# Protocol-independent secrecy

@article{Millen2000ProtocolindependentS, title={Protocol-independent secrecy}, author={J. Millen and H. Ruess}, journal={Proceeding 2000 IEEE Symposium on Security and Privacy. S\&P 2000}, year={2000}, pages={110-119} }

Inductive proofs of secrecy invariants for cryptographic protocols can be facilitated by separating the protocol dependent part from the protocol-independent part. Our secrecy theorem encapsulates the use of induction so that the discharge of protocol-specific proof obligations is reduced to first-order reasoning. Also, the verification conditions are modularly associated with the protocol messages. Secrecy proofs for Otway-Rees (1987) and the corrected Needham-Schroeder protocol are given.

#### Topics from this paper

#### 44 Citations

Proving secrecy is easy enough

- Computer Science
- Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001.
- 2001

A systematic proof procedure for establishing secrecy results for cryptographic protocols that is sound but incomplete in that it may fail to establish secrecy for some secure protocols, but it is amenable to mechanization, and it also has a convenient visual representation. Expand

Secrecy correctness for security protocols

- Computer Science
- First International Conference on Distributed Frameworks for Multimedia Applications
- 2005

This paper examines the possible behavior of the intruder and draws conclusions about how his knowledge evolves and what actions he can take to gain as much information as possible for building winning strategies for an attack. Expand

An Isabelle formalization of protocol-independent secrecy with an application to e-commerce

- Computer Science
- ArXiv
- 2006

A protocol-independent secrecy theorem is established and applied to several non-trivial protocols proposed for protecting the computation results of free-roaming mobile agents doing comparison shopping and provides a library of general theorems that can be applied to other protocols. Expand

Secrecy types for asymmetric communication

- Computer Science
- Theor. Comput. Sci.
- 2003

A typed process calculus for security protocols in which types convey secrecy properties is developed, especially on public-key encryption, focusing on asymmetric communication primitives. Expand

Secrecy Types for Asymmetric Communication

- Computer Science
- FoSSaCS
- 2001

A typed process calculus for security protocols in which types convey secrecy properties is developed, especially on public-key encryption, which presents special difficulties on asymmetric communication primitives. Expand

Secrecy Types for Asymmetric CommunicationMart

- 2001

We develop a typed process calculus for security protocols in which types convey secrecy properties. We focus on asymmetric communication primitives, especially on public-key encryption. These… Expand

Automating and Simplifying Agreement and Secrecy Verification using PVS

- 2014

In this thesis we present a system for assisting with theorem proving of security protocols. The desirability of theorem proving is examined and a method of automating the encoding, and some sections… Expand

Automating and Simplifying Agreement and Secrecy Verification using PVS

- Computer Science
- 2001

The desirability of theorem proving is examined and a method of automating the encoding, and some sections of the proof, are demonstrated, and a system for assisting with theorem proving of security protocols is presented. Expand

An approach to prove confidentiality of cryptographic protocols with non-atomic keys

- Mathematics
- World Automation Congress 2012
- 2012

We propose an approach to prove confidentiality of non-atomic key cryptographic protocols based on Dolev-Yao model in this paper. We use graph to make the analysis more intuitional. Moreover, our… Expand

Towards a Logic for Verification of Security Protocols

- Computer Science
- 2003

The verification of cryptographic protocols has been intensively studied these last years and a first step towards formal proofs of protocols was to define formal models used to express the semantics of the protocols and sometimes their properties. Expand

#### References

SHOWING 1-10 OF 13 REFERENCES

Verifying Authentication Protocols in CSP

- Computer Science
- IEEE Trans. Software Eng.
- 1998

The paper aims to develop a specific theory appropriate to the analysis of authentication protocols, built on top of the general CSP semantic framework. Expand

The Inductive Approach to Verifying Cryptographic Protocols

- Computer Science
- J. Comput. Secur.
- 1998

Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinite-state… Expand

Honest ideals on strand spaces

- Computer Science
- Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238)
- 1998

The authors introduce the notion of an ideal-a set of messages closed under encryption and invariant under composition with arbitrary messages-to express principles to prove bounds on a penetrator's capabilities, independent of the security protocol being analyzed. Expand

Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

- Computer Science
- Softw. Concepts Tools
- 1996

This paper uses FDR, a refinement checker for CSP to discover an attack upon the Needham-Schroeder Public-Key Protocol, which allows an intruder to impersonate another agent, and adapt the protocol, and uses FDR to show that the new protocol is secure, at least for a small system. Expand

A logic of authentication

- Computer Science
- TOCS
- 1990

This paper describes the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication, and gives the results of the analysis of four published protocols. Expand

Efficient and timely mutual authentication

- Computer Science
- OPSR
- 1987

A protocol for efficient mutual authentication (via a mutually trusted third party) that assures both principal parties of the timeliness of the interaction without the use of clocks or double encipherment is described. Expand

Reasoning about belief in cryptographic protocols

- Computer Science
- Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy
- 1990

A mechanism is presented for reasoning about belief as a systematic way to understand the working of cryptographic protocols and places a strong emphasis on the separation between the content and the meaning of messages. Expand

A Necessarily Parallel Attack

- Computer Science
- 1999

It is proved that a parallel attack is necessary, because the protocol is shown to be secure under non-parallel attacks, and an inductive approach is used in the PVS verification environment. Expand

Undecidability of bounded security protocols

- Computer Science
- 1999

A magnetic head lifting device for a tape recorder is disclosed in which the turning force of a capstan shaft is used as a drive source for theHead lifting device, which provides a positive engagement and disengagement between the capStan shaft and the rotary body and prevents any malfunction due to an excessive rotation of theRotary body by the capston shaft. Expand

we. Breaking and xing the Needham- Sc hroeder public-key protocol using FDR

- In Pr oceedings of TACAS,
- 1996