Catherine Meadows, "Applying Formal Methods to the Analysis of a Key Managment
Protocol,'' The Journal of Computer Security," vol 1, no 1, Jan. 1992.
<a href="1992meadows-jcs.ps">
 PostScript</a>


<blockquote>
In this paper we develop methods for analyzing key management
and authentication protocols
using techniques developed for the solutions of equations in
a term rewriting system.
In particular, we describe a model of a class of protocols
and possible attacks on those protocols as term rewriting systems,
and we also describe a software tool based on a narrowing algorithm
that can be used in the analysis of such protocols.
We formally model a protocol and describe
the results of using these techniques
to analyze security properties.
We show how a security flaw was found, and we also describe the
verification of a corrected scheme using these techniques.
</blockquote>