A review of Proverif as an automatic security protocol verifier
A review of Proverif as an automatic security protocol verifier
A review of Proverif as an automatic security protocol verifier
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5.3 Usability<br />
To our knowledge, no comparative study h<strong>as</strong> been done in the area <strong>of</strong> the<br />
usability <strong>of</strong> <strong>automatic</strong> <strong>security</strong> <strong>protocol</strong> <strong>verifier</strong>s. We decided to compare the<br />
documentation (user m<strong>an</strong>uals, example code) provided by the authors on the<br />
website. With good documentation available, users c<strong>an</strong> start using the <strong>verifier</strong><br />
more e<strong>as</strong>ily by exploring the examples <strong>an</strong>d m<strong>an</strong>uals provided.<br />
ProVerif (v1.82) 12 provides a folder containing examples for both input l<strong>an</strong>guages<br />
(Horn clauses <strong>an</strong>d pi calculus). There is also <strong>an</strong> folder containing a m<strong>an</strong>ual<br />
describing the input <strong>an</strong>d output formats <strong>an</strong>d a m<strong>an</strong>ual on how to upgrade<br />
from <strong>an</strong> older version <strong>of</strong> ProVerif.<br />
The website 13 <strong>of</strong> the AVISPA project provides a lot <strong>of</strong> input examples <strong>of</strong> existing<br />
<strong>protocol</strong>s for the HLPSL l<strong>an</strong>guage in the form <strong>of</strong> the AVISPA Library. They also<br />
provide a list <strong>of</strong> user-contributed <strong>protocol</strong> specifications. The authors provide<br />
installation m<strong>an</strong>uals for each <strong>of</strong> the tools in the toolkit, a general user m<strong>an</strong>ual<br />
<strong>an</strong>d a beginners guide to the HLPSL l<strong>an</strong>guage.<br />
Scyther (1.0-beta7) 14 . Scyther is relatively new <strong>an</strong>d not much documentation<br />
is available besides a short installation file. The author does provide <strong>an</strong> exercise<br />
set for students with six exercises in it.<br />
We could not find much information on the process <strong>of</strong> modeling the <strong>protocol</strong><br />
into the input l<strong>an</strong>guage <strong>of</strong> a <strong>verifier</strong>. We did find remarks <strong>of</strong> researchers who had<br />
difficulty modeling <strong>protocol</strong>s in ProVerif, relative to five other <strong>verifier</strong>s, even<br />
though they had good knowledge <strong>of</strong> the <strong>protocol</strong>s [18].<br />
Because ProVerif provides the essential information, such <strong>as</strong>: <strong>an</strong> installation<br />
guide, a description <strong>of</strong> input formats <strong>an</strong>d <strong>protocol</strong> examples, we think that<br />
ProVerif h<strong>as</strong> good documentation. The lack <strong>of</strong> information for Scyther makes<br />
it difficult for a beginner to start using the <strong>automatic</strong> <strong>security</strong> <strong>protocol</strong> <strong>verifier</strong>.<br />
We think that the use <strong>of</strong> user-contributed <strong>protocol</strong> specifications, like the<br />
AVISPA Project, c<strong>an</strong> get more people to use ProVerif. For example, beginners<br />
c<strong>an</strong> learn from the examples <strong>an</strong>d comments given by others.<br />
6 Conclusion<br />
In this paper, we have performed <strong>an</strong> <strong>an</strong>alysis <strong>of</strong> some factors that might influence<br />
the usefulness <strong>an</strong>d popularity <strong>of</strong> the <strong>automatic</strong> <strong>protocol</strong> <strong>verifier</strong> ProVerif.<br />
After discussing the particular <strong>as</strong>pects <strong>of</strong> ProVerif, we looked at some practical<br />
applications <strong>of</strong> ProVerif for <strong>protocol</strong> verification. We have surveyed the literature<br />
on limitations on ProVerif, <strong>an</strong>d we briefly summarized some <strong>of</strong> the work on<br />
comparison <strong>of</strong> <strong>protocol</strong> <strong>verifier</strong>s.<br />
12 ProVerif v.1.82. Download: http://www.proverif.ens.fr<br />
13 AVISPA Project. Download: http://www.avispa-project.org<br />
14 Scyther 1.0-beta7. Download: http://people.inf.ethz.ch/cremersc/scyther/<br />
index.html