Skip to main content
Springer Nature Link
Log in

A Cryptographically Sound Security Proof of the Needham-Schroeder-Lowe Public-Key Protocol

  • Conference paper
FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science (FSTTCS 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2914))

  • 452 Accesses

Abstract

We prove the Needham-Schroeder-Lowe public-key protocol secure under real, active cryptographic attacks including concurrent protocol runs. This proof is based on an abstract cryptographic library, which is a provably secure abstraction of a real cryptographic library. Together with composition and integrity preservation theorems from the underlying model, this allows us to perform the actual proof effort in a deterministic setting corresponding to a slightly extended Dolev-Yao model.

Our proof is one of the two first independent cryptographically sound security proofs of this protocol.

It is the first protocol proof over an abstract Dolev-Yao-style library that is in the scope of formal proof tools and that automatically yields cryptographic soundness. We hope that it paves the way for the actual use of automatic proof tools for this and many similar cryptographically sound proofs of security protocols.

An extended version of this paper is available as [5].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148(1), 1–70 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  2. Abadi, M., Jürjens, J.: Formal eavesdropping and its computational interpretation. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 82–94. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology 15(2), 103–127 (2002)

    MATH  MathSciNet  Google Scholar 

  4. Backes, M., Jacobi, C.: Cryptographically sound and machine-assisted verification of security protocols. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 675–686. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. Backes, M., Pfitzmann, B.: A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol. IACR Cryptology ePrint Archive 2003/121 (June 2003), http://eprint.iacr.org/

  6. Backes, M., Pfitzmann, B., Waidner, M.: A universally composable cryptographic library. IACR Cryptology ePrint Archive 2003/015 (January 2003), http://eprint.iacr.org/

  7. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)

    Google Scholar 

  8. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In Advances in Cryptology. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Google Scholar 

  9. Burrows, M., Abadi, M., Needham, R.: A logic for authentication. Technical Report 39, SRC DIGITAL (1990)

    Google Scholar 

  10. Canetti, R.: Universally composable security:A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145 (2001)

    Google Scholar 

  11. Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  12. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game – or – a completeness theorem for protocols with honest majority. In: Proc. 19th Annual ACM Symposium on Theory of Computing (STOC), pp. 218–229 (1987)

    Google Scholar 

  13. Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  14. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18(1), 186–207 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  15. Kemmerer, R.: Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications 7(4), 448–457 (1989)

    Article  Google Scholar 

  16. Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56(3), 131–135 (1995)

    Article  MATH  Google Scholar 

  17. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Google Scholar 

  18. Meadows, C.: Using narrowing in the analysis of key management protocols. In: Proc. 10th IEEE Symposium on Security & Privacy, pp. 138–147 (1989)

    Google Scholar 

  19. Meadows, C.: Analyzing the Needham-Schroeder public key protocol: A comparison of two approaches. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 351–364. Springer, Heidelberg (1996)

    Google Scholar 

  20. Millen, J.K.: The interrogator: A tool for cryptographic protocol security. In: Proc. 5th IEEE Symposium on Security & Privacy, pp. 134–141 (1984)

    Google Scholar 

  21. Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM 12(21), 993–999 (1978)

    Article  Google Scholar 

  22. Paulson, L.: The inductive approach to verifying cryptographic protocols. Journal of Cryptology 6(1), 85–128 (1998)

    Google Scholar 

  23. Pfitzmann, B., Schunter, M., Waidner, M.: Provably secure certified mail. Research Report RZ 3207, IBM Research (2000), http://www.zurich.ibm.com/security/publications/

  24. Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proc. 22nd IEEE Symposium on Security & Privacy, pp. 184–200 (2001)

    Google Scholar 

  25. Schneider, S.: Verifying authentication protocols with CSP. In: Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pp. 3–17 (1997)

    Google Scholar 

  26. Syverson, P.: A new look at an old protocol. Operation Systems Review 30(3), 1–4 (1996)

    Article  Google Scholar 

  27. Thayer Fabrega, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Why is a security protocol correct? In: Proc. 19th IEEE Symposium on Security & Privacy, pp. 160–171 (1998)

    Google Scholar 

  28. Warinschi, B.: Acomputational analysis of the Needham-Schroeder-(Lowe) protocol. In: Proc. 16th IEEE Computer Security Foundations Workshop (CSFW), pp. 248–262 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM Zurich Research Lab,  

    Michael Backes & Birgit Pfitzmann

Authors
  1. Michael Backes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Birgit Pfitzmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Tata Institute of Fundamental Research, India

    Paritosh K. Pandya

  2. Tata Institute of Fundamental Research, School of Technology and Computer Science, Mumbai, India

    Jaikumar Radhakrishnan

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Backes, M., Pfitzmann, B. (2003). A Cryptographically Sound Security Proof of the Needham-Schroeder-Lowe Public-Key Protocol. In: Pandya, P.K., Radhakrishnan, J. (eds) FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science. FSTTCS 2003. Lecture Notes in Computer Science, vol 2914. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24597-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24597-1_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20680-4

  • Online ISBN: 978-3-540-24597-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics