By Véronique Cortier, LORIA, CNRS, France, cortier@loria.fr | Steve Kremer, INRIA, Nancy, France, Steve.Kremer@inria.fr
Security protocols are distributed programs that aim at securing communications by the means of cryptography. They are for instance used to secure electronic payments, home banking and more recently electronic elections. Given the financial and societal impact in case of failure, and the long history of design flaws in such protocol, formal verification is a necessity. A major difference from other safety critical systems is that the properties of security protocols must hold in the presence of an arbitrary adversary. The aim of this paper is to provide a tutorial to some modern approaches for formally modeling protocols, their goals and automatically verifying them.
Security protocols are distributed programs that are aimed at securing communications by the means of cryptography. They are for instance used to secure electronic payments, home banking, and more recently electronic elections. Given the financial and societal impact in case of failure and the long history of design flaws in such protocols, formal verification is a necessity. A major difference from other safety critical systems is that the properties of security protocols must hold in the presence of an arbitrary adversary.
Formal Models and Techniques for Analyzing Security Protocols: A Tutorial provides the reader with a tutorial on some modern techniques to model and automatically analyze security protocols. Given the large body of work in this area, it does not aim to be exhaustive so the focus is on some selected methods and results. The tutorial can be used as a basis for a master or graduate course on the topic, or as a primer for researchers from different areas to get an overview of the kinds of techniques that are available.