Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

@article{Blanchet2016ModelingAV,
  title={Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif},
  author={Bruno Blanchet},
  journal={Found. Trends Priv. Secur.},
  year={2016},
  volume={1},
  pages={1-135}
}
  • B. Blanchet
  • Published 31 October 2016
  • Computer Science, Mathematics
  • Found. Trends Priv. Secur.
ProVerif is an automatic symbolic protocol verifier. It supports a wide range of cryptographic primitives, defined by rewrite rules or by equations. It can prove various security properties: secrecy, authentication, and process equivalences, for an unbounded message space and an unbounded number of sessions. It takes as input a description of the protocol to verify in a dialect of the applied pi calculus, an extension of the pi calculus with cryptography. It automatically translates this… 

Figures from this paper

Combining ProVerif and Automated Theorem Provers for Security Protocol Verification

TLDR
This work describes an integration of a state-of-the-art protocol verifier ProVerif, with automated first order theorem provers (ATP), which allows one to model directly algebraic properties of cryptographic operators as a first-order equational theory and the specified protocol can be exported to a first order logic specification in the standard TPTP format for ATP.

The Security Protocol Verifier ProVerif and its Horn Clause Resolution Algorithm

TLDR
An overview of ProVerif is presented and some specificities of its resolution algorithm, related to the particular application domain and the particular clauses that proVerif generates are discussed.

Relating Process Languages for Security and Communication Correctness (Extended Abstract)

TLDR
This work connects two representative calculi, and establishes the correctness of the encoding, and shows how it enables the integrated analysis of security properties and communication correctness by re-using existing tools.

Verifpal: Cryptographic Protocol Analysis for the Real World

TLDR
Through Verifpal, it is shown that advanced verification with formalized semantics and sound logic can exist without any expense towards the convenience of real-world practitioners.

Protocol Insecurity with Assertions

TLDR
This paper considers the insecurity problem for protocols with a class of assertions that includes equality on terms and existential quantification, and shows that this problem is in NP.

Equivalence Properties by Typing in Cryptographic Branching Protocols

TLDR
Recently, many tools have been proposed for automatically analysing, in symbolic models, equivalence of security protocols by proving a stronger notion of equivalence (diff-equivalence) that does not properly handle protocols with else branches.

Verifpal: Cryptographic Protocol Analysis for Students and Engineers

TLDR
Through Verifpal, it is shown that advanced verification with formalized semantics and sound logic can exist without any expense towards the convenience of real-world practitioners.

Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach

TLDR
This work uses ProVerif and CryptoVerif to find new and previously-known weaknesses in the protocol and suggest practical countermeasures, and demonstrates that, with disciplined programming and some verification expertise, the systematic analysis of complex cryptographic web applications is now becoming practical.

Project Team

  • P. HerrleA. Wozniak
  • Computer Science
    ‘Our Lincolnshire’: Exploring public engagement with heritage
  • 2019
TLDR
Many of the algorithms used in ProVerif (generation of clauses, resolution, subsumption, etc.), resulting in impressive speed-ups on large examples, are presented, for the computational verification of security protocols at IEEE S&P [14].

Cracking the Stateful Nut Computational Proofs of Stateful Security Protocols using the S QUIRREL Proof Assistant

TLDR
S QUIRREL’s proof system is extended to be able to express the complex proof arguments that are sometimes required for protocols with mutable states, including a proof of the YubiKey and YubiHSM protocols.
...

References

SHOWING 1-10 OF 149 REFERENCES

Automatic Verification of Security Protocols in the Symbolic Model: The Verifier ProVerif

TLDR
This work focuses on the automatic symbolic protocol verifier ProVerif, which can prove secrecy, authentication, and observational equivalence properties of security protocols, for an unbounded number of sessions of the protocol.

Using Horn Clauses for Analyzing Security Protocols

  • B. Blanchet
  • Computer Science
    Formal Models and Techniques for Analyzing Security Protocols
  • 2011
TLDR
This chapter presents a method for verifying security protocols based on an abstract representation of protocols by Horn clauses, which is the foundation of the protocol verifier ProVerif and supports various cryptographic primitives defined by rewrite rules or equations.

Automatic Verification of Privacy Properties in the Applied pi Calculus

We develop a formal method verification technique for cryptographic protocols. We focus on proving observational equivalences of the kind P ∼ Q, where the processes P and Q have the same structure

A Computationally Sound Mechanized Prover for Security Protocols

  • B. Blanchet
  • Computer Science, Mathematics
    IEEE Transactions on Dependable and Secure Computing
  • 2008
TLDR
This work presents a new mechanized prover for secrecy properties of security protocols that provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions.

Automatic proof of strong secrecy for security protocols

  • B. Blanchet
  • Computer Science, Mathematics
    IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004
  • 2004
TLDR
A new automatic technique for proving strong secrecy for security protocols that relies on an automatic translation of the protocol into Horn clauses, and a resolution algorithm on the clauses.

Automated verification of selected equivalences for security protocols

Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs

We embed an operational semantics for security protocols in the interactive theorem prover Isabelle/HOL and derive two strong protocol-independent invariants. These invariants allow us to reason

Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol

TLDR
This work successfully used ProVerif to obtain the first mechanized analysis of (a simplified variant of) the Direct Anonymous Attestation (DAA) protocol, and proposes a revised variant of DAA that is successfully prove secure using Pro Verif.

Computational Soundness Results for ProVerif - Bridging the Gap from Trace Properties to Uniformity

TLDR
Dolev-Yao models of cryptographic operations constitute the foundation of many successful verification tools for security protocols, such as the protocol verifier ProVerif, but these models either only consider a limited class of protocols or are not amenable to fully automated verification.

ASPIER: An Automated Framework for Verifying Security Protocol Implementations

TLDR
The ASPIER tool is implemented and used to verify authentication and secrecy properties of a part of an industrial strength protocol implementation -- the handshake in OpenSSL -- for configurations consisting of up to 3 servers and 3 clients.
...