Scyther: Semantics and verification of security protocols
CJF Cremers - 2006 - research.tue.nl
Recent technologies have cleared the way for large scale application of electronic
communication. The open and distributed nature of these communications implies that the …
communication. The open and distributed nature of these communications implies that the …
Constructive cryptography–a new paradigm for security definitions and proofs
U Maurer - Joint Workshop on Theory of Security and Applications, 2011 - Springer
Constructive cryptography, an application of abstract cryptography proposed by Maurer and
Renner, is a new paradigm for defining the security of cryptographic schemes such as …
Renner, is a new paradigm for defining the security of cryptographic schemes such as …
Distance hijacking attacks on distance bounding protocols
After several years of theoretical research on distance bounding protocols, the first
implementations of such protocols have recently started to appear. These protocols are …
implementations of such protocols have recently started to appear. These protocols are …
Protocol composition logic (PCL)
Protocol Composition Logic (PCL) is a logic for proving security properties of network
protocols that use public and symmetric key cryptography. The logic is designed around a …
protocols that use public and symmetric key cryptography. The logic is designed around a …
Formal methods for cryptographic protocol analysis: Emerging issues and trends
C Meadows - IEEE journal on selected areas in …, 2003 - ieeexplore.ieee.org
The history of the application of formal methods to cryptographic protocol analysis spans
over 20 years and has been showing signs of new maturity and consolidation. Not only have …
over 20 years and has been showing signs of new maturity and consolidation. Not only have …
Authentication tests and the structure of bundles
JD Guttman, FJ Thayer - Theoretical computer science, 2002 - Elsevier
Suppose a principal in a cryptographic protocol creates and transmits a message containing
a new value v, later receiving v back in a different cryptographic context. It can be concluded …
a new value v, later receiving v back in a different cryptographic context. It can be concluded …
Model checking security protocols
The formal analysis of security protocols is a prime example of a domain where model
checking has been successfully applied. Although security protocols are typically small …
checking has been successfully applied. Although security protocols are typically small …
A derivation system and compositional logic for security protocols
Many authentication and key exchange protocols are built using an accepted set of standard
concepts such as Diffie–Hellman key exchange, nonces to avoid replay, certificates from an …
concepts such as Diffie–Hellman key exchange, nonces to avoid replay, certificates from an …
Provably repairing the ISO/IEC 9798 standard for entity authentication
We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798
standard and find numerous weaknesses, both old and new, including some that violate …
standard and find numerous weaknesses, both old and new, including some that violate …