Strand spaces and rank functions:more than distant cousins

Heather, James

doi:10.1109/csfw.2002.1021810

Cited by 5 publications

(8 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section we use the proof system developed in section 3 to prove a secrecy property of a simple variant N SLV AR of the Needham-Schroeder-Lowe protocol, proposed in [16], in which parties A and B use an authenticated temporary secret na to establish a secret key k that is in turn used to protect the actual message m. The main difference from the original NSL protocol is that the initiator's nonce is leaked in the final message. Reasoning from A's point of view, nonce na should be secret between A and B at the point of the run in the protocol where A is just about to send the last message.…”

Section: Analysis Of a Variant Of Nslmentioning

confidence: 99%

“…For example, within CSP, properties of messages that may appear on the network have been identified by defining a rank function [18,16], with an inductive proof used to show that rank is preserved by the attacker actions and all honest parties. In comparison, arguments in our formal logic use a conjunction involving the SafeNet predicate and protocol specific properties Φ in our inductive hypotheses.…”

Section: Analysis Of a Variant Of Nslmentioning

confidence: 99%

“…The straightforward formal proof in section 4 therefore shows that our method does not suffer from the limitations identified in [16]. Intuitively, the advantage of our setting lies in the way that modal formulas of PCL state properties about specific points in protocol execution, rather than only properties that must be true at all points in all runs.…”

Section: Introductionmentioning

confidence: 97%

“…Our first protocol example is a variant of the Needham-Schroeder protocol, used in [16] to illustrate a limitation of the original rank function method and motivate an extension for reasoning about temporary secrets. The straightforward formal proof in section 4 therefore shows that our method does not suffer from the limitations identified in [16].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Secrecy Analysis in Protocol Composition Logic

Roy

Datta

Derek

et al. 2007

Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues

View full text Add to dashboard Cite

Abstract. Extending a compositional protocol logic with an induction rule for secrecy, we prove soundness for a conventional symbolic protocol execution model, adapt and extend previous composition theorems, and illustrate the logic by proving properties of two key agreement protocols. The first example is a variant of the Needham-Schroeder protocol that illustrates the ability to reason about temporary secrets. The second example is Kerberos V5. The modular nature of the secrecy and authentication proofs for Kerberos makes it possible to reuse proofs about the basic version of the protocol for the PKINIT version that uses public-key infrastructure instead of shared secret keys in the initial steps.

show abstract

Section: Analysis Of a Variant Of Nslmentioning

confidence: 99%

Section: Analysis Of a Variant Of Nslmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 97%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Secrecy Analysis in Protocol Composition Logic

Roy

Datta

Derek

et al. 2007

Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues

View full text Add to dashboard Cite

show abstract

“…We also extend previous composition theorems [16,21] to the present setting, and illustrate the power of the resulting system by giving modular formal proofs of authentication and secrecy properties of Kerberos V5 and Kerberos V5 with PKINIT. We are also able to prove properties of a variant of the Needham-Schroeder-Lowe protocol that are beyond the standard rank function method [22,19].…”

Section: Introductionmentioning

confidence: 99%

Inductive Proofs of Computational Secrecy

Roy

Datta

Derek

et al. 2007

Computer Security – ESORICS 2007

View full text Add to dashboard Cite

Abstract. Secrecy properties of network protocols assert that no probabilistic polynomial-time distinguisher can win a suitable game presented by a challenger. Because such properties are not determined by traceby-trace behavior of the protocol, we establish a trace-based protocol condition, suitable for inductive proofs, that guarantees a generic reduction from protocol attacks to attacks on underlying primitives. We use this condition to present a compositional inductive proof system for secrecy, and illustrate the system by giving a modular, formal proof of computational authentication and secrecy properties of Kerberos V5.

show abstract

Protocol Derivation System for the Needham–Schroeder family

Zhang

Yang

2012

Security Comm Networks

View full text Add to dashboard Cite

A framework consisting of the Protocol Derivation System (PDS) and the Protocol Composition Logic (PCL) has been recently proposed by Datta et al. for the design and analysis of a secure composition of cryptographic protocols. However, the PDS in this proposed framework can only be used for the protocols of the Station-to-Station family, which are signature-based authenticated Diffie-Hellman key exchange protocols. In this paper, the PDS is extended to support key exchange protocols using a trusted third party and an encryption-based authentication such as those in the Needham-Schroeder family. This is achieved by means of adding new components, refinements, and transformations to the PDS. In addition, the PCL is applied to prove the correctness of the derived protocols. Then, the derivation graph of the NeedhamÀSchroeder family is developed by using the extended PDS. Finally, the derivations and proofs of the protocols in the Needham-Schroeder family are shown in this paper.

show abstract

Strand spaces and rank functions:more than distant cousins

Cited by 5 publications

References 36 publications

Secrecy Analysis in Protocol Composition Logic

Secrecy Analysis in Protocol Composition Logic

Inductive Proofs of Computational Secrecy

Protocol Derivation System for the Needham–Schroeder family

Contact Info

Product

Resources

About