Intensional specifications of security protocols

It is often difficult to specify exactly what a security protocol is intended to achieve, and there are many example of attacks on protocol which have been proved to satisfy the 'wrong', or too unreal a specification. Contrary to the usual approach of attempting to capture what it is that protocol achieves in abstract terms, we propose a readily automatable style of specification which simply asserts that a node can only complete its part in a protocol run if the pattern of messages anticipated by the designer has occurred. While this intensional style of specification does not replace more abstract ones such as confidentiality, it does appear to preclude a wide range of the styles of attack that are hardest to exclude by other means.

[1]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[2]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[3]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[4]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[5]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[6]  Andrew William Roscoe,et al.  Model-checking CSP , 1994 .

[7]  Gustavus J. Simmons,et al.  Cryptanalysis and protocol failures , 1994, CACM.

[8]  Ross J. Anderson,et al.  Programming Satan's Computer , 1995, Computer Science Today.

[9]  Natsume Matsuzaki,et al.  Key Distribution Protocol for Digital Mobile Communication Systems , 1989, CRYPTO.

[10]  A. W. Roscoe Modelling and verifying key-exchange protocols using CSP and FDR , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.