Section: New Software and Platforms
ProVerif
Keywords: Security - Verification - Cryptographic protocol
Functional Description: ProVerif is an automatic security protocol verifier in the symbolic model (so called Dolev-Yao model). In this model, cryptographic primitives are considered as black boxes. This protocol verifier is based on an abstract representation of the protocol by Horn clauses. Its main features are:
It can verify various security properties (secrecy, authentication, process equivalences).
It can handle many different cryptographic primitives, specified as rewrite rules or as equations.
It can handle an unbounded number of sessions of the protocol (even in parallel) and an unbounded message space.
News Of The Year: Marc Sylvestre extended his interactive simulator of protocols modeled in ProVerif to simulate the semantics of biprocesses, used to prove observational equivalence between two processes. He also made minor improvements to this simulator and to the graphical display of attacks.
Bruno Blanchet modified ProVerif and CryptoVerif to improve the compatibility between these two tools. It is now possible for simple examples to use the same input file with both tools, for instance to try to find attacks in the symbolic model using ProVerif, and if no attack is found, then prove the protocol in the computational model using CryptoVerif. For more complex examples, the differences between the files to provide for each tool are considerably reduced. The cryptographic primitives are specified in distinct libraries, one for ProVerif and one for CryptoVerif, because the assumptions on primitives are very different in the symbolic and computational models. These features are released in ProVerif 2.00.
Vincent Cheval and Bruno Blanchet implemented several extensions of ProVerif: 1) support for integer counters, with incrementation and inequality tests, 2) lemmas and axioms to give intermediate results to ProVerif, which it exploits to help proving subsequent queries, by deriving additional information in the Horn clauses that it uses to perform the proofs, 3) proofs by induction on the length of the trace, by giving as lemma the property to prove, but obviously for strictly shorter traces. These features are not released yet.
-
Participants: Bruno Blanchet, Marc Sylvestre and Vincent Cheval
-
Publications: Automated reasoning for equivalences in the applied pi calculus with barriers - Automated Reasoning for Equivalences in the Applied Pi Calculus with Barriers - Automated reasoning for equivalences in the applied pi calculus with barriers - Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif - Automatic Verification of Security Protocols in the Symbolic Model: The Verifier ProVerif - Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate - Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate - Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach - Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols - Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols