论文信息 - A Limitation of BAN Logic Analysis on a Man-in-the-middle Attack

A Limitation of BAN Logic Analysis on a Man-in-the-middle Attack

In recent years a lot of attention has been paid to the use of special logics to analyse cryptographic protocols, foremost among these being the BAN logic. These logics have been successful in finding weaknesses in various cryptographic protocols. With BAN logic analysis on a Station-to-Station (STS) protocol, the paper presents a limitation of BAN logic analysis on a Man-in-the-middle attack, which shows that it is easy for the BAN logic to approve protocols that are in practice unsound and the some enhancements of the BAN logic should be made or in some cases, the informal method will be required in some security protocol analysis like STS. An improved STS protocol against a man-in-the-middle attack is given in the paper.

Xiang Li | Shiping Yang

[1] Mark R. Tuttle,et al. A Semantics for a Logic of Authentication , 1991, PODC 1991.

[2] Einar Snekkenes,et al. Applying a formal analysis technique to the CCITT X.509 strong two-way authentication protocol , 2004, Journal of Cryptology.

[3] Martín Abadi,et al. Explicit Communication Revisited: Two New Attacks on Authentication Protocols , 1997, IEEE Trans. Software Eng..

[4] Li Gong,et al. Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[5] Colin Boyd,et al. On a Limitation of BAN Logic , 1994, EUROCRYPT.

[6] Paul C. van Oorschot,et al. An Alternate Explanation of two BAN-logic "failures" , 1994, EUROCRYPT.

[7] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[8] Jan Wessels. APPLICATIONS OF BAN-LOGIC , 2001 .

[9] Martín Abadi,et al. A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.