T. Fabrega, J. Herzog, and J. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 160--171, Oakland, CA, May 1998. IEEE Computer Society Press.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....which employ (n 1) st level protocols. In turn, classical authentication protocols can be seen as first level protocols, which adopt 0 level protocols, the transfer protocols. The verification of authentication protocols can be considered mature. Innumerable approaches have been taken [8, 11, 12, 14, 16]; a wide variety of protocols can be formalised; the verification is often highly or fully automated. However, second level protocols raise new challenges for formal verification. We briefly outline them here. Underlying goals. It is not obvious how to treat the goals made available by the ....

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand Spaces: Why is a Security Protocol Correct? In Proc. of the 17th IEEE Sym. on Sec. and Privacy. IEEE Comp. Society Press, 1998.

.... and hence that n is kept secret, it is sucient to prove that each rule of the protocol indeed preserve the guardedness of n, without having to care about what the spy can do (which is taken into account once and for all in the proof of the theorem) This departs from proofs in strand spaces [10] or with coideals [7] where it is necessary to step back into the protocol rules, including the rules for the spy, in order to explore every possibility of how certain message elds could have been published. We applied our results to several well known protocols: Needham Schoeder Lowe [17, 14] ....

J. Guttman, J. Herzog, and J. Thayer. Strand spaces: Why is a security protocol correct? In Proc. of the IEEE Symp. on Security and Privacy, 1998.

....which employ (n 1) st level protocols. In turn, classical authentication protocols can be seen as first level protocols, which adopt 0 level protocols, the transfer protocols. The verification of authentication protocols can be considered mature. Innumerable approaches have been taken [7, 10, 11, 13, 14]; a wide variety of protocols can be formalized; the verification is often highly or fully automated. However, second level protocols raise new challenges for formal verification. We briefly outline them here. Underlying goals. It is not obvious how to treat the goals made available by the ....

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand Spaces: Why is a Security Protocol Correct? In Proc. of the 17th IEEE Sym. on Sec. and Privacy. IEEE Comp. Society Press, 1998.

.... is related to the verification of an entity s claimed identity [1] while message authentication should make it possible for the receiver of a message to ascertain its origin [2] In recent years there have been some formalizations of these di#erent aspects of authentication (see, e.g. [3, 4, 5, 6, 7, 8, 9, 16]) These formalizations are crucial for proofs of authentication properties, that sometimes have been automatized (see, e.g. 10, 11, 12, 13, 14] # This work has been partially supported by MURST Progetto TOSCA, Progetto AI, TS CFA and Progetto Metodi formali per la Sicurezza . We here ....

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. "Strand Spaces: Why is a Security Protocol Correct?". In Proc. of the 1998.

....environment. However, the details may be di#cult to grasp as admitted by the authors: If you get lost in the formal passages of the paper, the cleartext nearby may help hopefully the informal explanations convey the gist of what is being accomplished [2] Strand Spaces A recent approach [40] rests on the notion of strand, which records a protocol history from the viewpoint of a single peer. Therefore, a strand is the sequence of events (message sending or receiving) concerning a peer of a protocol. This di#ers from Paulson s notion of trace (see next chapter) which records a ....

....strand in which the spy sends an unguessable component prior to its reception. Proofs are carried out by induction on a bundle and their philosophy is reasonably easy to grasp. The treatment, entirely carried out by pen and paper, is only applied to the three classical protocols Needham Schroeder [40], Otway Rees and Yahalom [39] Applications to further protocols are expected. Abstract State Machines Gurevich s Abstract State Machines, ASMs in brief [28] formerly known as Evolving Algebras [46] are born as a general purpose formalism that should be more flexible than a Turing machine but ....

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand Spaces: Why is a Security Protocol Correct? In Proceedings of the 17th IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1998.

.... is related to the verification of an entity s claimed identity [20] while message authentication should make it possible for the receiver of a message to ascertain its origin [28] In recent years there have been some formalizations of these different aspects of authentication (see, e.g. [1, 8, 14, 16, 17, 21, 27]) These formalizations are crucial for proofs of authentication properties, that sometimes have been automatized (see, e.g. 11, 18, 23, 22, 25] A typical approach presented in the literature is the following. First, a protocol is specified in a certain formal model. Then the protocol is shown ....

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. "Strand spaces: Why is a security protocol correct?" In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 160-- 171, 1998. IEEE Press.

....those of the static analysis. We maintain soundness because we proved the static analysis to be sound (but of course not complete) with respect to the dynamic semantics. The analysis leading to the hardest attacker can be compared with the approaches of the Dolev Yao tradition [10] including [5, 23, 12]. Indeed, the analyses performed in these studies amount to an informal analysis of the capabilities of the attacker, leading to an inductively defined behaviour. Such an analysis is not straightforward when the computational capabilities are modified, such as when adding mobility. The advantage ....

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand Spaces: Why is a security protocol correct? In Proceedings of 1998 IEEE Symposium on Security and Privacy, pages 160--171. IEEE Press, 1998.

....this line to directly verify protocols in an operational setting. The model checking approach is also oriented towards an operational approach, e.g. Interrogator [26] and mur# [27] Here a finite state automaton is built to represent the behaviour of the protocol, occasionally modelling causality [16], and an exhaustive search is performed to verify that each reachable state enjoys the desired modal formula. Lowe [22] specified protocols in CSP and exploited the operational semantics to construct their (finite) models thereby discovering the man in the middle attack in the public key ....

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand spaces: Why is a security protocol correct? In Proc. Conf. on Security and Privacy, pp. 160--171, 1998. IEEE Press.

....analysis techniques. It should be clear how to adapt other model checking techniques, such as the NRL Protocol Analyzer [Mea96] or Mur# [MMS97] by rearranging the channels as described in Section 4. For other techniques, such as those based upon theorem proving [Pau98, Coh00] Strand Spaces [FHG98] and Rank Functions [Sch97] it appears harder: it is easy enough to specify that the intruder receives only messages that are intended for it, and that honest agents accept only messages sent by the claimed sender; however, capturing the bu#ering between honest agents in a straightforward way ....

F.J.T. Fabrega, J.C. Herzog, and J.D. Guttman. Strand Spaces: Why is a security protocol correct? In Proceedings of IEEE Symposium on Security and Privacy, pages 160--171, 1998.

....MS in the future) Security properties, such as secrecy and authentication, can be characterized as reachability problems; in MS it is shown how to convert a reachability problem into a constraint solving problem. They use the strand space model (originally developed by Thayer, Herzog and Guttman [21]) for honest processes, and a term set closure characterization for the attacker. One limitation of this approach is that the number of sessions of the protocol must be bounded. This is the price one must pay for an automatic full decision procedure. At the University of Twente, we have ....

....terms. The only exception to this rule is that we follow the standard security notation in which names of principals are denoted by uppercase letters (A, B, I) Parametric strands We now introduce in an informal way the basic notions used in the sequel. For a more formal approach we refer to [30, 21, 39]. Given a term t, t and are events, in particular t is a send event, and is a receive event; in both cases, t is the contents of the message. Messages are built according to the free algebra generated by the following operators (we show in parenthesis the notation adopted in the ....

J.C. Herzog F.T. Fabrega and J.D. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of The 1998 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1998.

....all based on the informal language of arrows and messages, widely used in the security community. For instance, an arrows andmessages picture of Lowe s variant [12] of the Needham Schroeder public key protocol [20] which we will refer to as NSL, might look something like Figure 1. Strand spaces [6] have been developed in an effort towards formalizing this language. The messages are captured in a term calculus, and decorated by and , respectively denoting the send and the receive actions. The roles are then presented as sequences of such actions, called strands. Viewed as a strand space, ....

....about imperative programs [7, 9] As in Floyd Hoare logic, we have axioms that correspond to each action in the calculus, though we use only post conditions, not pre conditions. As explained in Section 2, our process calculus developed from an effort to refine the strand space formalism [6] by variables and substitution. Strand spaces seemed attractive as a variant of the natural language of arrows and messages ; unfortunately, they did not support the logical annotations that we wanted to add to protocols. In concrete analyses, each strand would actually represent a family of ....

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of the 1998.

No context found.

T. Fabrega, J. Herzog, and J. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 160--171, Oakland, CA, May 1998. IEEE Computer Society Press.

No context found.

Fabrega, F.J.T., Herzog, J.C., Guttman, J.D.: Strand spaces: Why is a security protocol correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press (1998) 160--171

No context found.

J. Guttman, J. Herzog, and J. Thayer. Strand spaces: Why is a security protocol correct? In Proceedings of the IEEE Symposium on Security and Privacy, 1998.

No context found.

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand spaces: Why is a security protocol correct? 1998 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos 1998, 160-171.

No context found.

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand spaces: Why is a security protocol correct?

No context found.

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand Spaces: Why is a Security Protocol Correct? In Proceedings of the 17th IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1998.

No context found.

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of the 1998.

No context found.

F.J.T. Fbrega, J.C. Herzog and J.D. Guttman, Strand spaces: Why is a security protocol correct? in: Proceedings of the

No context found.

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman, "Strand Spaces: Why is a Security Protocol Correct?," 1998.

No context found.

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand Spaces: Why is a Security Protocol Correct? In Proc. of the 17th IEEE Symposium on Security and Privacy. IEEE Press, 1998.

No context found.

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand spaces: Why is a security protocol correct? 1998 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos 1998, 160-171.

No context found.

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand spaces: Why is a security protocol correct? 1998 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos 1998, 160-171.

No context found.

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. "Strand Spaces: Why is a Security Protocol Correct ?". In Proceedings of the 1998.

No context found.

F. J. T. Fabrega, J. C. Herzog, and J. D. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of the 1998.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC