Skip to main content
SpringerLink
Log in
Book cover

Formal Aspects of Security

FASec 2002: Formal Aspects of Security pp 71–80Cite as

Analysing Security Protocols

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2629))

Abstract

We assess how formal methods can contribute to the design and analysis of security protocols. We explain some of the pitfalls when applying formal methods in too naïve a fashion and stress the importance of identifying implicit assumptions about the environment a protocol would be deployed in that may be hidden in verification methodologies or in off-the-shelf security properties.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Needham, R.: Prudent engineering pratice for cryptographic protocols. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, pp. 122–136 (1994)

    Google Scholar 

  2. Bella, G., Masacci, F., Paulson, L.C.: Verifying the SET registration protocols. IEEE Journal on Selected Areas in Communications 21(1), 77–87 (2003)

    Article  Google Scholar 

  3. Bella, G., Masacci, F., Paulson, L.C., Tramontano, P.: Formal verification of cardholder registration in SET. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 159–174. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Google Scholar 

  5. Bird, R., Gopal, I., Herzberg, A., Janson, P.A., Kutten, S., Molva, R., Yung, M.: Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)

    Article  Google Scholar 

  6. Bird, R., Gopal, I., Herzberg, A., Janson, P., Kutten, S., Molva, R., Yung, M.: Systematic design of two-party authentication protocols. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 44–61. Springer, Heidelberg (1992)

    Google Scholar 

  7. Bond, M., Anderson, R.: API-level attacks on embedded systems. IEEE Computer 34(10), 67–75 (2001)

    Google Scholar 

  8. Burrows, M., Abadi, M., Needham, R.: Authentication: A practical study in belief and action. In: Vardi, M.Y. (ed.) Theoretical Aspects of Reasoning About Knowledge, pp. 325–342 (1988)

    Google Scholar 

  9. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. DEC Systems Research Center, Report 39, revised February 22 (1990)

    Google Scholar 

  10. Courtois, J., Pieprzyk, N.T.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory, RFC 2693 (September 1999)

    Google Scholar 

  12. International Organisation for Standardization. Basic Reference Model for Open Systems Interconnection (OSI) Part 2: Security Architecture. Genève, Switzerland (1989)

    Google Scholar 

  13. Gollmann, D.: Authentication by correspondence. IEEE Journal on Selected Areas in Communications 21(1), 88–95 (2003)

    Article  Google Scholar 

  14. Gürgens, S., Rudolph, C.: Security analysis of (un-) fair nonrepudiation protocols. In: Abdallah, A.E., Ryan, P.Y.A., Schneider, S. (eds.) FASec 2002. LNCS, vol. 2629, pp. 97–114. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Harkins, D., Kaufman, C., Kivinen, T., Kent, S., Perlman, R.: Design Rationale for IKEv2 (February 2002); Internet Draft, draft-ietf-ipsec-ikev2- rationale-00.txt

    Google Scholar 

  16. International Organization for Standardization. Information technology – Security techniques – Entity authentication mechanisms; Part 3: Entity authentication mechanisms using a public key algorithm. Genève, Switzerland, ISO/IEC 9798-3 (August 1993)

    Google Scholar 

  17. Johnson, D., Perkins, C., Arkko, J.: Mobility Support in IPv6 (January 2003); Internet Draft, draft-ietf-mobileip-ipv6-20.txt

    Google Scholar 

  18. Kaufman, C.: Internet Key Exchange (IKEv2) Protocol (January 2003); Internet Draft, draft-ietf-ipsec-ikev2-04.txt

    Google Scholar 

  19. Kemmerer, R.A.: Aanalyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications 7(4), 448–457 (1989)

    Article  Google Scholar 

  20. Knudsen, L.R., Rijmen, V.: On the decorrelated fast cipher (DFC) and its theory. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 81–94. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  21. LaMacchia, B., Lange, S., Lyons, M., Martin, R., Price, K.:NET Framework Security. Addison Wesley Professional, Reading (2002)

    Google Scholar 

  22. Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Computers & Security 11(1), 75–89 (1992)

    Article  Google Scholar 

  23. Mäki, S., Aura, T.: Towards a survivable security architecture for ad-hoc networks. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2001. LNCS, vol. 2467, pp. 63–73. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  24. Mäki, S., Aura, T., Hietalahti, M.: Robust membership management for ad-hoc groups. In: Proceedings of the 5th Nordic Workshop on Secure IT Systems, NORDSEC 2000 (2000)

    Google Scholar 

  25. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)

    MATH  Google Scholar 

  26. Needham, R.: Keynote address: The changing environment (transcript of discussion). In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 1–5. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  27. Paulson, L.C.: Inductive analysis of the internet protocol TLS. ACM Transactions on Information and System Security 2(3), 332–351 (1999)

    Article  Google Scholar 

  28. Schaefer, M.: Symbol security condition considered harmful. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 20–46 (1989)

    Google Scholar 

  29. Vaudenay, S.: Provable security for block ciphers by decorrelation. In: Meinel, C., Morvan, M. (eds.) STACS 1998. LNCS, vol. 1373, pp. 249–275. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  30. Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols. In: Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy, pp. 178–194 (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research, 7 J J Thomson Avenue, Cambridge, CB3 0FB, United Kingdom

    Dieter Gollmann

Authors
  1. Dieter Gollmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of BCIM, Institute for Computing Research, London South Bank University, 103 Borough Road, SE1 0AA, London, UK

    Ali E. Abdallah

  2. University of Newcastle, UK

    Peter Ryan

  3. Department of Computing, University of Surrey,  

    Steve Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gollmann, D. (2003). Analysing Security Protocols. In: Abdallah, A.E., Ryan, P., Schneider, S. (eds) Formal Aspects of Security. FASec 2002. Lecture Notes in Computer Science, vol 2629. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40981-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-40981-6_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20693-4

  • Online ISBN: 978-3-540-40981-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation