A Mechanized Logic for Secure Key Escrow Protocol Verification

. Reasoning about key escrow protocols has increasingly become an important issue. The Escrowed Encryption Standard (EES) has been proposed as a US government standard for the encryption of unclassified telecommunications. One unique feature of this system is key escrow. The purpose of key escrow is to allow government access to session keys shared by EES devices. We develop a framework to formally specify and verify the correctness of key escrow protocols that we mechanize within the HOL theorem proving system. Our logic closely follows the logic, SVO , used for analyzing cryptographic protocols which was developed by Syverson and vanOorschot [13]. Using the HOL mechanization of SVO , we formally demonstrate the failure of the EES key escrow system by showing that it does not insure that the escrow agent receives correct information. This was previously shown experimentally [2]. Last, we offer an alternative escrow protocol and demonstrate its correctness. 1 Introduction Several logi..