AN INDUSTRIAL AND ACADEMIC JOINT EXPERIMENT ON AUTOMATED VERIFICATION OF A SECURITY PROTOCOL

This paper relates the collaboration between industrial and academic teams for the design and the verification of a security protocol. The protocol is about trust establishment in large communities of devices where infrastructure components are not always reachable. The collaboration covers the writing of formal specifications up to their verification, using both manual and automated verification methods embedded in the AVISPA [1] and SPAN [7] tools. At each stage, the use of the visualization and protocol animation facilities of SPAN is key to the mutual understanding of working teams. As a result, we obtain much more confidence in the security of the final protocol. We also demonstrate the usefulness of some embedded countermeasures.