P. Syverson and I. Cervesato. The logic of authentication protocols. In R. Foccardi and R. Gorrieri, editors, Foundations of Security Analysis and Design: Tutorial Lectures. LNCS 2171, 2001.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... As a prerequisite for that, is to re cast our current development on existing operational models for cryptographic protocols like Strand Spaces [25, 23] spi calculus [1] CCS and CSP based models [10, 17] Finally, relationships with approaches based on type systems [11, 2, 12, 2, 3] and logics [7, 24] deserve to be made. ....

Paul Syverson and Iliano Cervesato. The logic of authentication protocols. Lecture Notes in Computer Science, 2171, 2001.

....them worth presenting. Section 3.1 discusses a family of modal logics used to investigate whether authentication protocols meet their goals, and to understand the assumptions that underpin them. We will discuss three such logics, the BAN logic [27] the GNY logic [58] and the newer SVO logic [136, 131]. When reasoning about security in a distributed system, messages are assigned meaning, depending on their contents, which keys have been used (for which purpose) and so on. A theory of authentication and delegation is needed to describe the meaning of messages and the rles participants have in a ....

....was meant to meet [14, 3, 15] One of the reasons is the difficulty of expressing precisely what the goals are. The remedy we will discuss here, is logics of authentication, with which protocols can be analyzed for correctness. No more than some core ideas are presented, not the logics in full [131, 27, 58, 136]. Surveys of formal approaches to protocol design and verification can be found in [91, 60, 30] An unpublished but continuously updated survey of authentication protocols is available as [33] 3.1.1 The BAN logic The BAN logic is a logic for authentication protocols, and it enables an ....

[Article contains additional citation context not shown here]

SYVERSON, P., AND CERVESATO, I. The logic of authentication protocols. In Proceedings of 9th International Conference on Cooperative Information Systems (Trento, Italy, Sept. 2001), C. Batini, F. Giunchiglia, P. Giorgini, and M. Mecella, Eds., vol. 2172 of Lecture Notes in Computer Science, Springer Verlag.

.... is similar to that found in the # calculus [27] and is modeled here similar to an encoding of the # calculus into linear logic [23] Example 2 [Needham Schroeder Shared Key Protocol ] To consider a more interesting example, consider the Needham Schroeder Shared Key protocol presented in Figure 1 [30] and the rough translation of it into linear logic given in Figure 2. Notice that two shared keys are used in this example and that the server creates a new key that is placed within data and is then used S: A, B, nA Message 2 S nA , B, kAB , kAS Message 4 B nB kAB ....

P. Syverson and I. Cervesato. The logic of authentication protocols. In R. Focardi and R. Gorrieri, editors, Foundations of Security Analysis and Design, volume LNCS 2171. Springer-Verlag, 2001. 10

....used to communicate between them and form inferences such as if a message arrives encrypted with a key known only to me and machine M, and I did not send it originally, then it must have been sent by M . Such reasoning is informal, which can be seen as a weakness. For this reason, some See [36] for a long discussion on such issues. JOURNAL OF TELECOMMUNICATIONS logics of belief, aiming at formalizing such inferences, have been proposed. The first of these was the so called BAN logic from Burrows, Abadi and Needham [9,10] which was followed by more expressive and elaborate extensions ....

Paul Syverson and Iliano Cervesato. The logic of authentication protocols. In Riccardo Focardi and Roberto Gorrieri, editors, FOSAD '00, volume 2171 of Lecture Notes in Computer Science. Springer, 2001.

....M. Every instance of the call to pubkey places a new nonce into the encrypted data and only Alice has the full key that makes it possible for her to ignore this nonce and only decode the message. For a more interesting example, we specify the Needham Schroeder Shared Key protocol (following [SC01]) in Figure 3. Notice that two shared keys are used in this example and that the server creates a new key that is placed within data and is then used for Alice and Bob to communicate directly. Notice also that it is easy to show that this protocol implements the specification (taken from Example ....

Paul Syverson and Iliano Cervesato. The logic of authentication protocols. In R. Focardi and R. Gorrieri, editors, Foundations of Security Analysis and Design, volume LNCS 2171. Springer-Verlag, 2001.

No context found.

P. Syverson and I. Cervesato. The logic of authentication protocols. In R. Foccardi and R. Gorrieri, editors, Foundations of Security Analysis and Design: Tutorial Lectures. LNCS 2171, 2001.

No context found.

I. Cervesato and P. F. Syverson. The logic of authentication protocols. In Foundations of Security Analysis and Design, LNCS 2171, pages 63--136. Springer-Verlag, 2001.

No context found.

P. Syverson and I. Cervesato. The logic of authentication protocols. In R. Focardi and R. Gorrieri, editors, Foundations of Security Analysis and Design, LNCS 2171. Springer-Verlag, 2001. 19

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC