Tamarin Prover

Tamarin Prover
Original author(s)	David Basin, Cas Cremers, Jannik Dreier, Simon Meier, Ralf Sasse, Benedikt Schmidt
Developer(s)	Cas Cremers, Jannik Dreier, Ralf Sasse
Initial release	April 24, 2012
Stable release	1.4.1 / January 18, 2019
Repository	github.com/tamarin-prover/tamarin-prover
Written in	Haskell
Operating system	Linux, macOS
Available in	English
Type	Automated reasoning
License	GNU GPL v3
Website	tamarin-prover.github.io

Tamarin Prover is a computer software program for formal verification of cryptographic protocols.^[1] It has been used to verify Transport Layer Security 1.3,^[2] ISO/IEC 9798,^[3] DNP3 Secure Authentication v5,^[4] WireGuard,^[5]^[6]^[7]^[8] and the PQ3 Messaging Protocol of Apple iMessage.^[9]

Tamarin is an open source tool, written in Haskell,^[10] built as a successor to an older verification tool called Scyther.^[11] Tamarin has automatic proof features, but can also be self-guided.^[11] In Tamarin lemmas that representing security properties are defined.^[12] After changes are made to a protocol, Tamarin can verify if the security properties are maintained.^[12] The results of a Tamarin execution will either be a proof that the security property holds within the protocol, an example protocol run where the security property does not hold, or Tamarin could potentially fail to halt.^[12]^[10]

References

^ Blanchet, B. (2014). Automatic Verification of Security Protocols in the Symbolic Model: The Verifier ProVerif. In: Aldini, A., Lopez, J., Martinelli, F. (eds) Foundations of Security Analysis and Design VII. FOSAD FOSAD 2013 2012. Lecture Notes in Computer Science, vol 8604. Springer, Cham.
^ Cremers, Cas; Horvat, Marko; Scott, Sam; van der Merwe, Thyla (2016). "Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication". IEEE Symposium on Security and Privacy, 2016, San Jose, CA, USA, May 22-26, 2016. IEEE S&P 2016. pp. 470–485. doi:10.1109/SP.2016.35. ISBN 978-1-5090-0824-7.
^ Basin, David; Cremers, Cas; Meier, Simon (2013). "Provably repairing the ISO/IEC 9798 standard for entity authentication" (PDF). Journal of Computer Security. 21 (6): 817–846. doi:10.3233/JCS-130472. hdl:20.500.11850/69793.
^ Cremers, Cas; Dehnel-Wild, Martin; Milner, Kevin (2017). "Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5" (PDF). Computer Security - ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part I. ESORICS 2017. Oslo, Norway: Springer. pp. 389–407. doi:10.1007/978-3-319-66402-6_23. ISBN 978-3-319-66401-9.
^ Donenfeld, Jason A.; Milne, Kevin (2018), Formal Verification of the WireGuard Protocol (PDF), archived (PDF) from the original on 2023-05-28, retrieved 2023-11-23; Donenfeld, Jason A., Formal Verification, archived from the original on 2023-11-13, retrieved 2023-11-23
^ Schmidt, Benedikt; Meier, Simon; Cremers, Cas; Basin, David (2012). "Automated analysis of Diffie-Hellman protocols and advanced security properties" (PDF). 25th IEEE Computer Security Foundations Symposium, CSF 2012, Cambridge, MA, USA, June 25-27, 2012. CSF 2012. Cambridge, MA: IEEE Computer Society. pp. 78–94.
^ Schmidt, Benedikt (2012). Formal analysis of key exchange protocols and physical protocols (PhD thesis). ETH Zurich. doi:10.3929/ethz-a-009898924. hdl:20.500.11850/72713.
^ Meier, Simon (2012). Advancing automated security protocol verification (PhD thesis). ETH Zurich. doi:10.3929/ethz-a-009790675. hdl:20.500.11850/66840.
^ Basin, David; Linker, Felix; Sasse, Ralf, A Formal Analysis of the iMessage PQ3 Messaging Protocol (PDF), archived (PDF) from the original on 2024-02-28, retrieved 2024-03-06
^ ^a ^b P. Remlein, M. Rogacki and U. Stachowiak, "Tamarin software – the tool for protocols verification security," 2020 Baltic URSI Symposium (URSI), Warsaw, Poland, 2020, pp. 118-123, doi: 10.23919/URSI48707.2020.9254078.
^ ^a ^b Colin Boyd, Anish Mathuria, Douglas Stebila. "Protocols for Authentication and Key Establishment", Second Edition Springer, 2019. pg 48
^ ^a ^b ^c Celi, Sofía, Jonathan Hoyland, Douglas Stebila, and Thom Wiggers. "A tale of two models: Formal verification of KEMTLS via Tamarin." In European Symposium on Research in Computer Security, pp. 63-83. Cham: Springer Nature Switzerland, 2022.

