research-article

Seems Legit: Automated Analysis of Subtle Attacks on Protocols that Use Signatures

Authors:
Dennis Jackson

University of Oxford, Oxford, United Kingdom

University of Oxford, Oxford, United Kingdom
View Profile

,
Cas Cremers

CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
View Profile

,
Katriel Cohn-Gordon

Independent Scholar, London, United Kingdom

Independent Scholar, London, United Kingdom
View Profile

,
Ralf Sasse

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2019Pages 2165–2180https://doi.org/10.1145/3319535.3339813

Published:06 November 2019Publication History

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 2165–2180

ABSTRACT

The standard definition of security for digital signatures - existential unforgeability - does not ensure certain properties that protocol designers might expect. For example, in many modern signature schemes, one signature may verify against multiple distinct public keys. It is left to protocol designers to ensure that the absence of these properties does not lead to attacks.

Modern automated protocol analysis tools are able to provably exclude large classes of attacks on complex real-world protocols such as TLS~1.3 and 5G. However, their abstraction of signatures (implicitly) assumes much more than existential unforgeability, thereby missing several classes of practical attacks.

We give a hierarchy of new formal models for signature schemes that captures these subtleties, and thereby allows us to analyse (often unexpected) behaviours of real-world protocols that were previously out of reach of symbolic analysis. We implement our models in the Tamarin Prover, yielding the first way to perform these analyses automatically, and validate them on several case studies. In the process, we find new attacks on DRKey and SOAP's WS-Security, both protocols which were previously proven secure in traditional symbolic models.

