Abstract

This paper describes a Higher Order Logic (HOL) theory formalizing an extended version of the Gong, Needham, Yahalom (GNY) belief logic, a theory used by software that automatically proves authentication properties of cryptographic protocols. The theory's extensions to the GNY logic include being able to specify protocol properties at intermediate stages and being able to specify protocols that use multiple encryption and hash operations, message authentication codes, computed values (e.g., hash codes) as keys, and keyexchange algorithms. 1. Introduction Cryptographic protocols are short sequences of message exchanges, usually involving encryption, intended to establish secure communication over insecure networks. Whether they actually do so, or can be subverted by attacks involving modified, replayed, or mislabeled messages, is a notoriously difficult problem. There have been several examples [11, 27, 28] of published protocols, recommended by experts, that were vulnerable to attack....

Citations

1040	R.: A logic for authentication - Burrows, Abadi, et al. - 1989
872	A.C.-C.: On the security of public key protocols - Dolev, Yao - 1983
783	Using encryption for authentication in large networks of computers - Needham, Schroeder - 1978
581	Kerberos: An authentication service for open network systems - Steiner, Neuman, et al. - 1988
466	Introduction to HOL : a theorem proving environment for higher-order logic - Gordon, Melham - 1993
352	ML for the Working Programmer - Paulson - 1996
221	Timestamps in key distribution protocols - Denning, Sacco - 1981
176	Reasoning about belief in cryptographic protocols - Gong, Needham, et al. - 1990
103	The interrogator: Protocol security analysis - Millen, Clark, et al. - 1987
97	On unifying some cryptographic protocol logics - Syverson, Oorschot - 1998
80	Applying Formal Methods to the Analysis of a Key Management Protocol - Meadows - 1990
70	Criterion Revisited - Piotrowski, Schroeder, et al.
69	Automating recursive type definitions in higher order logic - Melham - 1989
60	SPX : Global authentication using public key certificates - J, ALAGAPPAN - 1991
46	Protocol failures in cryptosystems - Moore - 1988
40	Reasoning with inductively defined relations in the HOL theorem prover - Camilleri, Melham - 1992
29	A System for the Specification and Analysis of Key Management Protocols - Meadows
29	The Interrogator Model - Millen - 1995
21	The Interrogator: A tool for cryptographic protocol security - Millen - 1984
20	Using narrowing in the analysis of key management protocols - Meadows - 1989
14	Deciding Cryptographic Protocol Adequacy with HOL: The Implementation, in: Theorem Proving - Brackin - 1996
8	Handling infeasible specifications of cryptographic protocols - Gong - 1991
8	On the Automation of GNY Logic - Mathuria, Safavi-Naini, et al. - 1995
7	Automatic formal analyses of cryptographic protocols - Brackin - 1996
7	Formal Specification and Analysis of Cryptographic Protocols - Snekkenes - 1995
5	Some remarks on the logic of gong, needham and yahalom - Mathuria, Safavi-Naini, et al. - 1994
4	A mechanized logic for secure key escrow protocol verification - Schubert, Mocas - 1995
1	Providing tractable security analysis in HOL - Brackin - 1994
1	An interface specification language for cryptographic protocols and its translation into HOL. Submitted to the New Security Paradigms Workshop - Brackin - 1996
1	Server-process restrictiveness in HOL - Brackin, Chin - 1993
1	Verifying the correctness of authentication protocols using CONVINCE. Submitted to the The - Brackin, Hammonds, et al. - 1996
1	Command center security --- proving software correct - Hammonds, Lichota, et al. - 1995
1	theories - Romulus - 1994
1	user's manual - Romulus - 1994