A semantics for a logic of authentication (extended abstract)

Burrows, Abadi, and Needham have proposed a logic for the analysis of authentication protocols. It is a logic of belief, with special constructs for expressing some of the central concepts used in au-thentication. The logic has revealed many subt Ieties and serious errors in published protocols. Unfortunately , it has also created some confusion. In this paper, we provide a new semantics for the logic, our attempt to clarify its meaning. In the search for a sound semantics, we have identified many sources of the past confusion. Identifying these sources has helped us improve the logic's syntax and inference rules, and extend its applicability. One of the greatest differences between our semantics and the original semantics is our treatment of belief as a form of resource-bounded, defensible knowledge. 1 Introduction Authentication is the act of determining the identity of a principal (such as a person, computer, or server) in a computer system. Authentication usually plays an important role in secure systems, since a principal controlling a resource must have some way of identifying principals requesting access to the resource. Authentication typically depends on secrets, such as passwords or encryption keys, that one principal can reveal or somehow use to prove its identity to others. Before these secrets can be used, however, they must be distributed to the principals in some way. An authentication protocol is a description of how these secrets are distributed to principals, and how these secrets are used to determine principals' identities. Permission to copy whhout fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM cowrkht notice and th@title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee andlor specific permission. A simple authentication protocol is given as an example in Figure 1. (This is actually a very incomplete description of the Kerberos key distribution protocol [M NSS87, KNS90].) The three principals involved are a server S trusted to generate good encryption keys, and two principals A and B. The goal of this protocol is for A and B to acquire a key that they can use in their communication. Principal A begins by aending a request for a key to the server S. The server responds with a message …

[1]  Chris Mitchell,et al.  Security defects in CCITT recommendation X.509: the directory authentication framework , 1990, CCRV.

[2]  K. Mani Chandy,et al.  How processes learn , 1985, PODC '85.

[3]  Martín Abadi,et al.  Rejoinder to Nessett , 1990, OPSR.

[4]  Li Gong,et al.  Logics for cryptographic protocols-virtues and limitations , 1991, Proceedings Computer Security Foundations Workshop IV.

[5]  Martín Abadi,et al.  Authentication and Delegation with Smart-cards , 1991, TACS.

[6]  Dan M. Nessett,et al.  A critique of the Burrows, Abadi and Needham logic , 1990, OPSR.

[7]  Ronald Fagin,et al.  Belief, Awareness, and Limited Reasoning. , 1987, Artif. Intell..

[8]  Virgil D. Gligor,et al.  On the formal specification and verification of a multiparty session protocol , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Joseph Y. Halpern,et al.  Knowledge and common knowledge in a distributed environment , 1984, JACM.

[10]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[11]  Jerome H. Saltzer,et al.  Kerberos authentication and authorization system , 1987 .

[12]  Einar Snekkenes Exploring the BAN approach to protocol analysis , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Ronald Fagin,et al.  I'm OK if You're OK: On the Notion of Trusting Communication , 1987, LICS.

[14]  Paul F. Syverson The use of logic in the analysis of cryptographic protocols , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[15]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Virgil D. Gligor,et al.  On belief evolution in authentication protocols , 1991, Proceedings Computer Security Foundations Workshop IV.

[17]  Einar Snekkenes,et al.  On The Formal Analysis of PKCS Authentication Protocols , 1990, AUSCRYPT.

[18]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.