adfa, p. 1, 2011. © Springer-Verlag Berlin Heidelberg 2011 Some Remarks on Security Protocols Verification Tools Mirosław Kurkowski 1 , Adam Kozakiewicz 2 and Olga Siedlecka-Lamch 3 1 Institute of Computer Sciences, Cardinal Stefan Wyszynski University Warsaw, Poland 2 Military Communication Institute, Warsaw, Poland 3 Institute of Computer and Information Sciences, Czestochowa University of Technology, Czestochowa, Poland m.kurkowski@uksw.edu.pl, a.kozakiewicz@wil.waw.pl, olga.siedlecka@icis.pcz.pl Abstract. The problem of security protocols correctness is one of the main se- curity problems connected with communication in computer networks. Several automatic tools for verifying properties of such protocols have been proposed and used. These tools allow to find weaknesses in many variants of the proto- cols proposed so far. However, these tools are not entirely bug-free. In this paper, we investigate some selected problems of well known, and widely used tools for protocols verification such as AVISPA, Scyther, VerICS or PathFinder. In our considerations, we propose a few examples of protocols that cannot be used in practice or do not ensure security goals, but are positively verified by some tools. We discuss problems connected with these observations and compare how different verification tools can solve them. Keywords: security protocols, verification, correctness. 1 Introduction The average network user often does not realize that under a usual exchange of views and information via the Internet complex mechanisms that protect its data are hidden. Communication protocols, and in fact their central part - the security protocols – pro- vide communicating parties with identification (authentication), new session keys distribution, data encryption, and data security. The user not only does not have to, but also sometimes shouldn’t even know about this. It is sufficient that no one ove r- hears, or takes over the user’s data. Meanwhile, protocols invented for the needs of new tools and systems conceal construction errors. Each such protocol, before being applied, must be properly verified, and for that purpose, properly described (speci- fied). For protocols verification, appropriate specification languages (expressing all the features of the protocol), formal models and appropriate computational structures are needed. In the last twenty years, several such tools have been introduced and used, so maybe we can consider the problem resolved. However, who can guarantee that these tools work properly?