Supplemental Material

p2165-jackson.webm

webm

99.5 MB

Download

References

Jee Hea An, Yevgeniy Dodis, and Tal Rabin. 2002. On the Security of Joint Signature and Encryption. In Advances in Cryptology - EUROCRYPT 2002, International Conference on the Theory and Applications of Cryptographic Techniques, Amsterdam, The Netherlands, April 28 - May 2, 2002, Proceedings (Lecture Notes in Computer Science), Lars R. Knudsen (Ed.), Vol. 2332. Springer, 83--107. https://doi.org/10.1007/3--540--46035--7_6Google Scholar
Michael Backes, Dennis Hofheinz, and Dominique Unruh. 2009. CoSP: a general framework for computational soundness proofs. In Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9--13, 2009, Ehab Al-Shaer, Somesh Jha, and Angelos D. Keromytis (Eds.). ACM, 66--78. https://doi.org/10.1145/1653662.1653672Google ScholarDigital Library
Michael Backes, Sebastian Mö dersheim, Birgit Pfitzmann, and Luca Viganò. 2006. Symbolic and Cryptographic Analysis of the Secure WS-ReliableMessaging Scenario. In Foundations of Software Science and Computation Structures, 9th International Conference, FOSSACS 2006, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2006, Vienna, Austria, March 25--31, 2006, Proceedings. 428--445. https://doi.org/10.1007/11690634_29Google Scholar
Joonsang Baek and Kwangjo Kim. 2000. Remarks on the unknown key share attacks., Vol. 83, 12 (2000), 2766--2769.Google Scholar
Gergei Bana and Rohit Chadha. 2016. Verification Methods for the Computationally Complete Symbolic Attacker Based on Indistinguishability. IACR Cryptology ePrint Archive, Vol. 2016 (2016), 69. http://eprint.iacr.org/2016/069Google Scholar
Gergei Bana and Hubert Comon-Lundh. 2012. Towards Unconditional Soundness: Computationally Complete Symbolic Attacker. In Principles of Security and Trust (2012), Pierpaolo Degano and Joshua D. Guttman (Eds.). Springer Berlin Heidelberg, 189--208.Google ScholarDigital Library
Gilles Barthe, Benjamin Gré goire, Sylvain Heraud, and Santiago Zanella Bé guelin. 2011. Computer-Aided Security Proofs for the Working Cryptographer. In Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14--18, 2011. Proceedings (Lecture Notes in Computer Science), Phillip Rogaway (Ed.), Vol. 6841. Springer, 71--90. https://doi.org/10.1007/978--3--642--22792--9_5Google Scholar
David A. Basin, Jannik Dreier, Lucca Hirschi, Sasa Radomirovic, Ralf Sasse, and Vincent Stettler. 2018. A Formal Analysis of 5G Authentication. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15--19, 2018, David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang (Eds.). ACM, 1383--1396. https://doi.org/10.1145/3243734.3243846Google ScholarDigital Library
David A. Basin, Andreas Lochbihler, and S. Reza Sefidgar. 2017. CryptHOL: Game-based Proofs in Higher-order Logic. IACR Cryptology ePrint Archive, Vol. 2017 (2017), 753. http://eprint.iacr.org/2017/753Google Scholar
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. J. Cryptographic Engineering, Vol. 2, 2 (2012), 77--89. https://doi.org/10.1007/s13389-012-0027--1Google ScholarCross Ref
Karthikeyan Bhargavan, Bruno Blanchet, and Nadim Kobeissi. 2017a. Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate. In 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22--26, 2017. IEEE Computer Society, 483--502. https://doi.org/10.1109/SP.2017.26Google ScholarCross Ref
Karthikeyan Bhargavan, Ricardo Corin, Cé dric Fournet, and Andrew D. Gordon. 2004. Secure sessions for web services. In Proceedings of the 1st ACM Workshop On Secure Web Services, SWS 2004, Fairfax, VA, USA, October 29, 2004. 56--66. https://doi.org/10.1145/1111348.1111355Google ScholarDigital Library
Karthikeyan Bhargavan, Antoine Delignat-Lavaud, and Nadim Kobeissi. 2017b. Formal Modeling and Verification for Domain Validation and ACME. In Financial Cryptography and Data Security - 21st International Conference, FC 2017, Sliema, Malta, April 3--7, 2017, Revised Selected Papers (Lecture Notes in Computer Science), Aggelos Kiayias (Ed.), Vol. 10322. Springer, 561--578. https://doi.org/10.1007/978--3--319--70972--7_32Google Scholar
Karthikeyan Bhargavan, Cé dric Fournet, and Andrew D. Gordon. 2006. Verified Reference Implementations of WS-Security Protocols. In Web Services and Formal Methods, Third International Workshop, WS-FM 2006 Vienna, Austria, September 8--9, 2006, Proceedings. 88--106. https://doi.org/10.1007/11841197_6Google Scholar
Karthikeyan Bhargavan, Cé dric Fournet, Andrew D. Gordon, and Riccardo Pucella. 2003. TulaFale: A Security Tool for Web Services. In Formal Methods for Components and Objects, Second International Symposium, FMCO 2003, Leiden, The Netherlands, November 4--7, 2003, Revised Lectures. 197--222. https://doi.org/10.1007/978--3--540--30101--1_9Google Scholar
Karthikeyan Bhargavan, Cé dric Fournet, Andrew D. Gordon, and Stephen Tse. 2008. Verified interoperable implementations of security protocols. ACM Trans. Program. Lang. Syst., Vol. 31, 1 (2008), 5:1--5:61. https://doi.org/10.1145/1452044.1452049Google ScholarDigital Library
