A Model for Secure Protocols and Their Compositions

The paper develops a foundation for reasoning about protocol security. We adopt a model-based approach for defining protocol security properties. This allows us to describe security properties in greater detail and precision than previous frameworks. Our model allows us to reason about the security of protocols, and considers issues of beliefs of agents, time, and secrecy. We prove a composition theorem which allows us to state sufficient conditions on two secure protocols A and B such that they may be combined to form a new secure protocol C. Moreover, we give counter-examples to show that when the conditions are not met, the protocol C may not be secure.

[1]  D. Gabbay,et al.  Handbook of Philosophical Logic, Volume II. Extensions of Classical Logic , 1986 .

[2]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[3]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[4]  Catherine A. Meadows,et al.  A logical language for specifying cryptographic protocol requirements , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Oded Goldreich,et al.  On the security of multi-party ping-pong protocols , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[6]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[7]  Paul F. Syverson Adding time to a logic of authentication , 1993, CCS '93.

[8]  Paul F. Syverson The use of logic in the analysis of cryptographic protocols , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Pierre Bieber,et al.  A logic of communication in hostile environment , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[10]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[11]  Martín Abadi,et al.  The Power of Temporal Proofs , 1989, Theor. Comput. Sci..

[12]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[13]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[14]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[15]  Johan van Benthem,et al.  Time, logic and computation , 1988, REX Workshop.

[16]  Catherine A. Meadows,et al.  Applying Formal Methods to the Analysis of a Key Management Protocol , 1992, J. Comput. Secur..

[17]  OtwayDave,et al.  Efficient and timely mutual authentication , 1987 .

[18]  Shafi Goldmer An Eflcient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985 .

[19]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[20]  John P. Burgess,et al.  Basic Tense Logic , 1984 .

[21]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[22]  Grzegorz Rozenberg,et al.  Linear Time, Branching Time and Partial Order in Logics and Models for Concurrency , 1988, Lecture Notes in Computer Science.

[23]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[24]  Moti Yung,et al.  Systematic Design of a Family of Attack-Resistant Authentication Protocols , 1993, IEEE J. Sel. Areas Commun..

[25]  LamportLeslie Time, clocks, and the ordering of events in a distributed system , 1978 .

[26]  R. BurchJ.,et al.  Symbolic model checking , 1992 .

[27]  Joseph Y. Halpern,et al.  Model Checking vs. Theorem Proving: A Manifesto , 1991, KR.

[28]  Christos H. Papadimitriou,et al.  Elements of the Theory of Computation , 1997, SIGA.

[29]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[30]  Nevin Heintze,et al.  Timed Models for Protocol Security , 1992 .

[31]  Joxan Jaffar,et al.  A decision procedure for a class of set constraints , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.