Adding time to a logic of authentication

In [BAN89] Burrows, Abadi, and Needham presented a logic (BAN) for analyzing cryptographic protocols in terms of belief. This logic is quite useful in uncovering flaws in protocols; however, it also has produced confusion and controversy. Much of the confusion was cleared up when Abadi and Tuttle provided a semantics for a version of that logic (AT) in [AT91]. In this paper we present a protocol to show that both BAN and AT are not expressive enough to capture all of the kinds of flaws that appear to be within their scope. We then present a logic that adds temporal formalisms to AT and that is rich enough to reveal the flaws in the presented protocol; nonetheless, this logic is sound with respect to the same semantics that was given in [AT91]. Finally, we argue that any approach of this type is inadequate by itself to demonstrate the absence of such flaws. We must supplement the formal logic with semantic analysis techniques.

[1]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[2]  Paul F. Syverson The use of logic in the analysis of cryptographic protocols , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Ronald Fagin,et al.  I'm OK if You're OK: On the Notion of Trusting Communication , 1987, LICS.

[4]  Catherine A. Meadows,et al.  Applying Formal Methods to the Analysis of a Key Management Protocol , 1992, J. Comput. Secur..

[5]  E. Snekkenes Roles in cryptographic protocols , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Catherine A. Meadows,et al.  A logical language for specifying cryptographic protocol requirements , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[8]  Edmund M. Clarke Automatic verification of finite-state concurrent systems , 1994, Proceedings Ninth Annual IEEE Symposium on Logic in Computer Science.

[9]  F SyversonPaul Knowledge, Belief, and Semantics in the Analysis of Cryptographic Protocols , 1992 .

[10]  Catherine A. Meadows,et al.  A system for the specification and analysis of key management protocols , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Paul F. Syverson,et al.  Knowledge, Belief, and Semantics in the Analysis of Cryptographic Protocols , 1992, J. Comput. Secur..

[12]  Martín Abadi,et al.  The Scope of a Logic of Authentication , 1989, Distributed Computing And Cryptography.

[13]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Pierre Bieber,et al.  A logic of communication in hostile environment , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[15]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[16]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[17]  Paul F. Syverson On key distribution protocols for repeated authentication , 1993, OPSR.

[18]  Moti Yung,et al.  Systematic Design of Two-Party Authentication Protocols , 1991, CRYPTO.

[19]  Joseph Y. Halpern,et al.  Knowledge and common knowledge in a distributed environment , 1984, JACM.

[20]  Ronald Fagin,et al.  I'm OK if you're OK: On the notion of trusting communication , 1988, J. Philos. Log..