Casper Example Library

This page contains links to example Casper input files, investigating several well known protocols:

The Needham-Schroeder Public Key Protocol from [NS78]; finds the attack from [Low95].
The Andrew Protocol from [BAN89, Sat89]; finds the mirror attack from [Low96].
The Yahalom Protocol from [BAN89]; finds the attack from [Syv94].
The Wide Mouthed Frog Protocol from [BAN89]; finds three different attacks, including the ping-pong attack from [AN95].
The Kerberos Protocol from [MNSS87]; finds the attack from [BM90].
The version of the Otway Rees Protocol from [BAN89]; finds the attack from [BM93].
The TMN Protocol from [TMN90]; finds several attacks.

References:

[AN95] Ross Anderson and Roger Needham. Programming Satan's Computer. In J. van Leeuwen (ed.), Computer Science Today, LNCS 1000, Springer-Verlag, 1995.

[BAN89] Michael Burrows, Martín Abadi, and Roger Needham. A logic of authentication. Proceedings of the Royal Society of London A, 426:233--271, 1989. Also available as Digital Equipment Corporation Systems Research Center report No. 39, 1989.

[BM90] S. M. Bellovin and M. Merritt. Limitations of the Kerberos authentication system. ACM Computer Communications Review, 20(5):119--132, 1990.

[BM93] Colin Boyd and Wenbo Mao. On a Limitation of BAN Logic. Springer Verlag LNCS 765, 1993.

[Low95] Gavin Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters, 56:131--133, 1995.

[Low96] Gavin Lowe. Some new attacks upon security protocols. In 9th IEEE Computer Security Foundations Workshop, pages 162-169, 1996.

[MNSS87] S. P. Miller, C. Neumann, J. I. Schiller, and J. H. Saltzer. Kerberos authentication and authorization system. Project Athena Technical Plan Section E.2.1, MIT, 1987. Available here

[NS78] Roger Needham and Michael Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993--999, 1978.

[TMN90] Makoto Tatebayashi and Natsume Matsuzaki and Newman, Jr. Key Distribution Protocol for Digital Mobile Communication Systems. Advances in Cryptology: Proceedings of Crypto~'89. LNCS 435, 1990.

[Sat89] M. Satyanarayanan. Integrating security in a large distributed system. ACM Transactions on Computer Systems, 7(3):247--280, 1989.

[Syv94] Paul Syverson. A taxonomy of replay attacks. In Proceedings of the 7th IEEE Computer Security Foundations Workshop, pages 131--136, 1994.

Gavin Lowe / OUCL / gavin.lowe@comlab.ox.ac.uk