Verification of protocols with loops

Indemnisation The internship is supported by the European grant ProS-ecure (ERC Starting Grant) and the ANR grant VIP (Programme JCJC). Context. Security protocols are distributed programs that aim at ensuring security properties, such as confidentiality, authentication or anonymity, by the means of cryptography. Such protocols are widely deployed, e.g., for electronic commerce on the Internet, in banking networks, mobile phones and more recently electronic elections. As properties need to be ensured, even if the protocol is executed over untrusted networks (such as the In-ternet), these protocols have shown extremely difficult to get right. Formal methods have shown very useful to detect errors and ensure their correct-ness. Many automated tools exist for analyzing protocols. However, while classical authentication protocols are a simple sequence of inputs and outputs, recent protocols tend to have more complicated program structures. One such example are protocols which include loops. For instance the TESLA protocol [PCTS00] is a broadcast stream authentication protocol which sends a stream of data in a loop without a bound on the number of iterations. Automatically analyzing such a protocol is out of the scope of most existing tools. Recently, a new tool, called tamarin [SMCB12, SMCB12], has been proposed. In contrast to most other fully automated tools it allows a user to interact with it and guide the tool in order to avoid non-termination. (Note that non-termination is unavoidable as the problem of verifying security protocols is undecidable in general.) It has been shown that the tool is indeed able to analyze protocols such as TESLA. However, a shortcoming of tamarin is that its input language, labelled multiset rewriting rules, is a very low level language. This makes the process of specifying protocols a difficult, error-prone task yielding specifications that are difficult to read. To overcome this shortcoming we recently presented a tool [KK13] which translates specifications written in a high-level specification language, a variant of the applied pi calculus, into the input language of tamarin, using tamarin as a backend.