A calculus for secure channel establishment in open networks

  • Ueli M. Maurer
  • Pierre E. Schmid
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)


This paper presents a calculus of channel security properties which allows to analyze and compare protocols for establishing secure channels in an insecure open network at a high level of abstraction. A channel is characterized by its direction, time of availability and its security properties. Cryptographic primitives and trust relations are interpreted as transformations for channel security properties, and cryptographic protocols can be viewed as combinations of such transformations. A protocol thus allows to transform a set of secure channels established during an initial setup phase, together with a set of insecure channels available during operation of the system, into the set of secure channels specified by the security requirements. The necessary and sufficient requirements for establishing a secure channel between two entities are characterized in terms of secure channels to be made available during the initial setup phase and in terms of trust relations between users and/or between users and trusted authorities.


Network security Key management Cryptography Security transformations Formal models 


  1. 1.
    A. Birell, B. Lampson, R. Needham and M. Schroeder, A global authentication service without global trust, Proc. IEEE Symposium on Research in Security and Privacy, 1986, pp. 223–230.Google Scholar
  2. 2.
    M. Burrows, M. Abadi and R. Needham, A logic of authentication, ACM Transactions on Computer Systems, Vol. 8, No. 1, 1990, pp. 18–36.CrossRefGoogle Scholar
  3. 3.
    W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, Vol. 22, No. 6, 1976, pp. 644–654.CrossRefGoogle Scholar
  4. 4.
    M. Gasser, A. Goldstein, C. Kaufman and B. Lampson, The Digital distributed system security architecture, Proc. 12th National Computer Security Conference, NIST/NCSC, Baltimore, 1989, pp. 305–319.Google Scholar
  5. 5.
    J. Glasgow, G. MacEwen and P. Panangaden, A logic for reasoning about security, ACM Transactions on Computer Systems, Vol. 10, No. 3, 1992, pp. 226–264.CrossRefGoogle Scholar
  6. 6.
    V.D. Gligor, S.-W. Luan and J.N. Pato, On inter-realm authentication in large distributed systems, Proc. IEEE Conference on security and privacy, 1992, pp. 2–17.Google Scholar
  7. 7.
    B. Lampson, M. Abadi, M. Burrows and E. Wobber, Authentication in distributed systems: theory and practice, Proc. 13th ACM Symp. on Operating Systems Principles, 1991, pp. 165–182.Google Scholar
  8. 8.
    J. Linn, Privacy enhancement for internet electronic mail: Part I, Message encipherment and authentication procedures, Internet RFC 1421, Feb. 1993.Google Scholar
  9. 9.
    R. Molva, G. Tsudik, E. Van Herreweghen and S. Zatti, “KryptoKnight Authentication and Key Distribution System”, Proc. 1992 European Symposium on Research in Computer Security (ESORICS 92), Toulouse (Nov. 92).Google Scholar
  10. 10.
    R.M. Needham and M.D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, Vol. 21, 1978, pp. 993–999.CrossRefGoogle Scholar
  11. 11.
    D. Otway and O. Rees, Efficient and timely mutual authentication, Operating systems review, Vol. 21, No. 1, 1987, pp. 8–10.CrossRefGoogle Scholar
  12. 12.
    R.L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, Vol. 21, No. 2, 1978, pp. 120–126.CrossRefGoogle Scholar
  13. 13.
    J.G. Steiner, C. Neuman and J.I. Schiller, Kerberos: An authentication service for open network systems, Proceedings of Winter USENIX 1988, Dallas, Texas.Google Scholar
  14. 14.
    P. Syverson and C. Meadows, A logical language for specifying cryptographic protocols requirements, Proc. IEEE Conf. on Research in Security and Privacy, 1993, pp. 165–180.Google Scholar
  15. 15.
    J.J. Tardo and K. Alagappan, SPX: Global authentication using public key certificates, Proc. IEEE Conf. on Research in Security and Privacy, 1991, pp. 232–244.Google Scholar
  16. 16.
    V. Voydock and S. Kent, Security mechanisms in high-level network protocols, ACM Computing Surveys, Vol. 15, No. 2, 1983, pp. 135–171.CrossRefGoogle Scholar
  17. 17.
    R. Yahalom, B. Klein and T. Beth, Trust relationships in secure systems — a distributed autentication perspective, Proc. IEEE Conf. on Research in Security and Privacy, 1993, pp. 150–164.Google Scholar
  18. 18.
    P. Zimmermann, PGP User's Guide, Dec. 1992, available on the Internet.Google Scholar
  19. 19.
    ISO/IEC International Standard 9594-8, Information technology — open systems interconnection — the directory, Part 8: Authentication framework, 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Ueli M. Maurer
    • 1
  • Pierre E. Schmid
    • 2
  1. 1.Inst. for Theoretical Computer ScienceETH ZürichZürichSwitzerland
  2. 2.Omnisec AGRegensdorfSwitzerland

Personalised recommendations