Revisiting the Foundations of Authentication Logics

In this paper, we make the point that the problems with logics in the BAN tradition are not with the idea of basing reasoning about security protocols using epi st mic notions, but with some of the specific decisions taken in the formulation of these logics. To illus trate this statement, we describe a formal logic for security protocol analysis based on well-underst ood modal operators, knowledge, time, and probability. We show how the logic can capture the intuitive high-level concepts of BAN and later logics. In particular, we formalize a translation of the BAN operato rs into our logic to model reasoning about security protocols in the presence of a Dolev-Yao adversary . We validate our translation by analyzing the Needham-Schroeder authentication protocol using our form alis . This analysis highlights some strong assumptions on nonces made by the Dolev-Yao model of the adve rsary. We address these concerns by formulating a different translation of the BAN operators us ing probability, and show how to analyze protocols in the presence of Dolev-Yao adversaries that are allowed guesses.

[1]  Zohar Manna,et al.  Formal verification of probabilistic systems , 1997 .

[2]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[3]  Yoram Moses,et al.  Knowledge and Common Knowledge in a Byzantine Environment I: Crash Failures , 1986, TARK.

[4]  Yoram Moses,et al.  Programming simultaneous actions using common knowledge , 1987, Algorithmica.

[5]  Paul C. van Oorschot,et al.  Extending cryptographic logics of belief to key agreement protocols , 1993, CCS '93.

[6]  Joseph Y. Halpern,et al.  Knowledge, Probability, and Adversaries (Preliminary Report) , 1993 .

[7]  Martín Abadi,et al.  Rejoinder to Nessett , 1990, OPSR.

[8]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[9]  Paul C. van Oorschot,et al.  An Alternate Explanation of two BAN-logic "failures" , 1994, EUROCRYPT.

[10]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[11]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[12]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[13]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[14]  Robert J. Aumann,et al.  Interactive epistemology I: Knowledge , 1999, Int. J. Game Theory.

[15]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[16]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[17]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[18]  Joseph Y. Halpern,et al.  A knowledge-based analysis of zero knowledge , 1988, STOC '88.

[19]  Colin Boyd,et al.  On a Limitation of BAN Logic , 1994, EUROCRYPT.

[20]  Volker Kessler,et al.  Formal Semantics for Authentication Logics , 1996, ESORICS.

[21]  Joseph Y. Halpern,et al.  Using counterfactuals in knowledge-based programming , 1998, Distributed Computing.

[22]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[23]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[24]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[25]  Saul A. Kripke,et al.  Semantical Analysis of Modal Logic I Normal Modal Propositional Calculi , 1963 .

[26]  Dan M. Nessett,et al.  A critique of the Burrows, Abadi and Needham logic , 1990, OPSR.

[27]  Adam Brandenburger,et al.  The Role of Common Knowledge Assumptions in Game Theory , 1989 .

[28]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[29]  Rebecca N. Wright,et al.  An authentication logic supporting synchronization, revocation, and recency , 1996, CCS '96.

[30]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[31]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[32]  Gavin Lowe Analysing Protocol Subject to Guessing Attacks , 2004, J. Comput. Secur..