Advertisement

Principles for Entity Authentication

  • Michele Bugliesi
  • Riccardo Focardi
  • Matteo Maffei
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2890)

Abstract

We study the roles of message components in authentication protocols. In particular, we investigate how a certain component contributes to the task of achieving entity authentication. To this aim, we isolate a core set of roles that enables us to extract general principles that should be followed to avoid attacks. We then formalize these principles in terms of rules for protocol parties and we prove that protocols designed according to these rules will achieve entity authentication.

Keywords

Authentication Protocol Trusted Third Party Cryptographic Protocol Encrypt Message Entity Authentication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols: The Spi Calculus. Information and Computation 148(1), 1–70 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Abadi, M., Needham, R.: Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering 22(1), 6–15 (1996)CrossRefGoogle Scholar
  3. 3.
    Anderson, R., Needham, R.: Programming satan’s computer. In: van Leeuwen, J. (ed.) Computer Science Today. LNCS, vol. 1000, pp. 426–440. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  4. 4.
    Bibier, P.: Alogic of communication in a hostile environment. In: Proceedings the Computer Security Foundations Workshop III, p. 1422. IEEE Computer Society Press, Los Alamitos (1990)Google Scholar
  5. 5.
    Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. Proceedings of the Royal Society of London 426(1871), 233–271 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Clark, J., Jacob, J.: A Survey of Authentication Protocol Literature: Version 1.0 (November 1997), http://www.cs.york.ac.uk/~jac/papers/drareview.ps.gz
  7. 7.
    Durgin, N., Mitchell, J., Pavlovic, D.: A compositional logic for proving security properties of protocols. In: 14-th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, June 11-13 (2001)Google Scholar
  8. 8.
    Focardi, R., Gorrieri, R., Martinelli, F.: Non interference for the analysis of cryptographic protocols. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 354–372. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Gollmann, D.: What do we mean by Entity Authentication. In: Proceedings of the 1996 Symposium on Security and Privacy, pp. 46–54. IEEE Computer Society Press, Los Alamitos (1996)CrossRefGoogle Scholar
  10. 10.
    Gong, L., Needham, R., Yahalom, R.: Reasoning About Belief in Cryptographic Protocols. In: Cooper, D., Lunt, T. (eds.) Proceedings 1990 IEEE Symposium on Research in Security and Privacy, pp. 234–248. IEEE Computer Society, Los Alamitos (1990)CrossRefGoogle Scholar
  11. 11.
    Gordon, A.D., Jeffrey, A.: Types and effects for asymmetric cryptographic protocols. In: 15th IEEE Computer Security Foundations Workshop — CSFW 2001, Cape Breton, Canada, June 24-26, pp. 77–91. IEEE Computer Society Press, Los Alamitos (2002)CrossRefGoogle Scholar
  12. 12.
    Gordon, A., Jeffrey, A.: Authenticity by typing for security protocols. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), June 2001, pp. 145–159 (2001)Google Scholar
  13. 13.
    Heather, J., Lowe, G., Schneider, S.: How to prevent type flaw attacks on security protocols. In: 13th IEEE Computer Security Foundations Workshop — CSFW 2000, Cambridge, UK, July 3-5, pp. 255–268. IEEE Computer Society Press, Los Alamitos (2000)CrossRefGoogle Scholar
  14. 14.
    ISO/IEC. Information Technology-Security Tecniques-Entity Authentication Mechanisms, Part 1:General Model (1991)Google Scholar
  15. 15.
    ISO/IEC. Information Technology-Security Tecniques-Entity Authentication Mechanisms, Part 2:Entity Authentication using Simmetric Tecniques (1993)Google Scholar
  16. 16.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Lowe, G.: A Hierarchy of Authentication Specification. In: Proceedings of the 10th Computer Security Foundation Workshop, IEEE press, Los Alamitos (1997)Google Scholar
  18. 18.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  19. 19.
    Needham, R.M., Schroeder, M.D.: Authentication revisited. ACM SIGOPS Operating Systems Review 21(1), 7–7 (1987)CrossRefGoogle Scholar
  20. 20.
    Paulson, L.C.: Relations between secrets: Two formal analyses of the yahalom protocol. Journal of Computer Security 9(3), 197–216 (2001)MathSciNetGoogle Scholar
  21. 21.
    Schneider, S.: Formal analysis of a non-repudiation protocol. In: Proceedings of CSFW 1998, pp. 54–65. IEEE Computer Society Press, Los Alamitos (1998)Google Scholar
  22. 22.
    Snekkenes, E.: Roles in cryptographic protocols. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, pp. 105–119. IEEE Computer Society Press, Los Alamitos (1992)CrossRefGoogle Scholar
  23. 23.
    Woo, T.Y.C., Lam, S.S.: A Semantic Model for Authentication Protocols. In: Proceedings of 1993 IEEE Symposium on Security and Privacy, pp. 178–194 (1993)Google Scholar
  24. 24.
    Woo, T.Y.C., Lam, S.S.: Authentication for distributed systems, from computer. In: Stallings, W. (ed.) Practical Cryptography for Data Internetworks, January 1992, vol. 1992, IEEE Computer Society Press, Los Alamitos (1992)Google Scholar
  25. 25.
    Zhou, J., Gollman, D.: A fair non-repudiation protocol. In: Proc. of Symposium in Research in Security and Privacy, pp. 55–61. IEEE Press, Los Alamitos (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Michele Bugliesi
    • 1
  • Riccardo Focardi
    • 1
  • Matteo Maffei
    • 1
  1. 1.Dipartimento di InformaticaUniversità Ca’ Foscari di Venezia 

Personalised recommendations