Security protocol design via authentication tests

We describe a protocol design process, and illustrate its use by creating ATSPECT, an authentication test-based secure protocol for electronic commerce transactions. The design process is organized around the authentication tests, a method for protocol verification based on the strand space theory. The authentication tests dictate how randomly generated values such as nonces may be combined with encryption to achieve authentication and freshness. ATSPECT offers functionality and security guarantees akin to the purchase request, payment authorization, and payment capture phases of SET, the secure electronic transaction standard created by the major credit card firms.

[1]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[2]  Joshua D. Guttman,et al.  Authentication tests and the structure of bundles , 2002, Theor. Comput. Sci..

[3]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[4]  Joshua D. Guttman,et al.  Protocol independence through disjoint encryption , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[5]  Thomas Y. C. Woo,et al.  Authentication for distributed systems , 1997, Computer.

[6]  Dawn Xiaodong Song,et al.  Looking for diamonds in the desert - extending automatic protocol generation to three-party authentication and key agreement protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[7]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[8]  Lawrence C. Paulson,et al.  Proving security protocols correct , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[9]  Rohit Chadha,et al.  Inductive methods and contract-signing protocols , 2001, CCS '01.

[10]  Jean-François Raskin,et al.  Game analysis of abuse-free contract signing , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[11]  Joshua D. Guttman Key Compromise, Strand Spaces, and the Authentication Tests , 2001, MFPS.

[12]  Joshua D. Guttman,et al.  Security Goals: Packet Trajectories and Strand Spaces , 2000, FOSAD.

[13]  Joshua D. Guttman,et al.  Authentication tests , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[14]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[15]  Levente Buttyán,et al.  A simple logic for authentication protocol design , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[16]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[17]  Dawn Xiaodong Song Athena: a new efficient automatic checker for security protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[18]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..