@InProceedings{	  matsuo.ea:how:2010,
  abstract	= {Governments and international standards bodies have
		  established certification procedures for security-critical
		  technologies, such as cryptographic algorithms. Such
		  standards have not yet been established for cryptographic
		  protocols and hence it is difficult for users of these
		  protocols to know whether they are trustworthy. This is a
		  serious problem as many protocols proposed in the past have
		  failed to achieve their stated security properties. In this
		  paper, we propose a framework for certifying cryptographic
		  protocols. Our framework specifies procedures for both
		  protocol designers and evaluators for certifying protocols
		  with respect to three different assurance levels. This
		  framework is being standardized as ISO/IEC 29128 in ISO/IEC
		  JTC1 SC27/WG3, in which three of the authors are project
		  co-editors. As a case study in the application of our
		  proposal, we also present the plan for the open evaluation
		  of entity-authentication protocols within the CRYPTREC
		  project. Keyword: Cryptographic protocols, formal
		  verification, standardization},
  address	= {Tenerife, Canary Islands, Spain},
  author	= {Shin’ichiro Matsuo and Kunihiko Miyazaki and Akira Otsuka
		  and David Basin},
  booktitle	= {FC 2010 Workshops, RLCPS, WECSR, and WLC 2010},
  language	= {USenglish},
  month		= 01,
  note		= {Booktitle: Financial Cryptography and Data Security},
  pages		= {182--194},
  publisher	= {Springer},
  series	= {LNCS},
  title		= {How to Evaluate the Security of Real-life Cryptographic
		  Protocols? The cases of ISO/IEC 29128 and CRYPTREC},
  volume	= 6054,
  year		= 2010,
  user		= {bgeiser}
}