External links

Tamarin Prover official website
David Wong created an introductory video on the Tamarin Prover.

[1] Blanchet, B. (2014). Automatic Verification of Security Protocols in the Symbolic Model: The Verifier ProVerif. In: Aldini, A., Lopez, J., Martinelli, F. (eds) Foundations of Security Analysis and Design VII. FOSAD FOSAD 2013 2012. Lecture Notes in Computer Science, vol 8604. Springer, Cham.

[tls1.3-2] Cremers, Cas; Horvat, Marko; Scott, Sam; van der Merwe, Thyla (2016). "Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication". IEEE Symposium on Security and Privacy, 2016, San Jose, CA, USA, May 22-26, 2016. IEEE S&P 2016. pp. 470–485. doi:10.1109/SP.2016.35. ISBN 978-1-5090-0824-7.

[isoiec-9798-3] Basin, David; Cremers, Cas; Meier, Simon (2013). "Provably repairing the ISO/IEC 9798 standard for entity authentication" (PDF). Journal of Computer Security. 21 (6): 817–846. doi:10.3233/JCS-130472. hdl:20.500.11850/69793.

[DNP3-4] Cremers, Cas; Dehnel-Wild, Martin; Milner, Kevin (2017). "Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5" (PDF). Computer Security - ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part I. ESORICS 2017. Oslo, Norway: Springer. pp. 389–407. doi:10.1007/978-3-319-66402-6_23. ISBN 978-3-319-66401-9.

[WGFV-5] Donenfeld, Jason A.; Milne, Kevin (2018), Formal Verification of the WireGuard Protocol (PDF), archived (PDF) from the original on 2023-05-28, retrieved 2023-11-23; Donenfeld, Jason A., Formal Verification, archived from the original on 2023-11-13, retrieved 2023-11-23

[6] Schmidt, Benedikt; Meier, Simon; Cremers, Cas; Basin, David (2012). "Automated analysis of Diffie-Hellman protocols and advanced security properties" (PDF). 25th IEEE Computer Security Foundations Symposium, CSF 2012, Cambridge, MA, USA, June 25-27, 2012. CSF 2012. Cambridge, MA: IEEE Computer Society. pp. 78–94.

[schmidt-thesis-7] Schmidt, Benedikt (2012). Formal analysis of key exchange protocols and physical protocols (PhD thesis). ETH Zurich. doi:10.3929/ethz-a-009898924. hdl:20.500.11850/72713.

[meier-thesis-8] Meier, Simon (2012). Advancing automated security protocol verification (PhD thesis). ETH Zurich. doi:10.3929/ethz-a-009790675. hdl:20.500.11850/66840.

[9] Basin, David; Linker, Felix; Sasse, Ralf, A Formal Analysis of the iMessage PQ3 Messaging Protocol (PDF), archived (PDF) from the original on 2024-02-28, retrieved 2024-03-06

[Remlein2020-10] P. Remlein, M. Rogacki and U. Stachowiak, "Tamarin software – the tool for protocols verification security," 2020 Baltic URSI Symposium (URSI), Warsaw, Poland, 2020, pp. 118-123, doi: 10.23919/URSI48707.2020.9254078.

[Boyd2019-11] Colin Boyd, Anish Mathuria, Douglas Stebila. "Protocols for Authentication and Key Establishment", Second Edition Springer, 2019. pg 48

[Celi2022-12] Celi, Sofía, Jonathan Hoyland, Douglas Stebila, and Thom Wiggers. "A tale of two models: Formal verification of KEMTLS via Tamarin." In European Symposium on Research in Computer Security, pp. 63-83. Cham: Springer Nature Switzerland, 2022.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

Tamarin Prover

See also

References

External links