P. Syverson. The use of logic in the analysis of cryptographic protocols. In Teresa Lunt and John McLean, editors, Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, May 1991.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....conclusion about the source node s belief in the route s validity is false, we also argue that any such belief does not in itself constitute a claim that the protocol is secure. This work was first introduced in [16] It is widely accepted that logics of belief provide no guarantee of security [17, 18, 19]. Security protocol analyst Paul Syverson states, The goal of a logic such as that of Burrows, Abadi and Needham is to evaluate the trust that may rightly be placed in a protocol by 13 legitimate participants [18] It does not, however, say anything about the security of such protocols in ....

.... is widely accepted that logics of belief provide no guarantee of security [17, 18, 19] Security protocol analyst Paul Syverson states, The goal of a logic such as that of Burrows, Abadi and Needham is to evaluate the trust that may rightly be placed in a protocol by 13 legitimate participants [18]. It does not, however, say anything about the security of such protocols in hostile environments. As the designers of BAN themselves note, The restrictive, operational notion of belief that we have adopted would certainly be harmful in the study of security protocols [14] Furthermore, BAN ....

[Article contains additional citation context not shown here]

P. Syverson. The use of logic in the analysis of cryptographic protocols. In Proc. of the 1991.

....are formulated; 2) the protocol security goals are formulated; 3) the effect of the messages of the protocol is formalized in BAN and (4) finally, the final beliefs are shown to fulfill the goals. As a concluding remark we mention that currently, the semantics of BAN logic is under debate (cf. [10, 1, 49, 54]) At present, we cannot claim that the rules in many BAN logics are sound or complete. On the one hand, this questions the impact of the derived results (what does it mean that some string has been derived ) but on the other hand, strengthens the call for an adequate model. 2.2 Intensional ....

P. Syverson. The use of logic in the analysis of cryptographic protocols. In Proceedings IEEE Symposium on Research in Security and Privacy, 1991.

....published approach of this class was BAN Logic [6] named after its inventors Burrows, Abadi and Needham. Various extensions and other approaches based on the same idea have been proposed since then [10, 12, 18, 24, 41, 53] Other logics based validation techniques for cryptographic protocols are [3, 4, 30, 37, 43, 44, 45, 46, 47]. One of the most successful approaches of this category is GNY Logic, which has been widely used to analyze cryptographic protocols since its publication [12] 2.3 Conclusion This chapter gave a brief introduction into principles of authentication. While data origin authentication aims to ....

P. Syverson. The Use of Logic in the Analysis of Cryptographic Protocols. In 1991.

....and communication. There are several formal methods to specify and analyze protocols. The most common is the process algebra approach [AG97a, AG98b, AG97b, BNP99, Hoa80, Low96, MMS02, MPW92, Mil99, MRTS01, Ros95, Sch98] but there are also logics for specification and verification of protocols, [AT91, BAN96, GM95, MCJ97, SC00, Syv91, SM96]. In this thesis we intend to design specify a protocol to implement e money. We intend to design an on line protocol, where the money is represented by electronic files that are issued by a trusted authority. These tokens have an identification and a fixed value that are issued by a trusted ....

P. Syverson. The use of logic in the analysis of cryptographic protocols. In T. Lunt and J. McLean, editors, Proceedings IEEE Symposium on Research in Security and Privacy, pages 156--170. IEEE Computer Society, 1991.

....are formulated; 2) the protocol security goals are formulated; 3) the effect of the messages of the protocol is formalized in BAN and (4) finally, the final beliefs are shown to fulfill the goals. As a concluding remark we mention that currently, the semantics of BAN logic is under debate (cf. [1, 43, 45, 9]) At present, we cannot claim that the rules in many BAN logics are sound or complete. On the one hand, this questions the impact of the derived results (what does it mean that some string has been derived ) but on the other hand, strengthens the call for an adequate model. 2.2 Intensional ....

P. Syverson. The use of logic in the analysis of cryptographic protocols. In Proceedings IEEE Symposium on Research in Security and Privacy, 1991.

