Formal requirements for key distribution protocols

Syverson, Paul; Meadows, Catherine

doi:10.1007/bfb0053447

Cited by 19 publications

(7 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Syverson and Meadows [14] presented the formal requirements for authentication in key distribution protocols. They tried to provide a single set of requirements to specify a whole class of protocols, which can be fine-tuned for the particular application.…”

Section: Related Workmentioning

confidence: 99%

Rank Theorems for Forward Secrecy in Group Key Management Protocols

Gawanmeh

Tahar

2007

21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)

View full text Add to dashboard Cite

Design and verification of cryptographic protocols has been under investigation for quite sometime. However, not much attention has been paid for the class of protocols that deals with group key management and distribution, mainly because of their dynamic characteristics. In addition, these protocols have special security properties, such as forward secrecy, that cannot be verified using methodologies designed for normal two-parties protocols. In this paper, we provide a set of generic formal specification requirements for group key management and distribution protocols. This can help guiding the proper specification of the behavior of such protocols, which is necessary for a successful design and verification process. We define a formal model for the protocol and establish rank theorem for forward properties based on the above requirements. Rank theorems imply the validity of the security property to be proved, and are deducted from a set of rank functions we define over the protocol. The above formalizations and rank theorems were implemented using the PVS theorem prover. We illustrate our approach on the verification of forward secrecy for the Enclaves protocol designed at SRI.

show abstract

Section: Related Workmentioning

confidence: 99%

Rank Theorems for Forward Secrecy in Group Key Management Protocols

Gawanmeh

Tahar

2007

21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)

View full text Add to dashboard Cite

show abstract

“…These include key distribution and key agreement protocols [30,31], complex electronic commerce protocols such as SET [22], and, most recently, group key distribution protocols [23].…”

Section: Safety Requirements For Cryptographic Protocolsmentioning

confidence: 99%

What Makes a Cryptographic Protocol Secure? The Evolution of Requirements Specification in Formal Cryptographic Protocol Analysis

Meadows

2003

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

Abstract. Much attention has been paid to the design of languages for the specification of cryptographic protocols. However, the ability to specify their desired behavior correctly is also important; indeed many perceived protocol flaws arise out of a misunderstanding of the protocol's requirements. In this talk we give a brief survey of the history of requirements specification in formal analysis of cryptographic protocols. We outline the main approaches and describe some of the open issues.

show abstract

“…Among these, generic requirements have been given for two-party key distribution protocols [14,15] and two-party key agreement protocols [16]. The most ambitious specification undertaken using NPATRL has involved the requirements of the credit card payment transaction protocol SET (Secure Electronic Transactions) [9].…”

Section: The Npatrl Syntaxmentioning

confidence: 99%

Formalizing GDOI group key management requirements in NPATRL

Meadows¹,

Syverson²

2001

Proceedings of the 8th ACM Conference on Computer and Communications Security - CCS '01

Self Cite

View full text Add to dashboard Cite

Although there is a substantial amount of work on formal requirements for two and three-party key distribution protocols, very little has been done on requirements for group protocols. However, since the latter have security requirements that can differ in important but subtle ways, we believe that a rigorous expression of these requirements can be useful in determining whether a given protocol can satisfy an application's needs. In this paper we make a first step in providing a formal understanding of security requirements for group key distribution by using the NPATRL language, a temporal requirement specification language for use with the NRL Protocol Analyzer. We specify the requirements for GDOI, a protocol being proposed as an IETF standard, which we are formally specifying and verifying in cooperation with the MSec working group.

show abstract

Formal requirements for key distribution protocols

Cited by 19 publications

References 13 publications

Rank Theorems for Forward Secrecy in Group Key Management Protocols

Rank Theorems for Forward Secrecy in Group Key Management Protocols

What Makes a Cryptographic Protocol Secure? The Evolution of Requirements Specification in Formal Cryptographic Protocol Analysis

Formalizing GDOI group key management requirements in NPATRL

Contact Info

Product

Resources

About