Prudent engineering practice for cryptographic protocols

We present principles for the design of cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have avoided a considerable number of published errors. Our principles are informal guidelines. They complement formal methods, but do not assume them. In order to demonstrate the actual applicability of these guidelines, we discuss some instructive examples from the literature.

[1]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[2]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[3]  B. Clifford Neuman,et al.  NetCash: a design for practical electronic currency on the Internet , 1993, CCS '93.

[4]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[5]  Li Gong,et al.  A security risk of depending on synchronized clocks , 1992, OPSR.

[6]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[7]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[8]  Roger M. Needham,et al.  Cryptography and secure channels , 1993 .

[9]  Jerome H. Saltzer,et al.  Kerberos authentication and authorization system , 1987 .

[10]  Paul F. Syverson On key distribution protocols for repeated authentication , 1993, OPSR.

[11]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[12]  Thomas Y. C. Woo,et al.  Authentication for distributed systems , 1997, Computer.

[13]  Vijay Varadharajan,et al.  An analysis of the proxy problem in distributed systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Colin Boyd,et al.  On a Limitation of BAN Logic , 1994, EUROCRYPT.

[15]  Malur K. Sundareshan,et al.  Enhanced protocols for hierarchical encryption key management for secure communication in internet environments , 1992, IEEE Trans. Commun..

[16]  Robbert van Renesse,et al.  A security architecture for fault-tolerant systems , 1994, TOCS.

[17]  Roger M. Needham,et al.  Authentication revisited , 1987, OPSR.

[18]  J. D. TygarJanuary Timed Models for Protocol Security , 1992 .

[19]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[20]  Thomas Beth,et al.  Trust relationships in secure systems-a distributed authentication perspective , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[21]  E. Snekkenes Roles in cryptographic protocols , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[22]  B. Clifford Neuman,et al.  A note on the use of timestamps as nonces , 1993, OPSR.

[23]  Armin Liebl,et al.  Authentication in distributed systems: a bibliography , 1993, OPSR.

[24]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[25]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.