....non trivial security goals. Apart from automated translation, our experiences reveal the need for exible computer assistance to incorporate logical extensions and to guide proof construction in the adapted framework. Second, it is well known that the semantics of BAN logic is under debate (cf. [1, 15, 16, 3]) At present, we cannot claim that our rules are sound or complete. On the one hand, this questions the impact of the derived results (what does it mean that some string has been derived ) but on the other hand, strengthens the call for an adequate model. To our opinion the various proposed ....

P. Syverson, The Use of Logic in the Analysis of Cryptographic Protocols, in Proc. IEEE Symp. on Research in Security and Privacy, 1991.

....are formulated; 2) the protocol security goals are formulated; 3) the e ect of the messages of the protocol is formalized in BAN and (4) nally, the nal beliefs are shown to ful ll the goals. As a concluding remark we mention that currently, the semantics of BAN logic is under debate (cf. [1, 43, 48, 9]) At present, we cannot claim that 6 the rules in many BAN logics are sound or complete. On the one hand, this questions the impact of the derived results (what does it mean that some string has been derived ) but on the other hand, strengthens the call for an adequate model. 2.2 Intensional ....

P. Syverson. The use of logic in the analysis of cryptographic protocols. In Proceedings IEEE Symposium on Research in Security and Privacy, 1991.

....published approach of this class was BAN Logic [6] named after its inventors Burrows, Abadi and Needham. Various extensions and other approaches based on the same idea have been proposed since then [10, 12, 18, 24, 41, 53] Other logics based validation techniques for cryptographic protocols are [3, 4, 30, 37, 43, 44, 45, 46, 47]. One of the most successful approaches of this category is GNY Logic, which has been widely used to analyze cryptographic protocols since its publication [12] 2.3 Conclusion This chapter gave a brief introduction into principles of authentication. While data origin authentication aims to ....

P. Syverson. The Use of Logic in the Analysis of Cryptographic Protocols. In

....in this chapter. While BAN Logic is widely accepted, Nessett s paper [NESS90] demonstrated a weakness in the use of BAN Logic for protocol verification. This triggered broad and often spirited discussions regarding cryptographic protocol goals, environments, and other categorizations [BAN90b] [SYV91], SNEK91] Moreover, in much the same way as Denning and Sacco [DS81] began the surge for examining cryptographic protocols, NESS90] challenged the very mechanisms used to evaluate protocols and triggered intense research in suitable CPV mechanisms [BAN90b] SYV91] SNEK91] As a result, CPV ....

.... categorizations [BAN90b] SYV91] SNEK91] Moreover, in much the same way as Denning and Sacco [DS81] began the surge for examining cryptographic protocols, NESS90] challenged the very mechanisms used to evaluate protocols and triggered intense research in suitable CPV mechanisms [BAN90b] [SYV91], SNEK91] As a result, CPV mechanisms are now subjected to the same level of scrutiny as the protocols they evaluate. Several fundamentally different mechanisms evolved in the research. In [MEA92] Meadows identifies the four major categories of protocol verification methodologies as: 1 Use ....

[Article contains additional citation context not shown here]

Syverson, P., "The Use of Logic in the Analysis of Cryptographic Protocols", From 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 156-170

....no more axioms or rules than the simplest of its predecessors. Syverson and van Oorschot also present a model theoretic semantics with respect to which the logic is sound. The importance of having an alternative, independently motivated semantics is emphasised by Syverson in [Syv90] Syv91b] [Syv91a], and [Syv92] A formal semantics provides a precise structure with respect to which soundness and completeness of the logic may be proven, and thus, which allows us to evaluate the logic. If a logic does not have an independently motivated semantics, then whatever assurances protocol analysis via ....

P. Syverson. The use of logic in the analysis of cryptographic protocols. In Proceedings of the IEEE CS Symposium on Research in Security and Privacy, pages 156--170, 1991.

....Inference construction methods are utilising modal logics similar to those that have been developed for the analysis of the evolution of knowledge and belief in distributed systems. These methods are widely used [5] 6] 7] A number of specific problems are associated with them [8] 9] [10] [11] 12] related to: the analysis of zero knowledge protocols, the detection of parallel session multi role flaws, the transformation of messages and prepositions to idealised messages, the fact that there is no complete semantics for the logic, and the modelling of freshness. ....

