The use of logic in the analysis of cryptographic protocols

Logics for cryptographic protocol analysis are presented, and a study is made of the protocol features that they are appropriate for analyzing: some are appropriate for analyzing trust, others security. It is shown that both features can be adequately captured by a single properly designed logic. The goals and capabilities of M. Burrows, M. Abadi and R. Needham's (1989) BAN logic are examined. It is found that there is confusion about these. While the logic is extremely useful heuristically, as a formal method it is seen to be ultimately unacceptable. Formal semantics is explored as a reasoning tool and the importance of soundness and completeness for protocol security is discussed. The KPL logic is used to resolve a debate over an alleged flaw in BAN logic and is shown to be uniquely capable of dealing with certain protocol security issues.<<ETX>>

[1]  John McLean,et al.  Reasoning About Security Models , 1987, 1987 IEEE Symposium on Security and Privacy.

[2]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[3]  Glenn H. MacEwen,et al.  Reasoning about knowledge in multilevel secure distributed systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[4]  Richard A. Kemmerer Using Formal Verification Techniques to Analyze Encryption Protocols , 1987, 1987 IEEE Symposium on Security and Privacy.

[5]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[6]  James W. Garson,et al.  Quantification in Modal Logic , 1984 .

[7]  Jonathan K. Millen,et al.  The Interrogator A Tool for Cryptographic Protocol Security , 1984, 1984 IEEE Symposium on Security and Privacy.

[8]  Virgil D. Gligor,et al.  On the formal specification and verification of a multiparty session protocol , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Richard A. Kemmerer,et al.  Analyzing encryption protocols using formal verification techniques , 1989, IEEE J. Sel. Areas Commun..

[10]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[11]  Jonathan K. Millen,et al.  The Interrogator: Protocol Secuity Analysis , 1987, IEEE Transactions on Software Engineering.

[12]  Joseph Y. Halpern USING REASONING ABOUT KNOWLEDGE TO ANALYZE DISTRIBUTED SYSTEMS , 1987 .

[13]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Catherine A. Meadows,et al.  Using narrowing in the analysis of key management protocols , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[15]  Pierre Bieber,et al.  A logic of communication in hostile environment , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[16]  Jonathan Lear Aristotle and logical theory , 1980 .

[17]  Dan M. Nessett,et al.  A critique of the Burrows, Abadi and Needham logic , 1990, OPSR.

[18]  Glenn H. MacEwen,et al.  A logic for reasoning about security , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[19]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[20]  Louise E. Moser,et al.  A logic of knowledge and belief for reasoning about computer security , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[21]  Paul F. Syverson Formal semantics for logics of cryptographic protocols , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[22]  Martín Abadi,et al.  Rejoinder to Nessett , 1990, OPSR.

[23]  P. Venkat Rangan,et al.  An axiomatic basis of trust in distributed systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[24]  Einar Snekkenes Exploring the BAN approach to protocol analysis , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[25]  Ronald Fagin,et al.  I'm OK if You're OK: On the Notion of Trusting Communication , 1987, LICS.

[26]  Hector J. Levesque,et al.  A Logic of Implicit and Explicit Belief , 1984, AAAI.

[27]  Catherine A. Meadows Representing partial knowledge in an algebraic security model , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[28]  Glenn H. MacEwen,et al.  Reasoning about Knowledge and Permission in Secure Distributed Systems , 1988, CSFW.

[29]  Glenn H. MacEwen,et al.  Obligation as the basis of integrity specification , 1989, Proceedings of the Computer Security Foundations Workshop II,.