| | |
Summary: Just Fast Keying in the Pi Calculus
Mart´in Abadi1
, Bruno Blanchet2
, and C´edric Fournet3
1
University of California, Santa Cruz
2
CNRS, D´epartement d'Informatique, ´Ecole Normale Sup´erieure, Paris
and Max-Planck-Institut f¨ur Informatik, Saarbr¨ucken
3
Microsoft Research
Abstract. JFK is a recent, attractive protocol for fast key establishment as part
of securing IP communication. In this paper, we analyze it formally in the ap-
plied pi calculus (partly in terms of observational equivalences, partly with the
assistance of an automatic protocol verifier). We treat JFK's core security prop-
erties, and also other properties that are rarely articulated and studied rigorously,
such as resistance to denial-of-service attacks. In the course of this analysis we
found some ambiguities and minor problems, but we mostly obtain positive re-
sults about JFK. For this purpose, we develop ideas and techniques that should be
useful more generally in the specification and verification of security protocols.
|