....to discover flaws which violate security in a basic sense. Snekkenes examined the BAN logic s limitation of providing partial correctness proofs [56] Syverson described common misunderstandings about BAN logic s goals and explained a problem of informality in BAN logic s operational semantics [10]. For this reason, specific measures to formalise BAN logic have been proposed by Mao and Boyd [57] This formalisation is desirable, not only for its potential in providing rigorous analysis of security protocols, but, in addition, for its ability to support computer aided analysis. The most ....

Syverson P., The Use of Logic in the Analysis of Cryptographic Protocols, Proceedings of the 1991 IEEE Computer Security Symposium on Security and Privacy, (1991) 156-170, IEEE Computer Society Press.

....[4] 34] 35] include belief logics which are potentially much faster, capable of analysing large, complicated protocols that the attack construction tools are incapable of analysing in a reasonable time, and are widely used. A number of specific problems associated with them [27] 36] 37] 20] [38] range from their inability to analyse zero knowledge protocols or to address only authentication or to detect parallel session multi role flaws to the difficulty of transforming messages and prepositions to idealised messages. 3.2 Flaw detection by attack construction tools Flaw construction ....

Syverson P. The Use of Logic in the Analysis of Cryptographic Protocols. In: Proceedings of the 1991 IEEE Computer Security Symposium on Security and Privacy. IEEE Computer Society Press, 1991, pp. 156-170

....[AT91] SYV93a] While BAN Logic is widely accepted, Nessett s paper [NESS90] demonstrated a weakness in the use of BAN Logic for protocol verification. This triggered broad and often spirited discussions regarding cryptographic protocol goals, environments, and other categorizations [BAN90b] [SYV91], SNEK91] Moreover, in much the same way as Denning and Sacco [DENN81] opened Pandora s box for examining cryptographic protocols, NESS90] challenged the very mechanisms used to evaluate protocols and triggered intense research in suitable CPV mechanisms[BAN90b] SYV91] SNEK91] As a result, ....

.... [BAN90b] SYV91] SNEK91] Moreover, in much the same way as Denning and Sacco [DENN81] opened Pandora s box for examining cryptographic protocols, NESS90] challenged the very mechanisms used to evaluate protocols and triggered intense research in suitable CPV mechanisms[BAN90b] [SYV91], SNEK91] As a result, CPV mechanisms are now subjected to the same level of scrutiny as the protocols they evaluate. Several fundamentally different mechanisms have evolved in the research. In [MEA92] Meadows identifies the four major categories of mechanisms as: 1 Use of specification and ....

[Article contains additional citation context not shown here]

Syverson, P., "The Use of Logic in the Analysis of Cryptographic Protocol"., From 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 156-170

....88, 91] and several formal analysis techniques have been proposed. In particular, the use of predicate logic for the analysis of protocols was proposed by Burrows et al. 2 [11] and many extensions have since been published [13, 14, 25, 29, 69, 70] Others have been critical of the BAN logic [56, 74], and have proposed their own logics [42, 43, 46, 48, 49, 51, 53, 72, 74, 87, 91] This paper explores these logics and discusses the trade offs among them. 2 Terminology This section describes some of the terminology used in the rest of the paper. Because many researchers define their own terms ....

....have been proposed. In particular, the use of predicate logic for the analysis of protocols was proposed by Burrows et al. 2 [11] and many extensions have since been published [13, 14, 25, 29, 69, 70] Others have been critical of the BAN logic [56, 74] and have proposed their own logics [42, 43, 46, 48, 49, 51, 53, 72, 74, 87, 91]. This paper explores these logics and discusses the trade offs among them. 2 Terminology This section describes some of the terminology used in the rest of the paper. Because many researchers define their own terms and use different notations, we have standardized on the following definitions. ....

[Article contains additional citation context not shown here]

Paul Syverson. The use of logic in the analysis of cryptographic protocols. Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 156--170, May 1991.

