Nonmonotonic cryptographic protocols

The paper presents a new method for specifying and analyzing cryptographic protocols. The method offers several advantages over previous approaches. The technique is the first to allow reasoning about nonmonotonic protocols, which are needed for systems that rely on the deletion of information. There is no idealization of protocols; we specify at a level that is close to the actual implementation. We show how the method uncovers the known flaw in the Needham and Schroeder protocol (R.M. Needham and M.D. Schroeder, 1978). We then apply the method to the khat protocol (A.D. Rubin, P. Honeyman, 1993). The analysis reveals a serious, previously undiscovered flaw in the nonmonotonic protocol for long-running jobs.<<ETX>>

[1]  Colin Boyd,et al.  Towards formal analysis of security protocols , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[2]  Catherine A. Meadows,et al.  A logical language for specifying cryptographic protocol requirements , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Peter Honeyman,et al.  Long Running Jobs in an Authenticated Environment , 1993, USENIX Security Symposium.

[4]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[5]  Einar Snekkenes Exploring the BAN approach to protocol analysis , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Dan M. Nessett,et al.  A critique of the Burrows, Abadi and Needham logic , 1990, OPSR.

[7]  Louise E. Moser,et al.  A logic of knowledge and belief for reasoning about computer security , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[8]  Marie-Jeanne Toussaint,et al.  A New Method for Analyzing the Security of Cryptographic Protocols , 1993, IEEE J. Sel. Areas Commun..

[9]  Roger M. Needham,et al.  Authentication revisited , 1987, OPSR.

[10]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[11]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[12]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[13]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Reihaneh Safavi-Naini,et al.  Partial belief and probabilistic reasoning in the analysis of secure protocols , 1992, [1992] Proceedings The Computer Security Foundations Workshop V.

[15]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[16]  Vijay Varadharajan,et al.  An analysis of some delegation protocols for distributed systems , 1992, [1992] Proceedings The Computer Security Foundations Workshop V.

[17]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[18]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  Virgil D. Gligor,et al.  On belief evolution in authentication protocols , 1991, Proceedings Computer Security Foundations Workshop IV.