[ Changed 28th January 1998 ]
Security protocols are used in the Internet, mobile phones, digital payment systems, etc. Their goals may be to keep data secret, to preserve it from tampering, or to prevent intruders from assuming somebody else's name. A faulty protocol can be attacked by simple means, such as replaying parts of old sessions, without brute-force codebreaking.
Researchers have developed tools to search for such attacks. However, failure to find attacks does not mean that a protocol is correct. Protocols and their goals are seldom specified formally, which makes it hard to say whether they are correct, even when possible attacks are pointed out.
The speaker will outline recent approaches to showing correctness, taking as an example a simple public-key protocol.