On the Properties of Epistemic and Temporal Epistemic Logics of Authentication

The authentication properties of a security protocol are specified based on the knowledge gained by the principals that exchange messages with respect to the steps of that protocol. As there are many successful attacks on authentication protocols, different formal systems, in particular epistemic and temporal epistemic logics, have been developed for analyzing such protocols. However, such logics may fail to detect some attacks. To promote the specification and verification power of these logics, researchers may try to construct them in such a way that they preserve some properties such as soundness, completeness, being omniscience-free, or expressiveness. The aim of this paper is to provide an overview of the epistemic and temporal epistemic logics which are applied in the analysis of authentication protocols to find out how far these logical properties may affect analyzing such protocols.

[1]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[2]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[3]  Alessio Lomuscio,et al.  Automatic verification of temporal-epistemic properties of cryptographic protocols , 2009, J. Appl. Non Class. Logics.

[4]  Paul F. Syverson Adding time to a logic of authentication , 1993, CCS '93.

[5]  Mehran S. Fallah,et al.  An Omniscience-Free Temporal Logic of Knowledge for Verifying Authentication Protocols , 2018, Bulletin of the Iranian Mathematical Society.

[6]  Ramaswamy Ramanujam,et al.  Deciding knowledge properties of security protocols , 2005, TARK.

[7]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[8]  Mehmet A. Orgun,et al.  A Fibred Belief Logic for Multi-agent Systems , 2005, Australian Conference on Artificial Intelligence.

[9]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[10]  Ronald Fagin,et al.  Reasoning about knowledge and probability , 1988, JACM.

[11]  Joseph Y. Halpern,et al.  Dealing with logical omniscience: Expressiveness and pragmatics , 2007, Artif. Intell..

[12]  Rasool Ramezanian Process algebraic modeling of authentication protocols for analysis of parallel multi-session executions , 2009, ISC Int. J. Inf. Secur..

[13]  Paul C. van Oorschot,et al.  Extending cryptographic logics of belief to key agreement protocols , 1993, CCS '93.

[14]  Max J. Cresswell,et al.  A New Introduction to Modal Logic , 1998 .

[15]  Clare Dixon,et al.  Temporal Logics of Knowledge and their Applications in Security , 2007, ICS@SYNASC.

[16]  Alessio Lomuscio,et al.  MCMAS: A Model Checker for the Verification of Multi-Agent Systems , 2009, CAV.

[17]  Joseph Y. Halpern,et al.  Modeling Adversaries in a Logic for Security Protocol Analysis , 2006, FASec.

[18]  Jonathan K. Millen,et al.  CAPSL: Common Authentication Protocol Specification Language , 1996, NSPW '96.

[19]  Mika Cohen,et al.  Logics of Knowledge and Cryptography : Completeness and Expressiveness , 2007 .

[20]  Gavin Lowe,et al.  How to prevent type flaw attacks on security protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[21]  Ji Ma,et al.  Analysing Stream Authentication Protocols in Autonomous Agent-Based Systems , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[22]  Mehmet A. Orgun,et al.  Modal tableaux for verifying stream authentication protocols , 2007, Autonomous Agents and Multi-Agent Systems.

[23]  Yanjing Wang,et al.  To know or not to know: epistemic approaches to security protocol verification , 2010, Synthese.

[24]  Reiner Dojen,et al.  Establishing and Fixing Security Protocols Weaknesses Using a Logic-based Verification Tool , 2013, J. Commun..

[25]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[26]  Lijun Wu,et al.  Model Checking Needham-Schroeder Security Protocol Based on Temporal Logic of Knowledge , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[27]  Mehmet A. Orgun,et al.  A Temporalised Belief Logic for Specifying the Dynamics of Trust for Multi-agent Systems , 2004, ASIAN.

[28]  Gavin Lowe A Family of Attacks upon Authentication Protocols , 1997 .

[29]  A. N.A.DurginP.D.LincolnJ.C.Mitchell,et al.  Undecidability of bounded security protocols , 1999 .

[30]  Clare Dixon,et al.  Using temporal logics of knowledge in the formal verification of security protocols , 2004, Proceedings. 11th International Symposium on Temporal Representation and Reasoning, 2004. TIME 2004..

[31]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[32]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[33]  Li Hui,et al.  Analysis the Properties of TLS Based on Temporal Logic of Knowledge , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[34]  Mehmet A. Orgun,et al.  Dealing with Multiple Granularity of Time in Temporal Logic Programming , 1996, J. Symb. Comput..

[35]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[36]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[37]  Florian Kammüller,et al.  Modeling and Verification of Insider Threats Using Logical Analysis , 2017, IEEE Systems Journal.

[38]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[39]  Mads Dam,et al.  A Completeness Result for BAN Logic , 2007 .

[40]  Joseph Y. Halpern,et al.  Knowledge, probability, and adversaries , 1993, JACM.

[41]  Alessio Lomuscio,et al.  Model checking detectability of attacks in multiagent systems , 2010, AAMAS.

[42]  Ji Ma,et al.  An analytic tableau calculus for a temporalised belief logic , 2011, J. Appl. Log..

[43]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[44]  Alessio Lomuscio,et al.  Verifying Security Properties in Unbounded Multiagent Systems , 2016, AAMAS.

[45]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[46]  Simon Kramer,et al.  Logical concepts in cryptography , 2007, SIGA.

[47]  Wojciech Penczek,et al.  Simulation of Security Protocols based on Scenarios of Attacks , 2009, Fundam. Informaticae.

[48]  Anca D. Jurcut,et al.  Design guidelines for security protocols to prevent replay & parallel session attacks , 2014, Comput. Secur..

[49]  Chen C. Chang,et al.  Model Theory: Third Edition (Dover Books On Mathematics) By C.C. Chang;H. Jerome Keisler;Mathematics , 1966 .

[50]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[51]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[52]  Mads Dam,et al.  Logical Omniscience in the Semantics of BAN Logic , 2003 .

[53]  Alessio Lomuscio,et al.  Automatic verification of epistemic specifications under convergent equational theories , 2012, AAMAS.

[54]  Alessio Lomuscio,et al.  A complete and decidable security-specialised logic and its application to the TESLA protocol , 2006, AAMAS '06.

[55]  Alessio Lomuscio,et al.  Interactions between Time and Knowledge in a First-order Logic for Multi-Agent Systems , 2010, KR.

[56]  Klaus-Dieter Schewe,et al.  A Temporalised Belief Logic for Reasoning about Authentication Protocols , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[57]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[58]  Mads Dam,et al.  A Complete Axiomatization of Knowledge and Cryptography , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[59]  Gavin Lowe Analysing Protocol Subject to Guessing Attacks , 2004, J. Comput. Secur..

[60]  Ji Ma,et al.  Analysis of Authentication Protocols in Agent-Based Systems Using Labeled Tableaux , 2009, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).