Formal Methods for Information Security

Spring Semester 2015 (263-4600-00L)

Overview

Lecturers and Tutors:
Dr. Sasa Radomirovic, Dr. Ralf Sasse, Dr. Christoph Sprenger

Lectures:
Thursday 9-11am, CAB G 57

Exercises:
Thursday 11-12am, CAB G 57

Credits: 4 ECTS (2V + 1U)

Project:
20% of the grade

Homework:
optional, but strongly recommended

Exams:
Oral exam (session examination), date TBD.

Language: English

Announcements

  • The first lecture takes place on 25 Feb 2016. Exercise session on first day will consist of brief introduction to Tamarin-prover and how to install.

Description

The course treats formal methods for the modelling and analysis of security protocols. Cryptographic protocols (such as SSL/TLS, SSH, Kerberos, SAML single-sign on, and IPSec) form the basis for secure communication and business processes. Numerous attacks on published protocols show that the design of cryptographic protocols is extremely error-prone. A rigorous analysis of these protocols is therefore indispensable, and manual analysis is insufficient. The lectures cover the theoretical basis for the (tool-supported) formal modeling and analysis of such protocols. Specifically, we discuss their operational semantics, the formalization of security properties, and techniques and algorithms for their verification.

In addition to the classical security properties for confidentiality and authentication, we will study strong secrecy, privacy, and fairness properties. We will discuss electronic voting protocols, RFID protocols (a staple of the Internet of Things), and contract signing protocols where these properties are central. The accompanying tutorials provide an opportunity to apply the theory and tools to concrete protocols.

Resources

Literature

The lecture is based mainly on various journal/conference papers, but see also (all available at the library):

  • Benedikt Schmidt, "external pageFormal analysis of key exchange protocols and physical protocols", 2012
  • Cremers and Mauw, "Operational semantics and verification of security protocols", 2013
  • Boyd, "Protocols for authentication and key establishment", 2003
  • Bella, "Formal correctness of security protocols", 2007
  • Ryan and Schneider, "The modeling and analysis of security protocols", 2001
  • Vanstone, van Oorschot and Menezes, "Handbook of applied cryptography", 1997

Course Material

The lecture notes, exercises, slides, and other resources are available in our protected pagesecured area (log in at the top of the page first!).

Please login first at the top right corner of the page.

JavaScript has been disabled in your browser