Cryptology ePrint Archive: Report 2006/435

Searching for Shapes in Cryptographic Protocols (extended version)

Shaddin F. Doghmi and Joshua D. Guttman and F. Javier Thayer

Abstract: We describe a method for enumerating all essentially different executions possible for a cryptographic protocol. We call them the shapes of the protocol. Naturally occurring protocols have only finitely many, indeed very few shapes. Authentication and secrecy properties are easy to determine from them, as are attacks and anomalies. CPSA, our Cryptographic Protocol Shape Analyzer, implements the method.

In searching for shapes, CPSA starts with some initial behavior, and discovers what shapes are compatible with it. Normally, the initial behavior is the point of view of one participant. The analysis reveals what the other principals must have done, given this participant's view.

The search is complete, i.e. every shape can in fact be found in a finite number of steps. The steps in question are applications of two authentication tests, fundamental patterns for protocol analysis and heuristics for protocol design. We have formulated the authentication tests in a new, stronger form, and proved completeness for a search algorithm based on them.

Category / Keywords: cryptographic protocols / authentication protocols, Dolev-Yao model, strand spaces, mechanized protocol analysis

Publication Info: Short version in TACAS 2007, LNCS 4424

Date: received 20 Nov 2006, last revised 2 Feb 2007

Contact author: guttman at mitre org

Available format(s): PDF | BibTeX Citation

Note: Improved exposition and corrected various errors.

Version: 20070202:133207 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]