Skip to main content
Springer Nature Link
Log in

Specifying Authentication Using Signal Events in CSP

  • Conference paper
Information Security and Cryptology (CISC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3822))

Included in the following conference series:

Abstract

The formal analysis of cryptographic protocols has firmly developed into a comprehensive body of knowledge, building on a wide variety of formalisms and treating a diverse range of security properties, foremost of which is authentication. The formal specification of authentication has long been a subject of examination. In this paper, we discuss the use of correspondence to formally specify authentication and focus on Schneider’s use of signal events in CSP to specify authentication. The purpose of this effort is to strengthen this formalism further. We develop a formal structure for these events and use them to specify a general authentication property. We then develop specifications for recentness and injectivity as sub-properties, and use them to refine authentication further. Our work is motivated by the desire to effectively analyse and express security properties in formal terms, so as to make them precise and clear.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Gollmann, D.: What do we mean by entity authentication? In: Symposium on Security and Privacy, pp. 46–54. IEEE Computer Society, Los Alamitos (1996)

    Google Scholar 

  2. Gollmann, D.: On the Verification of Cryptographic Protocols - A Tale of Two Committees. In: Proceedings of the Workshop on Secure Architectures and Information Flow, ENTCS, vol. 32 (2000)

    Google Scholar 

  3. Gollmann, D.: Analysing security protocols. In: Abdallah, A.E., Ryan, P.Y.A., Schneider, S. (eds.) FASec 2002. LNCS, vol. 2629, pp. 71–80. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Gollmann, D.: Authentication by Correspondence. IEEE Journal on Selected Areas in Communication, Special Issue on Formal Methods for Security 21(1) (2003)

    Google Scholar 

  5. Gordon, A.D., Jeffrey, A.: Typing correspondence assertions for communication protocols. In: Mathematical Foundations of Programming Semantics 17, ENTCS, vol. 45, Elsevier, Amsterdam (2001)

    Google Scholar 

  6. Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall International, Englewood Cliffs (1985)

    MATH  Google Scholar 

  7. Lowe, G.: A hierarchy of authentication specifications. In: 10th Computer Security Foundations Workshop, pp. 31–43. IEEE Computer Society Press, Los Alamitos (1995)

    Google Scholar 

  8. Lowe, G.: An attack on the Needham-Schroeder public key protocol. Information Processing Letters 56, 131–133 (1995)

    Article  MATH  Google Scholar 

  9. Meadows, C.: What makes a cryptographic protocol secure? The evolution of requirements specification in formal cryptographic protocol analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 10–21. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. Needham, R., Schroeder, M.: Using encryption for Authentication in Large Networks. Communications of the ACM 21(12), 993–999 (1978)

    Article  MATH  Google Scholar 

  11. Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall International, Englewood Cliffs (1997)

    Google Scholar 

  12. Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modelling and Analysis of Security Protocols. Addison-Wesley, Reading (2001)

    Google Scholar 

  13. Schneider, S.: Security Properties and CSP. IEEE Symposium Research in Security and Privacy (1996)

    Google Scholar 

  14. Schneider, S.: Verifying Authentication Protocols in CSP. IEEE Transactions on Software Engineering 24(9), 741–758 (1998)

    Article  Google Scholar 

  15. Schneider, S.: Concurrent and Real-time Systems: the CSP Approach. Addison-Wesley, London (1999)

    Google Scholar 

  16. Shaikh, S., Bush, V., Schneider, S.: Kerberos – Specifying authenticity properties using signal events. In: Proceedings of the Indonesia Cryptology and Information Security Conference, pp. 87–93 (2005)

    Google Scholar 

  17. Woo, T.Y.C., Lam, S.S.: A semantic model for Authentication Protocols. IEEE Symposium on Security and Privacy, 178–194 (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing, UGBS, University of Gloucestershire, Park Campus, The Park, Cheltenham Spa, GL52 2RH, UK

    Siraj A. Shaikh & Vicky J. Bush

  2. Department of Computing, SEPS, University of Surrey, Guildford, Surrey, GU2 7XH, UK

    Steve A. Schneider

Authors
  1. Siraj A. Shaikh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vicky J. Bush
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steve A. Schneider
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. State Key Laboratory of Information Security, Institution of Software of Chinese Academy of Sciences, 100080, Beijing, China

    Dengguo Feng

  2. SKLOIS Lab, Institute of Software, Chinese Academy of Sciences, 100080, Beijing, P.R. China

    Dongdai Lin

  3. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shaikh, S.A., Bush, V.J., Schneider, S.A. (2005). Specifying Authentication Using Signal Events in CSP. In: Feng, D., Lin, D., Yung, M. (eds) Information Security and Cryptology. CISC 2005. Lecture Notes in Computer Science, vol 3822. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599548_6

Download citation

  • DOI: https://doi.org/10.1007/11599548_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30855-3

  • Online ISBN: 978-3-540-32424-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation