Foundations and Trends® in Privacy and Security > Vol 1 > Issue 1-2

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

By Bruno Blanchet, INRIA Paris, France, bruno.blanchet@inria.fr

 
Suggested Citation
Bruno Blanchet (2016), "Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif", Foundations and TrendsĀ® in Privacy and Security: Vol. 1: No. 1-2, pp 1-135. http://dx.doi.org/10.1561/3300000004

Publication Date: 31 Oct 2016
© 2016 B. Blanchet
 
Subjects
 

Free Preview:

Download extract

Share

Login to download a free copy
In this article:
1. Introduction
2. The Protocol Specification Language
3. Verifying Security Properties
4. Link with the Applied Pi Calculus
5. Applications
6. Conclusion
Acknowledgments
References

Abstract

ProVerif is an automatic symbolic protocol verifier. It supports a wide range of cryptographic primitives, defined by rewrite rules or by equations. It can prove various security properties: secrecy, authentication, and process equivalences, for an unbounded message space and an unbounded number of sessions. It takes as input a description of the protocol to verify in a dialect of the applied pi calculus, an extension of the pi calculus with cryptography. It automatically translates this protocol description into Horn clauses and determines whether the desired security properties hold by resolution on these clauses. This survey presents an overview of the research on ProVerif.

DOI:10.1561/3300000004
ISBN: 978-1-68083-206-8
150 pp. $95.00
Buy book (pb)
 
ISBN: 978-1-68083-207-5
150 pp. $260.00
Buy E-book (.pdf)
Table of contents:
1. Introduction
2. The Protocol Specification Language
3. Verifying Security Properties
4. Link with the Applied Pi Calculus
5. Applications
6. Conclusion
Acknowledgments
References

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

The verification of security protocols has been an active research area since the 1990s. This topic is interesting for several reasons. Security protocols are ubiquitous: they are used for e-commerce, wireless networks, credit cards, e-voting, among others. The design of security protocols is notoriously error-prone. These errors can also have serious consequences. Hence, the formal verification or proof of protocols is particularly desirable.

This survey focuses on the verification of specifications of protocols in the symbolic model. Even though it is fairly abstract, this level of verification is relevant in practice as it enables the discovery of many attacks. ProVerif is an automatic symbolic protocol verifier. It supports a wide range of cryptographic primitives, defined by rewrite rules or by equations. It can prove various security properties: secrecy, authentication, and process equivalences, for an unbounded message space and an unbounded number of sessions. It takes as input a description of the protocol to verify in a dialect of the applied pi calculus, an extension of the pi calculus with cryptography. It automatically translates this protocol description into Horn clauses and determines whether the desired security properties hold by resolution on these clauses. This survey presents an overview of the research on ProVerif and is the most comprehensive text available on the topic.

 
SEC-004