Vérification automatique de protocoles d'examen, de monnaie, de réputation, et de routage. (Automated Verification of Exam, Cash, aa Reputation, and Routing Protocols)

Security is a crucial requirement in the applications based on information and communication technology, especially when an open network such as the Internet is used. To ensure security in such applications several security protocols have been developed. However, the design of complex security protocols is notoriously difficult and error-prone. Several flaws have been found on protocols that are claimed secure. Hence, security protocols must be verified before they are used. One approach to verify security protocols is the use of formal methods. The use of formal methods has enabled the discovery of several flaws on security protocols, as well as, the proof of some other protocols’ correctness. However, errors can be introduced when the protocols are implemented. Another approach which can be used to verify implementations individual executions is runtime verification. Runtime verification mainly can help in the cases where verifying implementations formally is complex and difficult. In this thesis we contribute to security protocol verification with an emphasis on formal verification and automation. Firstly, we study exam protocols. We propose formal definitions for several authentication and privacy properties in the Applied πCalculus. We also provide an abstract definitions of verifiability properties. We analyze all these properties automatically using ProVerif on multiple case studies, and identify several flaws. Moreover, we propose several monitors to check exam requirements at runtime. These monitors are validated by analyzing a real exam implementation using MarQ tool. Secondly, we propose a formal framework to verify the security properties of non-transferable electronic cash protocols. We define client privacy and forgery related properties. Again, we illustrate our model by analyzing three case studies using ProVerif, and we re-discover known attacks. Thirdly, we propose formal definitions for authentication, privacy, and verifiability properties of electronic reputation protocols. We discuss the proposed definitions, with the help of ProVerif, on a simple reputation protocol. Finally, we obtain a reduction result to verify route validity of ad-hoc routing protocols in presence of multiple independent attackers.