Formal correctness of security protocols

The author investigates proofs of correctness of realistic security protocols in a formal, intuitive setting. The protocols examined include Kerberos versions, smartcard protocols, non-repudiation protocols, and certified email protocols. The method of analysis turns out to be both powerful and flexible. This research advances significant extensions to the method of analysis, while the findings on the protocols analysed are novel and illuminating.

The Analysis of Security Protocols.- The Inductive Method.- Verifying the Protocol Goals.- The Principle of Goal Availability.- Modelling Timestamping and Verifying a Classical Protocol.- Verifying a Deployed Protocol.- Modelling Agents' Knowledge of Messages.- Verifying Another Deployed Protocol.- Modelling Smartcards.- Verifying a Smartcard Protocol.- Modelling Accountability.- Verifying Two Accountability Protocols.- Conclusions.