Abstract:
Many security protocols have the aim of authenticating one agent to another. Yet there is no clear consensus in the academic literature about precisely what "authentication" means. In this paper we suggest that the appropriate authentication requirement will depend upon the use to which the protocol is put, and identify several possible definitions of "authentication". We formalize each definition using the process algebra CSP, use this formalism to study their relative strengths, and show how the model checker FDR can be used to test whether a system running the protocol meets such a specification. 1 Introduction Many security protocols have appeared in the academic literature; these protocols often have the aim of achieving authentication, i.e., one agent should become sure of the identity of the other. The protocols are designed to succeed even in the presence of a malicious agent, called an intruder, who has complete control over the communications network, and so can intercept ...
Citations
|
2751
|
Communicating sequential processes
– Hoare
- 1978
|
|
948
|
A logic of authentication
– Burrows, Abadi, et al.
- 1989
|
|
725
|
Using encryption for authentication in large networks of computers
– Needham, Schroeder
- 1978
|
|
489
|
Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR
– Lowe
- 1996
|
|
209
|
Timestamps in Key Distribution Protocols
– Denning, Sacco
- 1981
|
|
199
|
Authentication and authenticated key exchanges
– Diffie, Oorschot, et al.
- 1992
|
|
165
|
An attack on the Needham-Schroeder public key authentication protocol
– Lowe
- 1995
|
|
161
|
a Compiler for the Analysis of Security Protocols
– Casper
- 1996
|
|
135
|
Proving properties of security protocols by induction
– Paulson
- 1997
|
|
100
|
Security properties and CSP
– Schneider
|
|
98
|
Limitations of the Kerberos authentication system
– Bellovin, Meritt
- 1990
|
|
95
|
Efficient and timely mutual authentication
– Otway, Rees
- 1987
|
|
84
|
Integrating security in a large distributed system
– Satyanarayanan
- 1989
|
|
74
|
Programming Satan's Computer
– Anderson
- 1995
|
|
71
|
Kerberos authentication and authorization system
– Miller, Neuman, et al.
- 1987
|
|
69
|
A taxonomy of replay attacks
– Syverson
- 1994
|
|
65
|
Some New Attacks upon Security Protocols
– Lowe
- 1996
|
|
58
|
Model-checking CSP
– Roscoe
- 1994
|
|
55
|
What do we mean by entity authentication
– Gollmann
|
|
47
|
A note on the use of timestamps as nonces
– Neumann, Stubblebine
- 1993
|
|
43
|
Systematic design of a family of attack-resistant authentication protocols
– Bird, Gopal, et al.
- 1993
|
|
39
|
Intensional specifications of security protocols
– Roscoe
- 1996
|
|
38
|
A lesson on authentication protocol design
– Woo, Lam
- 1994
|
|
27
|
Mechanized proofs of security protocols: Needham-Schroeder with public keys
– Paulson
- 1997
|
|
19
|
A Nonce-Based Protocol for Multiple Authentications
– Kehne, Schonwalder, et al.
- 1992
|
|
15
|
On the security of recent protocols
– Clark, Jacob
- 1995
|
|
13
|
Using CSP for protocol analysis: the Needham-Schroeder Public-Key Protocol
– Schneider
- 1996
|
|
11
|
Design and implementation of an authentication system in WIDE Internet environment
– Yamaguchi, Okayama, et al.
- 1990
|
|
10
|
A Family of Attacks upon Authentication Protocols
– Lowe
- 1997
|
|
8
|
On the security of SPLICE/AS--- the authentication system
– Hwang, Chen
- 1995
|
|
8
|
A logic of authentication. Proceedings of the Royal Society, Series A 426, 1871
– Burrows, Abadi, et al.
- 1989
|
|
3
|
On the security of SPLICE/AS---the authentication system
– Hwang, Chen
- 1995
|
|
1
|
11770-2:1994 "Information technology---Security Techniques---Key management---Part 2: Mechanisms using symmetric techniques
– DIS
- 1994
|