S.D. Stoller. A reduction for automated verification of authentication protocols. In Workshop on Formal Methods and Security Protocols, July 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....quickly. Currently, the theory developed is only applicable to secrecy properties and is quite restrictive upon the class of protocols handled. However, it is believed that this work can be extended to address authentication properties, as well as relaxing some of the necessary conditions. In [Sto99] Stoller looks at a similar question: How can one reduce the problem of proving the correctness of a protocol of arbitrary size to one of a small finite size His approach involves calculating thresholds upon the protocols beyond which the result of the analysis remains unchanged. Once again, ....

S.D. Stoller. A reduction for automated verification of authentication protocols. In Workshop on Formal Methods and Security Protocols, July 1999.

....is executed in isolation, then it still achieves the same security goal when executed in combination with the second protocol. One of the advantages of our approach is that the result works for all secrecy and authentication goals; in this it continues a trend visible from several recent papers [16, 11, 26, 25, 10]. Section 2 introduces some background, summarizing the basic ideas and notation of strand spaces (with more detail in Appendix A and [28] Section 3 introduces some notions not used in [28] multiprotocol strand spaces were introduced in [27] and new components are emphasized in [7] Section ....

Scott Stoller. A reduction for automated verification of authentication protocols. In Workshop on Formal Methods and Security Protocols, July 1999. Available at http://www.cs.indiana.edu/stoller/.

....executed in isolation, then it still achieves the same security goal when executed in combination with the secondary protocol. One of the advantages of our approach is that the result works for all secrecy and authentication goals; in this it continues a trend visible from several recent papers [31, 21, 45, 44, 19]. We have an additional reason for including this 56 material here: It is a good example of the power of the machinery of paths and well behaved bundles developed in Section 4. 6.2 Multiprotocol Strand Spaces To represent multiple protocols [46] we select some regular strands as being runs of ....

Scott Stoller. A reduction for automated verification of authentication protocols. In Workshop on Formal Methods and Security Protocols, July 1999. Available at http://www.cs.indiana.edu/stoller/. 65

....that was analyzed. Under certain restrictive assumptions about the protocol, Lowe has shown that it is sufficient to analyze a small system with one honest agent in each role, each of whom can run the protocol just once with the other honest agents [1] Some upper bounds are given by Stoller [8]. The purpose of this paper is to give an example of a flawed protocol with the property that, to find an attack, it is necessary to analyze a system with at least two processes running the same role for the same principal. Furthermore, the two processes must run concurrently; that is, the ....

S. D. Stoller, "A reduction for automated verification of authentication protocols," Technical Report 520, Computer Science Department, Indiana University, 1998.

....that was analyzed. Under certain restrictive assumptions about the protocol, Lowe has shown that it is sufficient to analyze a small system with one honest agent in each role, each of whom can run the protocol just once with the other honest agents [1] Some upper bounds are given by Stoller [7]. The purpose of this paper is to give an example of a flawed protocol with the property that, to find an attack, it is necessary to analyze a system with at least two processes running the same role for the same principal. Furthermore, the two processes must run concurrently; that is, the ....

.... Con(X, Con(Y, Nonce(Z) 2] ffgg(cons(E, H) 3] member(E2Z, H2) 4] extends (H, cons(E4Y, H2) 5] E2Z = Said(B, A, Con(Nonce(2) Con(Agent(B) Con(Nonce(Z) Nonce(N2) 6] E4Y = Said(B, A2, Con(Nonce(4) Con(Nonce(N1) Con(Nonce(Z) Ped(pub(B) Con(Nonce(Z) Con(X, Nonce(N1) [ 7] extends (H1, cons(E4Y, H2) 8] extends (H, cons(E3Z, H1) 9] ideal( secrets) X) 10] safe( secrets) initial) H) Rule Figure 3: The last case E E4Y E2Z E3Z H H1 H2 Figure 4: Trace extensions E2Z E3Z E4Y (E2Y) E Figure 5: Event ordering for which we conjecture (but have not ....

S. D. Stoller, "A reduction for automated verification of authentication protocols," Technical Report 520, Computer Science Department, Indiana University, 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC