Analysis of security protocols based on challenge-response

Security protocol is specified as the procedure of challenge-response, which uses applied cryptography to confirm the existence of other principals and fulfill some data negotiation such as session keys. Most of the existing analysis methods, which either adopt theorem proving techniques such as state exploration or logic reasoning techniques such as authentication logic, face the conflicts between analysis power and operability. To solve the problem, a new efficient method is proposed that provides SSM semantics-based definition of secrecy and authentication goals and applies authentication logic as fundamental analysis techniques, in which secrecy analysis is split into two parts: Explicit-Information-Leakage and Implicit-Information-Leakage, and correspondence analysis is concluded as the analysis of the existence relationship of Strands and the agreement of Strand parameters. This new method owns both the power of the Strand Space Model and concision of authentication logic.

[1]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[2]  Dawn Xiaodong Song,et al.  Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis , 2001, J. Comput. Secur..

[3]  Catherine A. Meadows,et al.  A model of computation for the NRL Protocol Analyzer , 1994, Proceedings The Computer Security Foundations Workshop VII.

[4]  A. Scedrov,et al.  Interpreting Strands in Linear Logic , 2000 .

[5]  Joshua D. Guttman,et al.  Authentication tests and the structure of bundles , 2002, Theor. Comput. Sci..

[6]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[7]  Paul Syvreson Towards a Strand Semantics for Authentication Logic , 1999, MFPS.

[8]  Luo Junzhou Analysis of correspondence property for security protocols , 2006 .

[9]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[11]  Lai Xue Security Requirements on Authentication Protocols Using Challenge-Response , 2002 .

[12]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[13]  Qing Si-han A New Non-Repudiation Protocol , 2000 .

[14]  Joshua D. Guttman,et al.  Security protocol design via authentication tests , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[15]  Dawn Xiaodong Song Athena: a new efficient automatic checker for security protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[16]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[17]  Dengguo Feng,et al.  Study on strand space model theory , 2008, Journal of Computer Science and Technology.

[18]  Joshua D. Guttman,et al.  Authentication tests , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[19]  Hu Cheng Proving Secrecy Property of Cryptographic Protocols , 2003 .

[20]  Yang Ming,et al.  Analysis of Security Protocols Based on Authentication Test , 2006 .

[21]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[22]  Zhou Ming A Fair Non-Repudiation Protocol and Its Formal Analysis , 2003 .