Computer network security is critical to fraud prevention and accountability. Network participants are required to observe predefined steps called security protocols, whose proof of correctness is evidence that each protocol step preserves some desired properties.

The author investigates proofs of correctness of realistic security protocols in a formal, intuitive setting. The protocols examined include Kerberos versions, smartcard protocols, non-repudiation protocols, and certified email protocols. The method of analysis, the Inductive Method in the theorem prover Isabelle, turns out to be both powerful and flexible. This research advances significant extensions to the method of analysis, while the findings on the protocols analysed are novel and illuminating.

This book will benefit researchers and graduate students in the fields of formal methods, information security, inductive methods, and networking.

The Analysis of Security Protocols.- The Inductive Method.- Verifying the Protocol Goals.- The Principle of Goal Availability.- Modelling Timestamping and Verifying a Classical Protocol.- Verifying a Deployed Protocol.- Modelling Agents' Knowledge of Messages.- Verifying Another Deployed Protocol.- Modelling Smartcards.- Verifying a Smartcard Protocol.- Modelling Accountability.- Verifying Two Accountability Protocols.- Conclusions.