The Logic of Authentication Protocols

Syverson, Paul; Cervesato, Iliano

doi:10.1007/3-540-45608-2_2

Cited by 92 publications

(50 citation statements)

References 89 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As a prerequisite for that, is to re-cast our current development on existing operational models for cryptographic protocols like Strand Spaces [25,23], spi calculus [1], CCS and CSP based models [10,17]. Finally, relationships with approaches based on type systems [11,2,12,2,3], and logics [7,24] deserve to be made.…”

Section: Discussionmentioning

confidence: 99%

Principles for Entity Authentication

Bugliesi

Focardi

Maffei

2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We study the roles of message components in authentication protocols. In particular, we investigate how a certain component contributes to the task of achieving entity authentication. To this aim, we isolate a minimal set of roles that enables us to extract general principles that should be followed to avoid attacks. We then formalize these principles in terms of rules for protocol parties and we prove that any protocol following these rules (i.e., designed according to the principles) will achieve entity authentication.

show abstract

Section: Discussionmentioning

confidence: 99%

Principles for Entity Authentication

Bugliesi

Focardi

Maffei

2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Figure 3 shows the open-ended base of attack actions that in the current implementation of the MI intruder model are checked for their feasibility. The selected attack actions appear as primitive steps in attacks reported in the related bibliography and have been proposed in published taxonomies [17,18,19] that formalize the observations of intruder misbehaviors, where the intruder redirects messages among protocol participants. In [15], we provided formal definitions of the selected primitive attack actions, as well as bibliographic examples, where these attack actions violate security properties of existing protocols.…”

Section: The MI Intruder Model In Usementioning

confidence: 99%

An intruder model with message inspection for model checking security protocols

Basagiannis

Katsaros

Pombortsis

2010

Computers & Security

View full text Add to dashboard Cite

Model checking security protocols is based on an intruder model that represents the eavesdropping or interception of the exchanged messages, while at the same time performs attack actions against the ongoing protocol session(s). Any attempt to enumerate all messages that can be deduced by the intruder and the possible actions in all protocol steps results in an enormous branching of the model's state space. In current work, we introduce a new intruder model that can be exploited for state space reduction, optionally in combination with known techniques, such as partial order and symmetry reduction. The proposed intruder modeling approach called Message Inspection (MI) is based on enhancing the intruder's knowledge with metadata for the exchanged messages. In a preliminary simulation run, the intruder tags the analyzed messages with protocol-specific values for a set of predefined parameters. This metadata is used to identify possible attack actions, for which it is a priori known that they cannot cause a security violation. The MI algorithm selects attack actions that can be discarded, from an open-ended base of primitive attack actions. Thus, model checking focuses only on attack actions that may disclose a security violation. The most interesting consequence is a non negligible state-space pruning, but at the same time our approach also allows customizing the behavior of the intruder model, in order e.g. to make it appropriate for model checking problems that involve liveness. We provide experimental results obtained with the SPIN model checker, for the Needham Schroeder security protocol.

show abstract

“…Many of these approaches, starting from the well-known BAN logics line (Burrows et al, 1990) either focus on the resulting expressivity (Syverson et al, 2000) to model particular protocols, or integrate it within theorem provers. More recently the specific protocols have been analysed in an ad-hoc basis by means of temporalepistemic model checkers (Meyden et al, 2004a;Lomuscio et al, 2007;Kacprzak et al, 2008) with anonymity protocols such as Chaum's dining cryptographers (Chaum, 1988) receiving considerable attention (Kacprzak et al, 2006;Meyden et al, 2004b).…”

Section: Conclusion and Related Workmentioning

confidence: 99%

Automatic verification of temporal-epistemic properties of cryptographic protocols

Boureanu

Cohen

Lomuscio

2009

Journal of Applied Non-Classical Logics

View full text Add to dashboard Cite

ABSTRACT. We present a technique for automatically verifying cryptographic protocols specified in the mainstream specification language CAPSL. We define a translation from CAPSL models into interpreted systems, a popular semantics for temporal-epistemic logic, and rewrite CAPSL goals as temporal-epistemic specifications. We present a compiler that implements this translation. The compiler links to the symbolic model checker MCMAS. We evaluate the technique on protocols in the Clark-Jacobs library and in the SPORE repository against custom secrecy and authentication requirements.

show abstract

The Logic of Authentication Protocols

Cited by 92 publications

References 89 publications

Principles for Entity Authentication

Principles for Entity Authentication

An intruder model with message inspection for model checking security protocols

Automatic verification of temporal-epistemic properties of cryptographic protocols

Contact Info

Product

Resources

About