....general, and can easily express the kind of correctness properties we have defined. Such generality is however not necessary and our goal is to precisely identify and define the kinds of assertions needed to specify correctness. The importance of semantics has also been emphasized by Syverson in [23, 24], but his focus is on logic rather than a general formalization of correctness. He gave similar observations on potential misinterpretations when correctness notions are insufficiently formalized. Finally, we would like to mention the work by Millen et al. 18] on the Interrogator protocol ....

P. Syverson. The use of logic in the analysis of cryptographic protocols. In Proceedings of the 12th IEEE Symposium on Research in Security and Privacy, pages 156-- 170, Oakland, California, May 20--22 1991. IEEE Computer Society Press.

No context found.

Paul F. Syverson. The Use of Logic in the Analysis of Cryptographic Protocols. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 156--170. IEEE Computer Society Press, Los Alamitos, California, 1991. A corrected discussion of many of the issues in this paper appeared in [Syv92].

....Burrows et al. would no doubt contend that one includes a principal s belief in the goodness of a key only if she has reason to believe that it is good and no reason to think that it is not. Of course that is what we would like to do, but it is also what we are trying to determine how to do. Syv91] Certainly it is much too strong to say that the Nessett example shows the logic to be awed. It does highlight a place where one is expected to rely purely on the intuitive reasonableness of assumptions. However, it has not shown that this results in either a logical error or a practical ....

....Still, it would be nice to have a way to capture either formally or at least rigorously, the di erence between Nessett type protocols and those not awed in this way. Alice s action is inconsistent with the meaning of A believes A kAB B. What is needed is a way to re ect this mathematically [Syv91,Syv92] Suppose we could derive A believes C has kAB (for arbitrary C) Increasing expressiveness would let us formally demonstrate this. 2.5 Expanding beyond BAN In 1990, Gong, Needham, and Yahalom, introduced a new logic [GNY90] that extended BAN. This logic came to be known as GNY, following ....

Paul F. Syverson. The use of logic in the analysis of cryptographic protocols. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pages 156-170. IEEE CS Press, May 1991.

....model of computation. Thus, this paper also presents a semantics underlying these logical expansions. 1 This will be of manifold advantage. First, some of these logics, including BAN itself, have been questioned before for lacking an independently motivated semantic foundation. cf. e.g. Syv91] Amongst other things, such a foundation can give us assurance that the reasoning in the logic is sound (i.e. false conclusions cannot be derived from true premises. BAN was essentially given such a semantic foundation by Abadi and Tuttle in [AT91] The model of computation and semantics ....

Paul F. Syverson. The Use of Logic in the Analysis of Cryptographic Protocols. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 156--170. IEEE Computer Society Press, Los Alamitos, California, 1991. A corrected discussion of many of the issues in this paper appeared in [Syv92].

No context found.

P. Syverson. The use of logic in the analysis of cryptographic protocols. In Teresa Lunt and John McLean, editors, Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, May 1991.

No context found.

P. Syverson. The use of logic in the analysis of cryptographic protocols. In Proceedings IEEE Symposium on Research in Security and Privacy, 1991.

No context found.

Syverson, Paul, "The Use of Logic in the Analysis of Cryptographic Protocols", Proceedings of the 1991 IEEE Symposium On Research in Security and Privacy, pp. 156170.

No context found.

Paul Syverson. The use of logic in the analysis of cryptographic protocols. In Proceedings of 1991 IEEE Computer Society Symposium on Research in Security and Privacy (Oakland, California), pages 156--170, Los Alamitos, California, 1991. IEEE Computer Society Press.

No context found.

Syverson, P., "The Use of Logic in the Analysis of Cryptographic Protocol"., From 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 156-170

No context found.

Syverson, P., "The Use of Logic in the Analysis of Cryptographic Protocol"., From 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 156-170

No context found.

P. Syverson, "The Use of Logic in the Analysis of Cryptographic Protocols", Proceeding 1991 IEEE Symposium on Research in Security and Privacy, May 1991. 25

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC