Why Informal Proofs Are Not Enough
Study protocol failures (Needham-Schroeder, WEP) caused by subtle flaws.
The Gap Between Design and Security
Protocol designers routinely produce informal security arguments — prose reasoning about why an attacker cannot succeed. History shows these arguments are frequently wrong, even for expert-designed protocols.
The Needham-Schroeder Protocol Failure
Needham-Schroeder (1978) was designed for mutual authentication. In 1995, Gavin Lowe found a man-in-the-middle attack using automated verification — 17 years after publication. The informal proof missed a subtle replay.
All lessons in this course
- Why Informal Proofs Are Not Enough
- Dolev-Yao Attacker Model & Symbolic Crypto
- ProVerif: Automated Protocol Verification
- Tamarin & Computational Proofs