# Developing Security Protocols by Refinement

 Title: Developing Security Protocols by Refinement Authors: Christoph Sprenger (sprenger /at/ inf /dot/ ethz /dot/ ch) and Ivano Somaini Submission date: 2017-05-24 Abstract: We propose a development method for security protocols based on stepwise refinement. Our refinement strategy transforms abstract security goals into protocols that are secure when operating over an insecure channel controlled by a Dolev-Yao-style intruder. As intermediate levels of abstraction, we employ messageless guard protocols and channel protocols communicating over channels with security properties. These abstractions provide insights on why protocols are secure and foster the development of families of protocols sharing common structure and properties. We have implemented our method in Isabelle/HOL and used it to develop different entity authentication and key establishment protocols, including realistic features such as key confirmation, replay caches, and encrypted tickets. Our development highlights that guard protocols and channel protocols provide fundamental abstractions for bridging the gap between security properties and standard protocol descriptions based on cryptographic messages. It also shows that our refinement approach scales to protocols of nontrivial size and complexity. BibTeX: @article{Security_Protocol_Refinement-AFP, author = {Christoph Sprenger and Ivano Somaini}, title = {Developing Security Protocols by Refinement}, journal = {Archive of Formal Proofs}, month = may, year = 2017, note = {\url{https://isa-afp.org/entries/Security_Protocol_Refinement.html}, Formal proof development}, ISSN = {2150-914x}, } License: GNU Lesser General Public License (LGPL) Status: [ok] This is a development version of this entry. It might change over time and is not stable. Please refer to release versions for citations.