CadeBlanchetJoWUA13
Bruno Blanchet
Back to publications
David Cadé and Bruno Blanchet.
From Computationally-Proved Protocol Specifications to
Implementations and Application to SSH.
Journal of Wireless Mobile Networks, Ubiquitous Computing, and
Dependable Applications (JoWUA), 4(1):4-31, March 2013.
Special issue ARES'12.
Get the paper
.pdf, 293 Kb
Links
Electronic edition http://isyou.info/jowua/papers/jowua-v4n1-1.pdf
Abstract
This paper presents a novel technique for obtaining implementations
of security protocols, proved secure in the computational model.
We formally specify the protocol to prove, we prove this specification
using the computationally-sound protocol verifier CryptoVerif, and
we automatically translate it into an implementation in
OCaml using a new compiler that we have implemented.
We applied this approach to the SSH
Transport Layer protocol: we proved the authentication of the server and
the secrecy of the session keys in
this protocol and verified that the generated implementation successfully
interacts with OpenSSH. We explain these proofs, as well as an extension
of CryptoVerif needed for the proof of secrecy of the session keys.
The secrecy of messages sent over the SSH tunnel
cannot be proved due to known weaknesses in SSH with CBC-mode
encryption.
Bibtex
@ARTICLE{CadeBlanchetJoWUA13,
AUTHOR = {David Cad{\'e} and Bruno Blanchet},
TITLE = {From Computationally-Proved Protocol Specifications to Implementations and Application to {SSH}},
JOURNAL = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)},
YEAR = 2013,
VOLUME = 4,
NUMBER = 1,
PAGES = {4--31},
MONTH = MAR,
NOTE = {Special issue ARES'12}
}
E-mail/Courrier électronique : Bruno.Blanchet@trap-inria.fr (remove trap-)