Previous | 
Home
Section: New Results
Verification of Security Protocols in the Symbolic Model
The symbolic model of protocols, or Dolev-Yao model is an abstract model in which messages are represented by terms. Our protocol verifier ProVerif relies on this model. This year, we have mainly worked on the verification of protocols with lists and on an extension of ProVerif to prove more observational equivalences.
Verification of Protocols with Lists
Participants : Bruno Blanchet [correspondant] , Miriam Paiola.
security protocols, symbolic model, automatic verification, Horn clauses, secrecy
We have designed a novel, simple technique for proving secrecy properties for security protocols that manipulate lists of unbounded length, for an unbounded number of sessions [32] . More specifically, our technique relies on the Horn clause approach used in the automatic verifier ProVerif : we show that if a protocol is proven secure by our technique with lists of length one, then it is secure for lists of unbounded length. Interestingly, this theorem relies on approximations made by our verification technique: in general, secrecy for lists of length one does not imply secrecy for lists of unbounded length. Our result can be used in particular to prove secrecy properties for group protocols with an unbounded number of participants and for some XML protocols (web services) with ProVerif .
Proving More Process Equivalences with ProVerif
Participants : Bruno Blanchet [correspondant] , Vincent Cheval.
security protocols, symbolic model, automatic verification, observational equivalence, privacy
We have extended the automatic protocol verifier ProVerif in order to prove more observational equivalences [28] . ProVerif can prove observational equivalence between processes that have the same structure but differ by the messages they contain. In order to extend the class of equivalences that ProVerif handles, we extend the language of terms by defining more functions (destructors) by rewrite rules. In particular, we allow rewrite rules with inequalities as side-conditions, so that we can express tests "if then else" inside terms. Finally, we provide an automatic procedure that translates a process into an equivalent process that performs as many actions as possible inside terms, to allow ProVerif to prove the desired equivalence. These extensions have been implemented in ProVerif and allow us to automatically prove anonymity in the private authentication protocol by Abadi and Fournet.