Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

@article{Blanchet2016ModelingAV,
  title={Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif},
  author={Bruno Blanchet},
  journal={Found. Trends Priv. Secur.},
  year={2016},
  volume={1},
  pages={1-135}
}
  • B. Blanchet
  • Published 31 October 2016
  • Computer Science, Mathematics
  • Found. Trends Priv. Secur.
ProVerif is an automatic symbolic protocol verifier. It supports a wide range of cryptographic primitives, defined by rewrite rules or by equations. It can prove various security properties: secrecy, authentication, and process equivalences, for an unbounded message space and an unbounded number of sessions. It takes as input a description of the protocol to verify in a dialect of the applied pi calculus, an extension of the pi calculus with cryptography. It automatically translates this… 

Figures from this paper

Combining ProVerif and Automated Theorem Provers for Security Protocol Verification
TLDR
This work describes an integration of a state-of-the-art protocol verifier ProVerif, with automated first order theorem provers (ATP), which allows one to model directly algebraic properties of cryptographic operators as a first-order equational theory and the specified protocol can be exported to a first order logic specification in the standard TPTP format for ATP.
Relating Process Languages for Security and Communication Correctness (Extended Abstract)
TLDR
This work connects two representative calculi, and establishes the correctness of the encoding, and shows how it enables the integrated analysis of security properties and communication correctness by re-using existing tools.
Verifpal: Cryptographic Protocol Analysis for the Real World
TLDR
Through Verifpal, it is shown that advanced verification with formalized semantics and sound logic can exist without any expense towards the convenience of real-world practitioners.
Protocol Insecurity with Assertions
TLDR
This paper considers the insecurity problem for protocols with a class of assertions that includes equality on terms and existential quantification, and shows that this problem is in NP.
Equivalence Properties by Typing in Cryptographic Branching Protocols
TLDR
Recently, many tools have been proposed for automatically analysing, in symbolic models, equivalence of security protocols by proving a stronger notion of equivalence (diff-equivalence) that does not properly handle protocols with else branches.
Verifpal: Cryptographic Protocol Analysis for Students and Engineers
TLDR
Through Verifpal, it is shown that advanced verification with formalized semantics and sound logic can exist without any expense towards the convenience of real-world practitioners.
Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach
TLDR
This work uses ProVerif and CryptoVerif to find new and previously-known weaknesses in the protocol and suggest practical countermeasures, and demonstrates that, with disciplined programming and some verification expertise, the systematic analysis of complex cryptographic web applications is now becoming practical.
Project Team
  • P. Herrle, A. Wozniak
  • Computer Science
    ‘Our Lincolnshire’: Exploring public engagement with heritage
  • 2019
TLDR
Many of the algorithms used in ProVerif (generation of clauses, resolution, subsumption, etc.), resulting in impressive speed-ups on large examples, are presented, for the computational verification of security protocols at IEEE S&P [14].
Formal Analysis of QUIC Handshake Protocol Using Symbolic Model Checking
TLDR
A formal model of the QUIC handshake protocol is developed and a comprehensive formal security analysis is performed by using two state-of-the-art model checking tools for cryptographic protocols, i.e., ProVeirf and Verifpal, showing that ProVerif is generally more powerful than VerifPal in terms of verifying authentication properties.
Decidable Inductive Invariants for Verification of Cryptographic Protocols with Unbounded Sessions
We develop a theory of decidable inductive invariants for an infinite-state variant of the Applied pi-calculus, with applications to automatic verification of stateful cryptographic protocols with
...
...

References

SHOWING 1-10 OF 153 REFERENCES
Automatic Verification of Security Protocols in the Symbolic Model: The Verifier ProVerif
TLDR
This work focuses on the automatic symbolic protocol verifier ProVerif, which can prove secrecy, authentication, and observational equivalence properties of security protocols, for an unbounded number of sessions of the protocol.
Using Horn Clauses for Analyzing Security Protocols
  • B. Blanchet
  • Computer Science
    Formal Models and Techniques for Analyzing Security Protocols
  • 2011
TLDR
This chapter presents a method for verifying security protocols based on an abstract representation of protocols by Horn clauses, which is the foundation of the protocol verifier ProVerif and supports various cryptographic primitives defined by rewrite rules or equations.
Automatic Verification of Privacy Properties in the Applied pi Calculus
We develop a formal method verification technique for cryptographic protocols. We focus on proving observational equivalences of the kind P ∼ Q, where the processes P and Q have the same structure
Extracting and verifying cryptographic models from C protocol code by symbolic execution
TLDR
The results in this paper provide the first computationally sound verification of weak secrecy and authentication for (single execution paths of) C code.
A Computationally Sound Mechanized Prover for Security Protocols
  • B. Blanchet
  • Computer Science, Mathematics
    IEEE Transactions on Dependable and Secure Computing
  • 2008
TLDR
This work presents a new mechanized prover for secrecy properties of security protocols that provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions.
Automatic proof of strong secrecy for security protocols
  • B. Blanchet
  • Computer Science, Mathematics
    IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004
  • 2004
TLDR
A new automatic technique for proving strong secrecy for security protocols that relies on an automatic translation of the protocol into Horn clauses, and a resolution algorithm on the clauses.
Automated verification of selected equivalences for security protocols
Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs
We embed an operational semantics for security protocols in the interactive theorem prover Isabelle/HOL and derive two strong protocol-independent invariants. These invariants allow us to reason
Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol
TLDR
This work successfully used ProVerif to obtain the first mechanized analysis of (a simplified variant of) the Direct Anonymous Attestation (DAA) protocol, and proposes a revised variant of DAA that is successfully prove secure using Pro Verif.
Computational Soundness Results for ProVerif - Bridging the Gap from Trace Properties to Uniformity
TLDR
Dolev-Yao models of cryptographic operations constitute the foundation of many successful verification tools for security protocols, such as the protocol verifier ProVerif, but these models either only consider a limited class of protocols or are not amenable to fully automated verification.
...
...