Results 1  10
of
35
A calculus for cryptographic protocols: The spi calculus
 Information and Computation
, 1999
"... We introduce the spi calculus, an extension of the pi calculus designed for the description and analysis of cryptographic protocols. We show how to use the spi calculus, particularly for studying authentication protocols. The pi calculus (without extension) suffices for some abstract protocols; the ..."
Abstract

Cited by 919 (55 self)
 Add to MetaCart
We introduce the spi calculus, an extension of the pi calculus designed for the description and analysis of cryptographic protocols. We show how to use the spi calculus, particularly for studying authentication protocols. The pi calculus (without extension) suffices for some abstract protocols; the spi calculus enables us to consider cryptographic issues in more detail. We represent protocols as processes in the spi calculus and state their security properties in terms of coarsegrained notions of protocol equivalence.
Prudent Engineering Practice for Cryptographic Protocols
 Proc. IEEE Computer Society Symposium on Research in Security and Privacy
, 1994
"... We present principles for the design of cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have avoided a considerable number of published errors. Our principles are informal guidelines. They complem ..."
Abstract

Cited by 405 (17 self)
 Add to MetaCart
(Show Context)
We present principles for the design of cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have avoided a considerable number of published errors. Our principles are informal guidelines. They complement formal methods, but do not assume them. In order to demonstrate the actual applicability of these guidelines, we discuss some instructive examples from the literature. 1
Reasoning about Cryptographic Protocols in the Spi Calculus
 In CONCUR'97: Concurrency Theory
, 1997
"... . The spi calculus is an extension of the pi calculus with constructs for encryption and decryption. This paper develops the theory of the spi calculus, focusing on techniques for establishing testing equivalence, and applying these techniques to the proof of authenticity and secrecy properties of c ..."
Abstract

Cited by 60 (3 self)
 Add to MetaCart
. The spi calculus is an extension of the pi calculus with constructs for encryption and decryption. This paper develops the theory of the spi calculus, focusing on techniques for establishing testing equivalence, and applying these techniques to the proof of authenticity and secrecy properties of cryptographic protocols. 1 From Cryptography to Testing Equivalence The idea of controlling communication by capabilities underlies both the pi calculus and much of the current work on security in distributed systems (see e.g. [MPW92, Lie93, Sch96b]). In the pi calculus, channel names are capabilities; a process can use a channel only if it has invented or been given the name of the channel, but cannot guess this name. In work on security, on the other hand, the capabilities for communication are often keys, which are used for encrypting and decrypting messages that travel on otherwise unprotected channels. These observations motivate the definition of the spi calculus, an extension of the p...
An Approach to the Formal Verification of Cryptographic Protocols
 In Third ACM Conference on Computer and Communications Security
, 1996
"... We present an approach to the verification of authentication protocols. The approach is based on the use of general purpose formal methods. It is complementary with modal logic basedapproaches as it allows for a description of protocol, hypotheses and authentication properties at a finer level of p ..."
Abstract

Cited by 49 (2 self)
 Add to MetaCart
(Show Context)
We present an approach to the verification of authentication protocols. The approach is based on the use of general purpose formal methods. It is complementary with modal logic basedapproaches as it allows for a description of protocol, hypotheses and authentication properties at a finer level of precision and with more freedom. It differs from formal methods based approaches and in particular from Meadows' approach in that it focuses more on proof conciseness and readability than on proof automatization. To achieve this we use a clear separation between the modeling of reliable agents and that of unreliable agents or more generally of intruders. We also show how to express authentication properties using basic and precise temporal notions. The approach is presented by the mean of an example based on a publickey version of the NeedhamSchroeder protocol.
Formal Methods for the Analysis of Authentication Protocols
, 1993
"... In this paper, we examine current approaches and the state of the art in the application of formal methods to the analysis of authentication protocols. We use Meadows' classification of analysis techniques into four types. The Type I approach models and verifies a protocol using specification l ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
In this paper, we examine current approaches and the state of the art in the application of formal methods to the analysis of authentication protocols. We use Meadows' classification of analysis techniques into four types. The Type I approach models and verifies a protocol using specification languages and verification tools not specifically developed for the analysis of cryptographic protocols. In the Type II approach, a protocol designer develops expert systems to create and examine different scenarios, from which he may draw conclusions about the security of the protocols being studied. The Type III approach models the requirements of a protocol family using logics developed specifically for the analysis of knowledge and belief. Finally, the Type IV approach develops a formal model based on the algebraic termrewriting properties of cryptographic systems. The majority of research and the most interesting results are in the Type III approach, including reasoning systems such as the B...
Security Protocols over open networks and distributed systems: Formal methods for their Analysis, Design, and Verification
 Computer Communications
, 1999
"... Formal methods, theory, and supporting tools can aid the design, analysis, and verification of the security related and cryptographic protocols used over open networks and distributed systems. The most commonly followed techniques for the application of formal methods for the expost analysis and v ..."
Abstract

