Advertisement

From Secrecy to Authenticity in Security Protocols

  • Bruno Blanchet
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2477)

Abstract

We present a new technique for verifying authenticity in cryptographic protocols. This technique is fully automatic, it can handle an unbounded number of sessions of the protocol, and it is efficient in practice. It significantly extends a previous technique for the verification of secrecy. The protocol is represented in an extension of the pi calculus with fairly arbitrary cryptographic primitives. This protocol representation includes the authentication specification to be verified, but no other annotation. Our technique has been proved correct, implemented, and tested on various protocols from the literature. The experimental results show that we can verify these protocols in less than 1 s.

Keywords

IEEE Computer Society Authentication Protocol Security Protocol Horn Clause Cryptographic Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Abadi and B. Blanchet. Analyzing Security Protocols with Secrecy Types and Logic Programs. In 29th Annual ACM Symposium on Principles of Programming Languages (POPL 2002), pages 33–44, Portland, Oregon, Jan. 2002. ACM Press.Google Scholar
  2. 2.
    M. Abadi and C. Fournet. Mobile Values, New Names, and Secure Communication. In 28th Annual ACM Symposium on Principles of Programming Languages (POPL’01), pages 104–115, London, United Kingdom, Jan. 2001. ACM Press.Google Scholar
  3. 3.
    M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. I EEE Transactions on Software Engineering, 22(1):6–15, Jan. 1996.Google Scholar
  4. 4.
    R. Amadio and S. Prasad. The game of the name in cryptographic tables. In P. S. Thiagarajan and R. Yap, editors, Advances in Computing Science-ASIAN’99, volume 1742 of LNCS, pages 15–27, Phuket, Thailand, Dec. 1999. Springer Verlag.CrossRefGoogle Scholar
  5. 5.
    R. Anderson and R. Needham. Programming Satan’s Computer. In J. van Leeuven, editor, Computer Science Today: Recent Trends and Developments, volume 1000 of LNCS, pages 426–440. Springer Verlag, 1995.Google Scholar
  6. 6.
    B. Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 82–96, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society. Extended version available at http://www.di.ens.fr~blanchet/longcsfw14.ps.gz.
  7. 7.
    P. Broadfoot, G. Lowe, and B. Roscoe. Automating Data Independence. In 6th European Symposium on Research in Computer Security (ESORICS 2000), volume 1895 of LNCS, pages 175–190, Toulouse, France, Oct. 2000. Springer Verlag.Google Scholar
  8. 8.
    P. J. Broadfoot and A. W. Roscoe. Internalising agents in CSP protocol models. In Workshop on Issues in the Theory of Security (WITS’02), Portland, Oregon, Jan. 2002.Google Scholar
  9. 9.
    M. Burrows, M. Abadi, and R. Needham. A Logic of Authentication. Proceedings of the Royal Society of London A, 426:233–271, 1989.zbMATHMathSciNetCrossRefGoogle Scholar
  10. 10.
    J. Clark and J. Jacob. A Survey of Authentication Protocol Literature: Version1.0. Technical report, University of York, Department of Computer Science, Nov. 1997.Google Scholar
  11. 11.
    E. Cohen. TAPS: A First-Order Verifier for Cryptographic Protocols. In 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 144–158, Cambridge, England, July 2000.Google Scholar
  12. 12.
    V. Cortier, J. Millen, and H. Rueβ. Proving secrecy is easy enough. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 97–108, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.Google Scholar
  13. 13.
    M. Debbabi, M. Mejri, N. Tawbi, and I. Yahmadi. A New Algorithm for the Automatic Verification of Authentication Protocols: From Specifications to Flaws and Attack Scenarios. In DIM ACS Workshop on Design and Formal Verification of Security Protocols, Rutgers University, New Jersey, Sept. 1997.Google Scholar
  14. 14.
    A. Gordon and A. Jeffrey. Authenticity by Typing for Security Protocols. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 145–159, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.Google Scholar
  15. 15.
    A. Gordon and A. Jeffrey. Types and Effects for Asymmetric Cryptographic Protocols. In 15th IEEE Computer Security Foundations Workshop (CSFW-15), Cape Breton, Nova Scotia, Canada, June 2002. IEEE Computer Society.Google Scholar
  16. 16.
    J. Heather and S. Schneider. Towards automatic verification of authentication protocols on an unbounded network. In 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 132–143, Cambridge, England, July 2000.Google Scholar
  17. 17.
    H. Krawczyk. SKEME: A Versatile Secure Key Exchange Mechanism for Internet. In Proceedings of the Internet Society Symposium on Network and Distributed Systems Security, Feb. 1996.Google Scholar
  18. 18.
    G. Lowe. Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of LNCS, pages 147–166. Springer Verlag, 1996.Google Scholar
  19. 19.
    G. Lowe. A Hierarchy of Authentication Specifications. In Proceedings of the 10th Computer Security Foundations Workshop (CSFW’ 97), Rockport, Massachusetts, June 1997. IEEE Computer Society.Google Scholar
  20. 20.
    R. M. Needham and M. D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. Commun. ACM, 21(12):993–999, Dec. 1978.Google Scholar
  21. 21.
    D. Otway and O. Rees. Efficient and Timely Mutual Authentication. Operating Systems Review, 21(1):8–10, 1987.CrossRefGoogle Scholar
  22. 22.
    L. C. Paulson. The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security, 6(1–2):85–128, 1998.Google Scholar
  23. 23.
    A. W. Roscoe and P. J. Broadfoot. Proving Security Protocols with Model Checkers by Data Independence Techniques. Journal of Computer Security, 7(2, 3):147–190, 1999.Google Scholar
  24. 24.
    D. X. Song. Athena: a New Efficient Automatic Checker for Security Protocol Analysis. In 12th IEEE Computer Security Foundation Workshop (CSFW-12), Mordano, Italy, June 1999.Google Scholar
  25. 25.
    C. Weidenbach. Towards an Automatic Analysis of Security Protocols in First-Order Logic. In H. Ganzinger, editor, 16th International Conference on Automated Deduction (CADE-16), volume 1632 of Lecture Notes in Artificial Intelligence, pages 314–328, Trento, Italy, July 1999. Springer Verlag.Google Scholar
  26. 26.
    T. Y. C. Woo and S. S. Lam. Authentication for distributed systems. Computer, 25(1):39–52, Jan. 1992.Google Scholar
  27. 27.
    T. Y. C. Woo and S. S. Lam. A Semantic Model for Authentication Protocols. In Proceedings IEEE Symposium on Research in Security and Privacy, pages 178–194, Oakland, California, May 1993.Google Scholar
  28. 28.
    T. Y. C. Woo and S. S. Lam. Authentication for distributed systems. In D. Denning and P. Denning, editors, Internet Besieged: Countering Cyberspace Scofflaws. ACM Press and Addison-Wesley, Oct. 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Bruno Blanchet
    • 1
    • 2
  1. 1.Département d’InformatiqueÉcole Normale SupérieureParis
  2. 2.Max-Planck-Institut für InformatikGermany

Personalised recommendations