The Logic of Authentication Protocols

The rationale of authentication has been a topic of study for about a decade and a half. First attempts at formal analysis of authentication protocols were not using logics per se, but were certainly logical. Millen’s Interrogator [Mil84, MCF87] was a Prolog based tool specifically designed for authentication protocol analysis that functioned essentially as a special purpose model checker. Kemmerer used the general purpose formal specification language Ina Jo and an accompanying symbolic execution tool Inatest to specify and analyze protocols [Kem87].

[1]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[2]  Stephen H. Brackin,et al.  A HOL extension of GNY for automatically analyzing cryptographic protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[3]  Naganand Doraswamy,et al.  Ipsec: the new security standard for the internet , 1999 .

[4]  S. H. Brackin,et al.  Automatically detecting most vulnerabilities in cryptographic protocols , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[5]  Catherine A. Meadows,et al.  A Formal Specification of Requirements for Payment Transactions in the SET Protocol , 1998, Financial Cryptography.

[6]  Lawrence C. Paulson,et al.  Mechanized proofs for a recursive authentication protocol , 1997, Proceedings 10th Computer Security Foundations Workshop.

[7]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[8]  Ulf Carlsen Using Logics to Detect Implementation-Dependent Flaws , 1993 .

[9]  Jonathan K. Millen,et al.  Protocol-independent secrecy , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[10]  Joshua D. Guttman,et al.  Security Goals: Packet Trajectories and Strand Spaces , 2000, FOSAD.

[11]  John A. Clark,et al.  Searching for a solution: engineering tradeoffs and the evolution of provably secure protocols , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[12]  Paula Severi Type Inference for Pure Type Systems , 1998, Inf. Comput..

[13]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[14]  Stephen H. Brackin Evaluating and improving protocol analysis by automatic proof , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[15]  Dieter Gollmann,et al.  Towards Verification of Non-repudiation Protocols , 1998 .

[16]  Volker Kessler,et al.  Formal Semantics for Authentication Logics , 1996, ESORICS.

[17]  Paul F. Syverson,et al.  Limitations on design principles for public key protocols , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[18]  Ulf Carlsen Using logics to detect implementation-dependent flaws [cryptographic protocol design] , 1993, Proceedings of 9th Annual Computer Security Applications Conference.

[19]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[20]  Joshua D. Guttman,et al.  Mixed strand spaces , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[21]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[22]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[23]  Martín Abadi,et al.  Authentication and Delegation with Smart-cards , 1991, TACS.

[24]  Dan M. Nessett,et al.  A critique of the Burrows, Abadi and Needham logic , 1990, OPSR.

[25]  P. Syverson,et al.  A Unified Cryptographic Protocol Logic , 1996 .

[26]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[27]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[28]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[29]  Catherine A. Meadows A model of computation for the NRL Protocol Analyzer , 1994, Proceedings The Computer Security Foundations Workshop VII.

[30]  Richard A. Kemmerer Using Formal Verification Techniques to Analyze Encryption Protocols , 1987, 1987 IEEE Symposium on Security and Privacy.

[31]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[32]  Einar Snekkenes Exploring the BAN approach to protocol analysis , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[33]  Paul F. Syverson The use of logic in the analysis of cryptographic protocols , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[34]  Steve A. Schneider,et al.  CSP, PVS and a Recursive Authentication Protocol , 1997 .

[35]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[36]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[37]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[38]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[39]  C. Meadows Extending Formal Cryptographic Protocol Analysis Techniques for Group Protocols and Low-Level Cryptographic Primitives , 2000 .

[40]  Paul K. Moser Empirical Knowledge: Readings in Contemporary Epistemology , 1986 .

[41]  Brian F. Chellas Modal Logic: Normal systems of modal logic , 1980 .

[42]  J. Doug Tygar,et al.  A Model for Secure Protocols and Their Compositions , 1996, IEEE Trans. Software Eng..

[43]  J. Doug Tygar,et al.  A model for secure protocols and their compositions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[44]  Martín Abadi,et al.  The Scope of a Logic of Authentication , 1989, Distributed Computing And Cryptography.

[45]  Rebecca N. Wright,et al.  An authentication logic supporting synchronization, revocation, and recency , 1996, CCS '96.

[46]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[47]  Raphael Yahalom Optimality of Asynchronous Two-Party Secure Data-Exchange Protocols , 1993, J. Comput. Secur..

[48]  Joshua D. Guttman,et al.  Honest ideals on strand spaces , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[49]  Paul F. Syverson,et al.  Group Principals and the Formalization of Anonymity , 1999, World Congress on Formal Methods.

[50]  Elliott Mendelson,et al.  Introduction to Mathematical Logic , 1979 .

[51]  Jonathan K. Millen,et al.  The Interrogator A Tool for Cryptographic Protocol Security , 1984, 1984 IEEE Symposium on Security and Privacy.

