Date Added: Jul 2010
The authors present a computationally sound first-order system for security-analysis of protocols that places secrecy of nonces and keys in its center. Even trace properties such as agreement and authentication are proven via proving a non-trace property, namely, secrecy first with an inductive method. This results a very powerful system, the working of which they illustrate on the agreement and authentication proofs for the Needham-Schroeder-Lowe publickey and the amended Needham-Schroeder shared-key protocols in case of unlimited sessions. Unlike other available formal verification techniques, computational soundness of the approach does not require any idealizations about parsing of bitstrings or unnecessary tagging. In particular, they have control over detecting and eliminating the possibility of type-flaw attacks.