CASRUL is a system for automatic verification of cryptographic protocols. It translates a protocol given in common abstract syntax into a rewrite system. This rewrite system can then be processed with a first order theorem prover for equational logic for the automatic detection of flaws. We have experimented our system on many protocols with the prover daTac, with computing times. We have succeded in finding a new type flaw in the Denning Sacco symmetric key protocol reported here. A description of the strategy implemented in CASRUL can be found here. CASRUL is part of the European Project AVISS, with objective to build a tool for efficient protocol analysis.   A specialised decision procedure called ATSE has also been  implemented  with computing times. This is a direct implementation of CASRUL search rules, with some data structure optimisations.
Contributors
Mehdi Bouallagui Yannick Chevalier Florent Jacquemard
Michaël Rusinowitch Mathieu Turuani
Laurent Vigneron
Presentation
1. Tutorial or pdf version
Related Publications
1. Compiling and verifying [LPAR00] 2. Decidability and complexity [CSFW01] 3. Lazy Verification of Security Protocols [ASE01] 4. Unbound Verification of Security Protocols [CAV02]
On Line Demo
Start demo
binaries
casrul-Linux-i386.tar.gz casrul-SunOs.tar.gz casrul-Win.zip
Theorem Prover
daTac
Experiments
daTac computing times ATSE computing times
Links
AVISPA Project
AVISS Project Homepage
Electronic Payment Schemes
Direction Centrale de la Sécurité des Systèmes d'Information
Computer Security Foundations Workshop
Cipher Newsletter