Cited by 25 (0 self)
 Add to MetaCart
(Show Context)
Formal methods, theory, and supporting tools can aid the design, analysis, and verification of the security related and cryptographic protocols used over open networks and distributed systems. The most commonly followed techniques for the application of formal methods for the expost analysis and verification of cryptographic protocols, as the analysis approach, are reviewed, followed by the examination of robustness principles and application limitations. Modern highlevel specification languages and tools can be used for automatically analysing cryptographic protocols. Recent research work focuses on the exante use of formal methods in the design stage of new security protocols, as the synthesis approach. Finally, an outline is presented on current trends for the utilisation of formal methods for the analysis and verification of modern complicated protocols and protocol suites for the real commercial world. Keywords Protocol Analysis Tools, Formal methods, Security protocols, Cry...
A Brief Survey of Current Work on Network Attached Peripherals
, 1996
"... Work on networkattached peripherals (NAPs) can be divided into essentially three areas  device interfaces and protocols, multimedia use and mass storage use. This paper is an extended abstract reviewing some of the current work and provides references and WWW pointers to many of the projects. The ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
Work on networkattached peripherals (NAPs) can be divided into essentially three areas  device interfaces and protocols, multimedia use and mass storage use. This paper is an extended abstract reviewing some of the current work and provides references and WWW pointers to many of the projects. The impact of this technological advance on operating systems is discussed. The primary purpose of this paper is to broaden understanding of the advantages and pitfalls of NAPs and encourage further research in the design and use of networkattached peripherals and NAPcapable systems. This paper 1 and an extended abstract are available on the web or from the author. 2 Note: This is a preliminary version of inprogress, unreviewed and incomplete work. Data, conclusions and verbiage may all change. Not yet for public distribution. 1
RoleBased Security for Distributed Object Systems
, 1996
"... This paper describes a security architecture designed to support rolebased access control for distributed object systems in a largescale, multiorganisational enterprise in which domains are used to group objects for specifying security policies. We use the concept of a role to define access contr ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
(Show Context)
This paper describes a security architecture designed to support rolebased access control for distributed object systems in a largescale, multiorganisational enterprise in which domains are used to group objects for specifying security policies. We use the concept of a role to define access control related to a position within an organisation although our role framework caters for the specification of both authorisation and obligation policies. Access control and authentication is implemented using security agents on a per host basis to achieve a high degree of transparency to the application level. Cascaded delegation of access rights is also supported. The domain based authentication service uses symmetric cryptography and is implemented by replicated servers which maintain minimal state.
Walking the Web of Trust
, 2000
"... Most currently deployed Public Key Infrastructures (PKIs) are hierarchically oriented and rely on a centralized design. Hierarchical PKIs may be appropriate solutions for many usagescenarios, but there exists the viable alternative of the `Web of Trust'. In a web of trust, each user of the sys ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
Most currently deployed Public Key Infrastructures (PKIs) are hierarchically oriented and rely on a centralized design. Hierarchical PKIs may be appropriate solutions for many usagescenarios, but there exists the viable alternative of the `Web of Trust'. In a web of trust, each user of the system can choose for himself whom he elects to trust, and whom not. After contrasting the properties of weboftrust based PKIs to those of hierarchical PKIs, an introduction to webs of trust and to quantitative trust calculations is given. The paper concludes with the presentation of an efficient, subexponential algorithm that allows heuristic computations of trust paths in a web of trust. Keywords: Web of Trust, PKI, Heuristic Trust Calculation. 1
A Reference Model for Firewall Technology
 Proceedings of the Thirteenth Annual Computer Security Applications Conference
, 1997
"... ..."