E. Bresson, Y. Lakhnech, L. Mazaré, and B. Warinschi. A generalization of DDH with applications to protocol analysis and computational soundness. In A. J. Menezes, editor, Proc. of Crypto '07, volume 4622 of Lecture Notes in Computer Science, pages 482--499. Springer-Verlag, August 2007. Google ScholarDigital Library
- M. Burrows, M. Abadi, and R. Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, 1990. Google ScholarDigital Library
- C. Cremers. Scyther - Semantics and Verification of Security Protocols. PhD thesis, Computer Science Department, Eindhoven University of Technology, November 2006.Google Scholar
- C. Cremers, S. Mauw, and E. de Vink. Injective synchronisation: an extension of the authentication hierarchy. Theoretical Computer Science, 2006. Google ScholarDigital Library
- A. Datta. Security Analysis of Network Protocols: Compositional Reasoning and Complexity-theoretic Foundations. PhD thesis, Computer Science Department, Stanford University, September 2005. Google ScholarDigital Library
- A. Datta, A. Derek, J. Mitchell, and D. Pavlovic. A derivation system for security protocols and its logical formalization. In Proc. 16th IEEE Computer Security Foundations Workshop (CSFW), pages 109--125. IEEE Computer Society, 2003.Google ScholarCross Ref
- A. Datta, A. Derek, J. Mitchell, and D. Pavlovic. Abstraction and refinement in protocol derivation. In Proc. 17th IEEE Computer Security Foundations Workshop (CSFW), pages 30--45, Washington, DC, USA, June 2004. IEEE Computer Society. Google ScholarDigital Library
- A. Datta, A. Derek, J. Mitchell, and D. Pavlovic. Secure protocol composition. Electron. Notes Theor. Comput. Sci., 83, 2004. Proceedings of 19th Annual Conference on Mathematical Foundations of Programming Semantics.Google Scholar
- A. Datta, A. Derek, J. Mitchell, and D. Pavlovic. A derivation system and compositional logic for security protocols. Journal of Computer Security, 13(3):423--482, 2005. Google ScholarCross Ref
- A. Datta, A. Derek, J. Mitchell, and A. Roy. Protocol Composition Logic (PCL). Electron. Notes Theor. Comput. Sci., 172:311--358, 2007. Computation, Meaning, and Logic: Articles dedicated to Gordon Plotkin. Editors: L. Cardelli, M. Fiore, and G. Winskel. Google ScholarDigital Library
- A. Datta, A. Derek, J. Mitchell, and B. Warinschi. Computationally sound compositional logic for key exchange protocols. Proc. 19th IEEE Computer Security Foundations Workshop (CSFW), 0:321--334, 2006. Google ScholarDigital Library
- A. Datta, A. Derek, J. C. Mitchell, and D. Pavlovic. Secure protocol composition (extended abstract). In FMSE '03: Proceedings of the 2003 ACM workshop on Formal methods in security engineering, pages 11--23, New York, NY, USA, 2003. ACM. Google ScholarDigital Library
- A. Derek. Formal Analysis of Security Protocols: Protocol Composition Logic. PhD thesis, Computer Science Department, Stanford University, December 2006. Google ScholarDigital Library
- N. Durgin, J. Mitchell, and D. Pavlovic. A compositional logic for protocol correctness. In Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pages 241--272, 2001. Google ScholarDigital Library
- N. Durgin, J. Mitchell, and D. Pavlovic. A compositional logic for proving security properties of protocols. Journal of Computer Security, 11:667--721, 2003. Google ScholarDigital Library
- C. He. Analysis of Security Protocols for Wireless Networks. PhD thesis, Department of Electrical Engineering, Stanford University, December 2005. Google ScholarDigital Library
- C. He, M. Sundararajan, A. Datta, A. Derek, and J. Mitchell. A modular correctness proof of IEEE 802.11i and TLS. In CCS '05: Proceedings of the 12th ACM conference on Computer and communications security, pages 2--15. ACM Press, 2005. Google ScholarDigital Library
- G. Lowe. Casper: A compiler for the analysis of security protocols. In Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pages 18--30. IEEE Computer Society, 1997. Google ScholarDigital Library
- G. Lowe. A hierarchy of authentication specifications. In Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pages 31--44. IEEE Computer Society, 1997. Google ScholarDigital Library
- A. Roy, A. Datta, A. Derek, J. C. Mitchell, and J.-P. Seifert. Secrecy analysis in protocol composition logic. In M. Okada and I. Satoh, editors, Proceedings of 11th Annual Asian Computing Science Conference, Lecture Notes in Computer Science, December 2006. Preliminary version. Google ScholarDigital Library
Recommendations
Protocol Composition Logic (PCL)
Protocol Composition Logic (PCL) is a logic for proving security properties of network protocols that use public and symmetric key cryptography. The logic is designed around a process calculus with actions for possible protocol steps including ...
Completeness and Counter-Example Generations of a Basic Protocol Logic
We give an axiomatic system in first-order predicate logic with equality for proving security protocols correct. Our axioms and inference rules derive the basic inference rules, which are explicitly or implicitly used in the literature of protocol ...
First-order logics of quasiary predicates
Composition nominative logics of quasiary predicates are studied. The spectrum of composition nominative logics is considered and various classes of first-order logics of quasiary predicates are described. Sequent calculi are constructed for the general ...
Comments