Simon Blake-Wilson and Alfred Menezes. 1999. Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol. In Public Key Cryptography, Second International Workshop on Practice and Theory in Public Key Cryptography, PKC '99, Kamakura, Japan, March 1--3, 1999, Proceedings (Lecture Notes in Computer Science), Hideki Imai and Yuliang Zheng (Eds.), Vol. 1560. Springer, 154--170. https://doi.org/10.1007/3--540--49162--7_12Google ScholarCross Ref
Bruno Blanchet. 2001. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001), 11--13 June 2001, Cape Breton, Nova Scotia, Canada. IEEE Computer Society, 82--96. https://doi.org/10.1109/CSFW.2001.930138Google ScholarDigital Library
Bruno Blanchet and David Pointcheval. 2006. Automated Security Proofs with Sequences of Games. In Advances in Cryptology - CRYPTO 2006, 26th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20--24, 2006, Proceedings (Lecture Notes in Computer Science), Cynthia Dwork (Ed.), Vol. 4117. Springer, 537--554. https://doi.org/10.1007/11818175_32Google Scholar
Bruno Blanchet, Ben Smyth, Vincent Cheval, and Marc Sylvestre. 2018. ProVerif 2.00: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial. (2018). Version from 2018-05--16.Google Scholar
Jens-Matthias Bohli, Stefan Rö hrich, and Rainer Steinwandt. 2006. Key substitution attacks revisited: Taking into account malicious signers. Int. J. Inf. Sec., Vol. 5, 1 (2006), 30--36. https://doi.org/10.1007/s10207-005-0071--2Google ScholarDigital Library
Dan Boneh, Emily Shen, and Brent Waters. 2006. Strongly Unforgeable Signatures Based on Computational Diffie-Hellman. In Public Key Cryptography - PKC 2006, 9th International Conference on Theory and Practice of Public-Key Cryptography, New York, NY, USA, April 24--26, 2006, Proceedings (Lecture Notes in Computer Science), Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin (Eds.), Vol. 3958. Springer, 229--240. https://doi.org/10.1007/11745853_15Google Scholar
Yannick Chevalier and Mounira Kourjieh. 2007. Key Substitution in the Symbolic Analysis of Cryptographic Protocols. In FSTTCS 2007: Foundations of Software Technology and Theoretical Computer Science, 27th International Conference, New Delhi, India, December 12--14, 2007, Proceedings (Lecture Notes in Computer Science), Vikraman Arvind and Sanjiva Prasad (Eds.), Vol. 4855. Springer, 121--132. https://doi.org/10.1007/978--3--540--77050--3_10Google ScholarCross Ref
Cas Cremers and Martin Dehnel-Wild. 2019. Component-Based Formal Analysis of 5G-AKA: Channel Assumptions and Session Confusion. In Network and Distributed Systems Symposium (NDSS 2019) (2019). (To appear).Google ScholarCross Ref
Cas Cremers, Martin Dehnel-Wild, and Kevin Milner. 2017a. Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5. In Computer Security - ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11--15, 2017, Proceedings, Part I (Lecture Notes in Computer Science), Simon N. Foley, Dieter Gollmann, and Einar Snekkenes (Eds.), Vol. 10492. Springer, 389--407. https://doi.org/10.1007/978--3--319--66402--6_23Google Scholar
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. 2017b. A Comprehensive Symbolic Analysis of TLS 1.3. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM, 1773--1788. https://doi.org/10.1145/3133956.3134063Google ScholarDigital Library
Cas Cremers, Marko Horvat, Sam Scott, and Thyla van der Merwe. 2016. Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication. In IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22--26, 2016. IEEE Computer Society, 470--485. https://doi.org/10.1109/SP.2016.35Google Scholar
Cas Cremers and Dennis Jackson. 2019. Prime, Order Please! Revisiting Small Subgroup and Invalid Curve Attacks on Protocols using Diffie-Hellman. IEEE CSF, Vol. 19 (2019).Google ScholarCross Ref
Christian Decker and Roger Wattenhofer. 2014. Bitcoin Transaction Malleability and MtGox. In Computer Security - ESORICS 2014 - 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7--11, 2014. Proceedings, Part II (Lecture Notes in Computer Science), Miroslaw Kutylowski and Jaideep Vaidya (Eds.), Vol. 8713. Springer, 313--326. https://doi.org/10.1007/978--3--319--11212--1_18Google Scholar
Antoine Delignat-Lavaud, Cé dric Fournet, Markulf Kohlweiss, Jonathan Protzenko, Aseem Rastogi, Nikhil Swamy, Santiago Zanella Bé guelin, Karthikeyan Bhargavan, Jianyang Pan, and Jean Karim Zinzindohoue. 2017. Implementing and Proving the TLS 1.3 Record Layer. In 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22--26, 2017. IEEE Computer Society, 463--482. https://doi.org/10.1109/SP.2017.58Google ScholarCross Ref
Whitfield Diffie, Paul C. van Oorschot, and Michael J. Wiener. 1992. Authentication and Authenticated Key Exchanges. Des. Codes Cryptography, Vol. 2, 2 (1992), 107--125. https://doi.org/10.1007/BF00124891Google ScholarDigital Library
Shaddin F Doghmi, Joshua D Guttman, and F Javier Thayer. 2007. Searching for shapes in cryptographic protocols. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (2007). Springer, 523--537.Google ScholarCross Ref
Santiago Escobar, Catherine Meadows, and José Meseguer. 2009. Maude-NPA: Cryptographic protocol analysis modulo equational properties. In Foundations of Security Analysis and Design V. Springer, 1--50.Google Scholar
Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. 1988. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Comput., Vol. 17, 2 (1988), 281--308. https://doi.org/10.1137/0217017Google ScholarDigital Library
Felix Gü nther and Bertram Poettering. 2015. Linkable Message Tagging: Solving the Key Distribution Problem of Signature Schemes. In Information Security and Privacy - 20th Australasian Conference, ACISP 2015, Brisbane, QLD, Australia, June 29 - July 1, 2015, Proceedings (Lecture Notes in Computer Science), Ernest Foo and Douglas Stebila (Eds.), Vol. 9144. Springer, 195--212. https://doi.org/10.1007/978--3--319--19962--7_12Google Scholar
ISO Central Secretary. 1999. Information technology security techniques - key management - Part 3: Mechanisms using asymmetric techniques.Google Scholar
Dennis Jackson, Cas Cremers, Katriel Cohn-Gordon, and Ralf Sasse. 2019. Supplementary Materials and Models. https://people.cispa.io/cas.cremers/downloads/archives/Tamarin_better_signatures.zipGoogle Scholar
Tibor Jager, Saqib A. Kakvi, and Alexander May. 2018. On the Security of the PKCS#1 v1.5 Signature Scheme. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15--19, 2018, David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang (Eds.). ACM, 1195--1208. https://doi.org/10.1145/3243734.3243798Google ScholarDigital Library
jedisct1. 2016. It's possible to forge messages that cryptosignopen verifies if the public key is zero. https://github.com/jedisct1/libsodium/issues/112 Retrieved Feburary 2nd, 2019 from Issue 112 jedisct1/libsodium.Google Scholar
Simon Josefsson and Ilari Liusvaara. 2017. Edwards-Curve Digital Signature Algorithm (EdDSA). RFC, Vol. 8032 (2017), 1--60. https://doi.org/10.17487/RFC8032Google Scholar
B. Kaliski, J. Jonsson, and A. Rusch. 2016. PKCS# 1: RSA Cryptography Specifications Version 2.2, Section 9.2, Note 2. Technical Report.Google Scholar
Jonathan Katz and Yehuda Lindell. 2014. Introduction to Modern Cryptography, Second Edition .CRC Press.Google ScholarDigital Library
Tiffany Hyun-Jin Kim, Cristina Basescu, Limin Jia, Soo Bum Lee, Yih-Chun Hu, and Adrian Perrig. 2016. Lightweight source authentication and path validation. In ACM SIGCOMM Computer Communication Review (2014), Vol. 44. ACM, 271--282.Google Scholar
Nadim Kobeissi, Karthikeyan Bhargavan, and Bruno Blanchet. 2017. Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach. In 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, Paris, France, April 26--28, 2017. IEEE, 435--450. https://doi.org/10.1109/EuroSP.2017.38Google Scholar
Christina Lindenberg, Kai Wirt, and Johannes A. Buchmann. 2006. Formal Proof for the Correctness of RSA-PSS. IACR Cryptology ePrint Archive, Vol. 2006 (2006), 11. http://eprint.iacr.org/2006/011Google Scholar
Alfred Menezes and Nigel P. Smart. 2004. Security of Signature Schemes in a Multi-User Setting. Des. Codes Cryptography, Vol. 33, 3 (2004), 261--274. https://doi.org/10.1023/B:DESI.0000036250.18062.3fGoogle ScholarDigital Library
Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, and Laurent Chuat. 2017. SCION: A Secure Internet Architecture .Springer International Publishing AG. https://doi.org/10.1007/978--3--319--67080--5Google ScholarCross Ref
Thomas Pornin and Julien P. Stern. 2005. Digital Signatures Do Not Guarantee Exclusive Ownership. In Applied Cryptography and Network Security, Third International Conference, ACNS 2005, New York, NY, USA, June 7--10, 2005, Proceedings (Lecture Notes in Computer Science), John Ioannidis, Angelos D. Keromytis, and Moti Yung (Eds.), Vol. 3531. 138--150. https://doi.org/10.1007/11496137_10Google Scholar
Benedikt Schmidt, Simon Meier, Cas J. F. Cremers, and David A. Basin. 2012. Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties. In 25th IEEE Computer Security Foundations Symposium, CSF 2012, Cambridge, MA, USA, June 25--27, 2012, Stephen Chong (Ed.). IEEE Computer Society, 78--94. https://doi.org/10.1109/CSF.2012.25Google Scholar
Jacques Stern, David Pointcheval, John Malone-Lee, and Nigel P. Smart. 2002. Flaws in Applying Proof Methodologies to Signature Schemes. In Advances in Cryptology - CRYPTO 2002, 22nd Annual International Cryptology Conference, Santa Barbara, California, USA, August 18--22, 2002, Proceedings (Lecture Notes in Computer Science), Moti Yung (Ed.), Vol. 2442. Springer, 93--110. https://doi.org/10.1007/3--540--45708--9_7Google Scholar
Tamarin Team. 2016. Tamarin-Prover Manual -- Security Protocol Analysis in the Symbolic Model.Google Scholar
Serge Vaudenay. 2003. The Security of DSA and ECDSA. In Public Key Cryptography - PKC 2003, 6th International Workshop on Theory and Practice in Public Key Cryptography, Miami, FL, USA, January 6--8, 2003, Proceedings. 309--323. https://doi.org/10.1007/3--540--36288--6_23Google Scholar
Fuyuan Zhang, Limin Jia, Cristina Basescu, Tiffany Hyun-Jin Kim, Yih-Chun Hu, and Adrian Perrig. 2014. Mechanized network origin and path authenticity proofs. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014). ACM, 346--357.Google ScholarDigital Library
Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, and Benjamin Beurdouche. 2017. HACL*: A verified modern cryptographic library. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1789--1806.Google ScholarDigital Library

