Verifying multicast-based security protocols using the inductive method

Abstract

Multicast, originally designed as an efficient way of broadcasting content, is being used in security protocols. Multicast security protocols are difficult to verify using model checking because they typically involve a large number of participants. Likewise, the exponential growth of knowledge being distributed during protocol run is a challenge. From a specification point of view, multicast is also a general way of representing message casting in protocol verification, with unicast, anycast and broadcast as special cases. Using the inductive method of protocol verification and Isabelle/HOL, we have devised techniques for specifying multicast protocols and proving many of their essential properties. We show backwards compatibility revisiting a well-known protocol and secrecy proofs for a mixed environment protocol as a case study. Our contributions are twofold: a usable multicast specification using the inductive method and the assertion that protocols should be verified by default using a multicast specification.