[52]  Jonathan K. Millen,et al.  The Interrogator: Protocol Secuity Analysis , 1987, IEEE Transactions on Software Engineering.

[53]  Steve Kremer,et al.  A Game Approach to the Verification of Exchange Protocols: Application to Non-Repudiation Protocols , 2000 .

[54]  Elliott Mendelson,et al.  Introduction to mathematical logic (3. ed.) , 1987 .

[55]  Rajashekar Kailar Reasoning about accountability in protocols for electronic commerce , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[56]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[57]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[58]  Anthony H. Dekker C3PO: a tool for automatic sound cryptographic protocol analysis , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[59]  Paul C. van Oorschot,et al.  Extending cryptographic logics of belief to key agreement protocols , 1993, CCS '93.

[60]  Martín Abadi,et al.  Rejoinder to Nessett , 1990, OPSR.

[61]  Catherine A. Meadows Open Issues in Formal Methods for Cryptographic Protocol Analysis , 2001, MMM-ACNS.

[62]  Ran Canetti A unified framework for analyzing security of protocols , 2001, Electron. Colloquium Comput. Complex..

[63]  A. W. Roscoe Intensional specifications of security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[64]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[65]  Catherine A. Meadows,et al.  A Cost-Based Framework for Analysis of Denial of Service Networks , 2001, J. Comput. Secur..

[66]  Paul Syverson Towards a Strand Semantics for Authentication Logic , 1999 .

[67]  Martín Abadi,et al.  Authentication: A Practical Study in Belief and Action , 1988, TARK.

[68]  Fabio Massacci,et al.  Formal Verification of Cardholder Registration in SET , 2000, ESORICS.

[69]  Marie-Jeanne Toussaint Separating the Specification and Implementation Phases in Cryptology , 1992, ESORICS.

[70]  Paul F. Syverson On key distribution protocols for repeated authentication , 1993, OPSR.

[71]  Neil Evans,et al.  Analysing Time Dependent Security Properties in CSP Using PVS , 2000, ESORICS.

[72]  Mahadev Satyanarayanan,et al.  Integrating security in a large distributed system , 1989, TOCS.

[73]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[74]  Catherine A. Meadows,et al.  Formal Requirements for Key Distribution Protocols , 1994, EUROCRYPT.

[75]  Catherine A. Meadows,et al.  Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[76]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[77]  Ran Canetti,et al.  Environmental Requirements and Authentication Protocols , 2002 .

[78]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[79]  Pierre Bieber,et al.  A logic of communication in hostile environment , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[80]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[81]  Ross J. Anderson,et al.  Robustness Principles for Public Key Protocols , 1995, CRYPTO.

[82]  Rajashekar Kailar Accountability in Electronic Commerce Protocols , 1996, IEEE Trans. Software Eng..

[83]  G. Denker,et al.  CAPSL integrated protocol environment , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[84]  E. Snekkenes Roles in cryptographic protocols , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[85]  B. Clifford Neuman,et al.  A note on the use of timestamps as nonces , 1993, OPSR.

[86]  Paul F. Syverson Adding time to a logic of authentication , 1993, CCS '93.

[87]  Dieter Gollmann On the Verification of Cryptographic Protocols - A Tale of Two Committees , 2000, Electron. Notes Theor. Comput. Sci..

[88]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[89]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[90]  Dieter Gollmann What do we mean by entity authentication? , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[91]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[92]  Levente Buttyán,et al.  A simple logic for authentication protocol design , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[93]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[94]  Heike Neumann,et al.  A Sound Logic for Analysing Electronic Commerce Protocols , 1998, ESORICS.

[95]  Dawn Xiaodong Song,et al.  Looking for diamonds in the desert - extending automatic protocol generation to three-party authentication and key agreement protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[96]  Catherine A. Meadows,et al.  A logical language for specifying cryptographic protocol requirements , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[97]  ProtocolsLi GongSRI InternationalComputer Fail-Stop Protocols : An Approach to Designing Secure , 1994 .

[98]  Paul Syverson,et al.  A formal language for cryptographic protocol requirements , 1996 .

[99]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[100]  Catherine A. Meadows,et al.  A Formal Language for Cryptographic Protocol Requirements , 1996, Des. Codes Cryptogr..

[101]  Ulf Carlsen Generating formal cryptographic protocol specifications , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[102]  Dawn Xiaodong Song Athena: a new efficient automatic checker for security protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[103]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[104]  Paul Syverson,et al.  A Taxonomy of Replay Attacks , 1994 .

[105]  Gene Tsudik,et al.  Authenticated group key agreement and friends , 1998, CCS '98.

[106]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[107]  Paul F. Syverson,et al.  Knowledge, Belief, and Semantics in the Analysis of Cryptographic Protocols , 1992, J. Comput. Secur..