Index Terms

Seems Legit: Automated Analysis of Subtle Attacks on Protocols that Use Signatures

Recommendations

Verification of security protocols with lists: From length one to unbounded length
Security and Trust Principles

We present a novel, simple technique for proving secrecy properties for security protocols that manipulate lists of unbounded length, for an unbounded number of sessions. More specifically, our technique relies on the Horn clause approach used in the ...
Read More
Formal Verification of a Post-quantum Signal Protocol with Tamarin
Verification and Evaluation of Computer and Communication Systems
Abstract
The Signal protocol is used by billions of people for instant messaging in applications such as Facebook Messenger, Google Messages, Signal, Skype, and WhatsApp. However, advances in quantum computing threaten the security of the cornerstone of ...
Read More
Verification Method of Key-Exchange Protocols With a Small Amount of Input Using Tamarin Prover
ASSS '21: Proceedings of the 2021 International Symposium on Advanced Security on Software and Systems

We propose an automatic verification method for cryptographic protocols. Our method can verify whether or not the key-exchange protocol satisfies main security properties, requiring only the protocol specification as its input. The specification ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
November 2019
2755 pages
ISBN:9781450367479
DOI:10.1145/3319535
General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 November 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
automated analysis
digital signatures
formal verification
proverif
security protocols
symbolic model
tamarin prover
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '19 Paper Acceptance Rate149of934submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 13
  Total Citations
  View Citations
- 555
  Total Downloads
- Downloads (Last 12 months)46
- Downloads (Last 6 weeks)9
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Seems Legit: Automated Analysis of Subtle Attacks on Protocols that Use Signatures

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Verification of security protocols with lists: From length one to unbounded length

Formal Verification of a Post-quantum Signal Protocol with Tamarin

Verification Method of Key-Exchange Protocols With a Small Amount of Input Using Tamarin Prover