Michael Burrows, Martin Abadi, and Roger M. Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, Feb 1990.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....(C. T. Huang) 1389 1286 03 see front matter # 2002El2bfiU] Science B.V.Al rights reserved. PII: S1389 1286 ( 02 ) 00326 2 Computer Networks 41 (2003) 57 71 www.elq]xb r. com l]x te comnet transition diagrams of theprotocol s, rather than on thewel llz[q BANlNbfi [2]. This is because we wanted to verify the protocol with timeout actions, and BANlNbfi can beonl y used in verifying ideal ized versions of the protocol without timeout actions. For curious readers, the verification ofideal ized versions of our protocol using BANlNb] can be found in [7] ....

Michael Burrows, Martin Abadi, Roger Needham, AlBkk of authentication, ACM Transactions on Computer Systems 8 (1) (1990) 18--36.

....variables of the principles. However, the user was not given any further assistance in constructing requirments. Probably the first formal cryptographic protocol analysis system to provide a real mechanism for constructing formal requirments was the belief logic of Burrows, Abadi, and Needham [5]. BAN logic does not address secrecy at all. Rather it confines itself to questions of authentication. Questions that BAN logic can be used to decide have to do with beliefs the participating principals could derive about origin and use of information such as: 1. Where does the information come ....

Michael Burrows, Mart'in Abadi, and Roger Needham. A Logic of Authentication. ACM Transactions in Computer Systems, 8(1):18--36, February 1990.

....logic occurred in many places. The firs presentation in a public forum was a TAFI.K in March of 1988 [BAN88] I was also presented a he firs CSFW in June of 1988. A revised and expanded version of he logic was given a SOSP in December of 1989 [BAN89b] Journal versions of his appeared in AnM TOnS [BAN90a] and in Proceedings of the Rolal Societal of London [BAN89c] The TOnS paper is an abbreviated version of he same material. The Proc. Rolal Societal paper is he one ypically cited by he authors. Our primary source is he he Digkal Systems Fl.esearch Cener repor [BAN89a] and all descriptions of ....

Michael Burrows, Martin Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18 36, Feb 1990.

....formal expressions from a term algebra, the cryptographic (and other) operations are modeled as constructors of terms, and the adversaries abilities are defined by the structure of messages that are known to it. Some of the most prominent examples of this treatment of cryptographic protocols are [9, 8, 1]. In the other model, called the computational model Supported by Estonian Science Foundation grant #5279 [22, 10, 5] the messages are considered to be bit strings, the cryptographic operations are modeled as [probabilistic] functions over the set of bit strings, and the adversary can be any ....

Michael Burrows, Martn Abadi, and Roger M. Needham. A Logic of Authentication. ACM Transactions on Computer Systems, 8(1):18--36, February 1990.

....time for a trivial local IPC request response pair, including three system calls and two task switches, is about 350 microseconds on an RT PC . The roundtrip time for a remote IPC is about 6. 5 milliseconds on QuickSilver, which is not as good as other implemen tations on similar hardware [17]. The difference is not due to support for transactions, but rather to the high latency (1.3 ms per packet) of the RT PC token ring An RT PC model 125 is rated at between 4 and 5 Dhrystone MIPS. adapter and to our implementation of CM as a process outside the kernel for software engineering ....

Michael D. Schroeder and Michael Burrows. Per- formance of Firefly RPC. ACM Transactions on Computer Systems, 8(1):1-17, February 1990.

....it seems desirable to write such proofs in a formal system. While such logics do not replace the recent techniques of automatic proofs of safety properties, they help in pointing the weaknesses of the system. In this paper, we present briefly the BAN (Burrows Abadi Needham) formal system [9, 10] as well as some derivative. We show how to prove some properties of a simple protocol, as well as detecting undesirable assumptions. We then explain how the manual search for proofs can be made automatic. Finally, we explain how the lack of proper semantics can be a bit worrying. Keywords ....

....which can be seen as a weakness. For this reason, some See [36] for a long discussion on such issues. JOURNAL OF TELECOMMUNICATIONS logics of belief, aiming at formalizing such inferences, have been proposed. The first of these was the so called BAN logic from Burrows, Abadi and Needham [9,10], which was followed by more expressive and elaborate extensions such as GNY (Gong, Needham and Yahalom [16,15] Syverson and van Oorschot [33,34] and CKT5 [8] One limitation of these logics is the need to annotate the protocols with logical assertions that are assumed to represent the intent ....

[Article contains additional citation context not shown here]

Michael Burrows, Mart n Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18-- 36, February 1990.

....directly find a trace of a possible attack, but it may not be clear what the protocol flaw really is. This work usually employs temporal logics or process algebras. A di#erent approach makes use of logics of belief or knowledge to specify and verifying both authentication protocols(see, e.g. [8, 1]) and payment protocols (e.g. see [7, 11, 14] The use of such logics requires no models of intruder, and allows one to find what the protocol flawis, allowing to specify (and check) security properties in a more natural way. However, in this approach, usually verification is ....

....is applied to BDI attitudes (i.e. Belief, Desire, and Intention) of agents. Our work aims at the use of MATL for modeling payment protocols and uses NuMAS for their verification. This goal is fulfilled in three steps. First, we capture traditional logics of authentication (e.g. as [1, 8, 18]) in MATL. Second, we extend the above work in order to capture typical issues of electronic payment protocols. MATL is expressive enough to fulfill both the previous steps. Third, we model principals participating to a payment protocol session as (concurrent finite state) processes able to ....

[Article contains additional citation context not shown here]

Michael Burrows, Martin Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, February 1990. 311, 312, 314, 319

....[15] we also need to check whether the protocol itself is vulnerable if some nodes are misimplemented or malicious. Formal methods that automatically check specifications for vulnerabilities while a promising avenue for future research are not yet in widespread use beyond security protocols [5]. As an aside, the actual solution adopted in the ARPANET routing protocol was to revise the design to remove modulo sequence numbers; modern routing protocols such as OSPF and IS IS follow this lead. Linear sequence numbers were used instead, with a separate timeout based mechanism (that is, ....

Michael Burrows, Martin Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems (TOCS), 8(1), Feb. 1990.

....to analyze these protocols in an attempt to find errors or to prove them correct. There are three basic approaches for verifying such protocols. One of the first attempts at formalizing the notion of a correct protocol was the Logic of Authentication, more commonly known as the BAN logic [BAN90] This logic proved useful in analyzing security protocols. Kindred and Wing helped to automate the use of this logic by developing a theory generator for it [KW97] However, one of the This research is sponsored by the National Science Foundation (NSF) under Grant No. CCR9505472 and the ....

....can be safely used. 7 Experimental Results The table shown in Figure 7 summarizes the results of applying partial reductions to a few protocols. We examined the 1KP secure payment protocol [BGH 95] the Needham Schroeder public key protocol [NS78] and the Wide Mouthed Frog protocol [BAN90,Sch96] Columns 2 and 3 give the number of initiator and responder sessions used in the model. The other columns give the number of states encountered during state space traversal using exhaustive search and search with partial order reductions. The entries with an X represents computations ....

Michael Burrows, Martn Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, February 1990.

....that of optimal for the Ultrix traces (as F varies) and at most 1.02 times that of optimal for the Sprite traces. 5 Related Work Caching has been studied extensively in the past and there is a large body of literature on caching ranging from theory [2, 8] to architecture [21] to file systems [11, 16, 4], etc. Prefetching has also been studied extensively in various domains, ranging from, uni processor and multi processor architectures [20, 5, 3, 22, 24] to file systems [19, 10, 23] to databases[6, 17] and beyond. Sequential one block lookahead was first proposed in [22] Few of these studies ....

Michael N. Nelson, Brent B. Welch, and John K. Ousterhout. Caching in the Sprite file system. ACM Transactions on Computer Systems, pages 6(1):134--154, February 1988.

....which states, e.g. that a principal s conclusion about the identity of a principal with whom it is communicating is never incorrect. Authentication protocols are short and look deceptively simple, but numerous awed or weak protocols have been published; some examples are described in [DS81, BAN90, WL94, AN95, AN96, Low96, Aba97, LR97, THG98c] This attests to the importance of rigorous veri cation. Allowing an unbounded number of concurrent protocol executions makes the number of reachable states unbounded, so automated veri cation using state space exploration is not directly ....

....for verifying secrecy requirements of cryptographic protocols [DY83] are ecient but limited. They do not handle agreement requirements, and they apply to a severely restricted class of protocols that excludes almost all well known authentication protocols (e.g. the Otway Rees [OR87] and Yahalom [BAN90] protocols) and is strictly included in the class of protocols handled by our reduction. Roscoe and Broadfoot use data independence techniques to bound the number of nonces that could be useful in attacks [Ros98, RB99] That result assumes that each trustworthy principal participates in at most a ....

[Article contains additional citation context not shown here]

Michael Burrows, Martn Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18-36, February 1990.

....entity during the evolution of the protocol (authenticity property) 23] Many other objectives have been defined and studied (for an introduction see [1] and properties have been expressed and proved in a variety of frameworks. Some of these frameworks are specialized, as the BAN logic [8, 9, 22] of Burrow, Abadi and Needham, while others are more generic [22, 15] in general they can be divided, as recently surveyed by Clarke and Wing in [10] in three different categories: model checking, theorem proving and software specification. In this work we are interested in the first type of ....

Michael Burrows, Mart'in Abadi, and Roger Needham. A logic of authentication. ACM Transaction on Computer System, 8(1):18--36, 1990.

.... Brutus model checking of a spi calculus dialect Extended Abstract S. Gnesi y D. Latella G. Lenzini y June 23, 2000 1 Introduction Recently there has been a wide interest in applying formal methods to specify and verify cryptographic protocols (see for example [2, 7, 4, 16, 19, 23, 22, 25, 10, 17]) These approaches range from the use of a process calculus to model cryptographic protocols and using equivalence relations to prove security properties on them, to the use of a general or special purpose model checkers. In this paper we propose a model checking approach for verifying security ....

Michael Burrows, Mart'in Abadi, and Roger Needham. A Logic of Authentication. ACM Transaction on Computer System, 8(1):18--36, 1990.

No context found.

Michael Burrows, Martin Abadi, and Roger M. Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, Feb 1990.

No context found.

Michael Burrows, Martn Abadi, and Roger M. Needham. A Logic of Authentication. ACM Transactions on Computer Systems, 8(1):18--36, February 1990. 17

No context found.

Michael Burrows, Martn Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, February 1990.

No context found.

Michael Burrows, Martn Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, February 1990.

No context found.

Michael Burrows, Marn Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, 1990.

No context found.

Michael Burrows, Martn Abadi, and Roger Needham. A logic of authentication. ACM Transactions in Computer Systems, 8(1):18--36, February 1990.

No context found.

Michael Burrows, Martin Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8:18-36, February 1990.

No context found.

Michael Burrows, Martn Abadi, and Roger M. Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, February 1990.

No context found.

Michael Burrows, Martn Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18-36, February 1990.

No context found.

Michael Burrows and Martn Abadi. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, February 1990. 52.

No context found.

Michael Burrows, MartnAbadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18-36, February 1990.

No context found.

Michael Burrows, Martn Abadi, and Roger Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1):18--36, February 1990. 3

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC