Proceedings of the Twelfth ACM Symposium on Operating Systems Principles 1989
DOI: 10.1145/74850.74852
|View full text |Cite
|
Sign up to set email alerts
|

A logic of authentication

Michael T. Burrows
1
,
Martı́n Abadi
2
,
Roger M. Needham
3

Abstract: Autllcnt.icntioii protocols a.re the basis of seciuity iii many clisti~il~utetl systems, mid it, is therefore esseiitial to eiisure t,lia.t t,liese prot~ocols function correctly. Uufortuiia.tely, t,licir tlcsign 1~s beeii estremcIy error prone. hbst of the ~xotocols found iii the literature coutniii redundancies or security flaws.A siinple logic 1ia.s aHowed us to describe the beliefs of trustworthy parties involved iii a~utllentica.tioil protocols alit1 the evol11tioii of these beliefs as a consequence of con… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

1
598
0
1

Year Published

1993
1993
2023
2023

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 770 publications
(600 citation statements)
references
References 20 publications
1
598
0
1
Order By: Relevance
“…To verify the correctness of protocols and implementations of cryptographic algorithms, systems engineers and researchers may apply formal methods. An example is BAN (Burrows-Abadi-Needham) logic, [350] which provides a formal method for reasoning about the logic of belief of principals in cryptographic protocols. Formal methods can also be used to find bugs in security protocol designs.…”
Section: Appendix C Types Of Software Under Threatmentioning
confidence: 99%

Software Security Assurance: A State-of-Art Report (SAR)

Goertzel1,
Winograd2,
McKinley3
et al. 2007
40
0
29
0
View full textAdd to dashboardCite
“…To verify the correctness of protocols and implementations of cryptographic algorithms, systems engineers and researchers may apply formal methods. An example is BAN (Burrows-Abadi-Needham) logic, [350] which provides a formal method for reasoning about the logic of belief of principals in cryptographic protocols. Formal methods can also be used to find bugs in security protocol designs.…”
Section: Appendix C Types Of Software Under Threatmentioning
confidence: 99%

Software Security Assurance: A State-of-Art Report (SAR)

Goertzel1,
Winograd2,
McKinley3
et al. 2007
40
0
29
0
View full textAdd to dashboardCite
“…Figure 3 illustrates a naive version of a secure 3PKDP. 4 It is constructed by simply putting together two r u n s of 2PKDP. 5 One notable aspect is that the key being distributed in messages 2 and 4 is one and the same { K ab .…”
Section: Desired Propertiesmentioning
confidence: 99%
“…T h e only additional information available to the attacker from 3PKDP (as opposed to two unrelated runs of 2PKDP) is the fact that the same key is being distributed to A and B. H o wever, not knowing either the key or the masking expression, the attacker can only try to play X OR-ing "games" and factor out K ab by 3 We note that the problemof malicious insiders does not exist in two-party k ey distribution. 4 A more sophisticated protocol would optimize the numberof protocol ows and minimize the size of each o w. At this point, however, we are not yet concerned with optimization. 5 This version of the protocol only intends to show the properties of the key distribution, and doesn't deal with synchronizing A and B (how does B know that A wants to communicate?).…”
Section: Desired Propertiesmentioning
confidence: 99%

On simple and secure key distribution

Tsudik
1
,
Herreweghen
2
1993
Proceedings of the 1st ACM Conference on Computer and Communications Security - CCS '93
12
0
4
0
View full textAdd to dashboardCite
show abstract
“…The protocol is flawed because signatures obviously can not provide message confidentiality. The absurd gap between the protocol definition and its intended goal is explained by the fact that the protocol was never intended to be used in a real environment, but to highlight a particular limitation of the BAN [7] protocol analysis logic.…”
Section: Elementary Flawsmentioning
confidence: 99%
“…This is unfortunate because it allows an adversary to trivially impersonate the originator of the message by substituting the original signature for his own. (According to the definitions in section 5, the second flaw in the X.509 protocol described in [7] would be labelled a single-role oracle flaw. )…”
Section: Elementary Flawsmentioning
confidence: 99%

Cryptographic protocol flaws: know your enemy

Carlsen1
Proceedings the Computer Security Foundations Workshop VII
42
0
23
0
View full textAdd to dashboardCite
show abstract
scite logo

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Product
Browser ExtensionAssistant by sciteCitation Statement SearchReference CheckVisualizationsDashboardsExplore JournalsExplore OrganizationsExplore FundersEmbedding BadgeEmbedding Citation SearchPricing
Resources
BlogHelp & FAQAccessibility StatementAPI TermsFor Universities & GovernmentsFor ResearchersFor PublishersFor Corporate, Pharma & EnterpriseAuthor MarketingBecome an AffiliateGet an organization trial or quotescite Data & Services
About
News & PressCareersRead our PaperCoverage

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

BlogTerms and ConditionsAPI TermsPrivacy PolicyContactCookie PreferencesDo Not Sell or Share My Personal Information

Copyright © 2025 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.