Abstract
This paper presents a calculus of channel security properties which allows to analyze and compare protocols for establishing secure channels in an insecure open network at a high level of abstraction. A channel is characterized by its direction, time of availability and its security properties. Cryptographic primitives and trust relations are interpreted as transformations for channel security properties, and cryptographic protocols can be viewed as combinations of such transformations. A protocol thus allows to transform a set of secure channels established during an initial setup phase, together with a set of insecure channels available during operation of the system, into the set of secure channels specified by the security requirements. The necessary and sufficient requirements for establishing a secure channel between two entities are characterized in terms of secure channels to be made available during the initial setup phase and in terms of trust relations between users and/or between users and trusted authorities.
Chapter PDF
Similar content being viewed by others
References
A. Birell, B. Lampson, R. Needham and M. Schroeder, A global authentication service without global trust, Proc. IEEE Symposium on Research in Security and Privacy, 1986, pp. 223–230.
M. Burrows, M. Abadi and R. Needham, A logic of authentication, ACM Transactions on Computer Systems, Vol. 8, No. 1, 1990, pp. 18–36.
W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, Vol. 22, No. 6, 1976, pp. 644–654.
M. Gasser, A. Goldstein, C. Kaufman and B. Lampson, The Digital distributed system security architecture, Proc. 12th National Computer Security Conference, NIST/NCSC, Baltimore, 1989, pp. 305–319.
J. Glasgow, G. MacEwen and P. Panangaden, A logic for reasoning about security, ACM Transactions on Computer Systems, Vol. 10, No. 3, 1992, pp. 226–264.
V.D. Gligor, S.-W. Luan and J.N. Pato, On inter-realm authentication in large distributed systems, Proc. IEEE Conference on security and privacy, 1992, pp. 2–17.
B. Lampson, M. Abadi, M. Burrows and E. Wobber, Authentication in distributed systems: theory and practice, Proc. 13th ACM Symp. on Operating Systems Principles, 1991, pp. 165–182.
J. Linn, Privacy enhancement for internet electronic mail: Part I, Message encipherment and authentication procedures, Internet RFC 1421, Feb. 1993.
R. Molva, G. Tsudik, E. Van Herreweghen and S. Zatti, “KryptoKnight Authentication and Key Distribution System”, Proc. 1992 European Symposium on Research in Computer Security (ESORICS 92), Toulouse (Nov. 92).
R.M. Needham and M.D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, Vol. 21, 1978, pp. 993–999.
D. Otway and O. Rees, Efficient and timely mutual authentication, Operating systems review, Vol. 21, No. 1, 1987, pp. 8–10.
R.L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, Vol. 21, No. 2, 1978, pp. 120–126.
J.G. Steiner, C. Neuman and J.I. Schiller, Kerberos: An authentication service for open network systems, Proceedings of Winter USENIX 1988, Dallas, Texas.
P. Syverson and C. Meadows, A logical language for specifying cryptographic protocols requirements, Proc. IEEE Conf. on Research in Security and Privacy, 1993, pp. 165–180.
J.J. Tardo and K. Alagappan, SPX: Global authentication using public key certificates, Proc. IEEE Conf. on Research in Security and Privacy, 1991, pp. 232–244.
V. Voydock and S. Kent, Security mechanisms in high-level network protocols, ACM Computing Surveys, Vol. 15, No. 2, 1983, pp. 135–171.
R. Yahalom, B. Klein and T. Beth, Trust relationships in secure systems — a distributed autentication perspective, Proc. IEEE Conf. on Research in Security and Privacy, 1993, pp. 150–164.
P. Zimmermann, PGP User's Guide, Dec. 1992, available on the Internet.
ISO/IEC International Standard 9594-8, Information technology — open systems interconnection — the directory, Part 8: Authentication framework, 1990.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maurer, U.M., Schmid, P.E. (1994). A calculus for secure channel establishment in open networks. In: Gollmann, D. (eds) Computer Security — ESORICS 94. ESORICS 1994. Lecture Notes in Computer Science, vol 875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58618-0_63
Download citation
DOI: https://doi.org/10.1007/3-540-58618-0_63
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58618-0
Online ISBN: 978-3-540-49034-0
eBook Packages: Springer Book Archive