A method for symbolic analysis of security protocols

In security protocols, message exchange between the intruder and honest participants induces a form of state explosion which makes protocol models infinite. We propose a general method for automatic analysis of security protocols based on the notion of frame, essentially a rewrite system plus a set of distinguished terms called messages. Frames are intended to model generic crypto-systems. Based on frames, we introduce a process language akin to Abadi and Fournet's applied pi. For this language, we define a symbolic operational semantics that relies on unification and provides finite and effective protocol models. Next, we give a method to carry out trace analysis directly on the symbolic model. We spell out a regularity condition on the underlying frame, which guarantees completeness of our method for the considered class of properties, including secrecy and various forms of authentication. We show how to instantiate our method to some of the most common crypto-systems, including shared- and public-key encryption, hashing and Diffie-Hellman key exchange. (c) 2005 Elsevier B.V. All rights reserved.