Skip to main content
Springer Nature Link
Log in

Analysing Security Protocols

  • Conference paper
Formal Aspects of Security (FASec 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2629))

Included in the following conference series:

  • 280 Accesses

Abstract

We assess how formal methods can contribute to the design and analysis of security protocols. We explain some of the pitfalls when applying formal methods in too naïve a fashion and stress the importance of identifying implicit assumptions about the environment a protocol would be deployed in that may be hidden in verification methodologies or in off-the-shelf security properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Needham, R.: Prudent engineering pratice for cryptographic protocols. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, pp. 122–136 (1994)

    Google Scholar 

  2. Bella, G., Masacci, F., Paulson, L.C.: Verifying the SET registration protocols. IEEE Journal on Selected Areas in Communications 21(1), 77–87 (2003)

    Article  Google Scholar 

  3. Bella, G., Masacci, F., Paulson, L.C., Tramontano, P.: Formal verification of cardholder registration in SET. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 159–174. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Google Scholar 

  5. Bird, R., Gopal, I., Herzberg, A., Janson, P.A., Kutten, S., Molva, R., Yung, M.: Systematic design of a family of attack-resistant authentication protocols. IEEE Journal on Selected Areas in Communications 11(5), 679–693 (1993)

    Article  Google Scholar 

  6. Bird, R., Gopal, I., Herzberg, A., Janson, P., Kutten, S., Molva, R., Yung, M.: Systematic design of two-party authentication protocols. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 44–61. Springer, Heidelberg (1992)

    Google Scholar 

  7. Bond, M., Anderson, R.: API-level attacks on embedded systems. IEEE Computer 34(10), 67–75 (2001)

    Google Scholar 

  8. Burrows, M., Abadi, M., Needham, R.: Authentication: A practical study in belief and action. In: Vardi, M.Y. (ed.) Theoretical Aspects of Reasoning About Knowledge, pp. 325–342 (1988)

    Google Scholar 

  9. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. DEC Systems Research Center, Report 39, revised February 22 (1990)

    Google Scholar 

  10. Courtois, J., Pieprzyk, N.T.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory, RFC 2693 (September 1999)

    Google Scholar 

  12. International Organisation for Standardization. Basic Reference Model for Open Systems Interconnection (OSI) Part 2: Security Architecture. Genève, Switzerland (1989)

    Google Scholar 

  13. Gollmann, D.: Authentication by correspondence. IEEE Journal on Selected Areas in Communications 21(1), 88–95 (2003)

    Article  Google Scholar 

  14. Gürgens, S., Rudolph, C.: Security analysis of (un-) fair nonrepudiation protocols. In: Abdallah, A.E., Ryan, P.Y.A., Schneider, S. (eds.) FASec 2002. LNCS, vol. 2629, pp. 97–114. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Harkins, D., Kaufman, C., Kivinen, T., Kent, S., Perlman, R.: Design Rationale for IKEv2 (February 2002); Internet Draft, draft-ietf-ipsec-ikev2- rationale-00.txt

    Google Scholar 

  16. International Organization for Standardization. Information technology – Security techniques – Entity authentication mechanisms; Part 3: Entity authentication mechanisms using a public key algorithm. Genève, Switzerland, ISO/IEC 9798-3 (August 1993)

    Google Scholar 

  17. Johnson, D., Perkins, C., Arkko, J.: Mobility Support in IPv6 (January 2003); Internet Draft, draft-ietf-mobileip-ipv6-20.txt

    Google Scholar 

  18. Kaufman, C.: Internet Key Exchange (IKEv2) Protocol (January 2003); Internet Draft, draft-ietf-ipsec-ikev2-04.txt

    Google Scholar 

  19. Kemmerer, R.A.: Aanalyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications 7(4), 448–457 (1989)

    Article  Google Scholar 

  20. Knudsen, L.R., Rijmen, V.: On the decorrelated fast cipher (DFC) and its theory. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 81–94. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  21. LaMacchia, B., Lange, S., Lyons, M., Martin, R., Price, K.:NET Framework Security. Addison Wesley Professional, Reading (2002)

    Google Scholar 

  22. Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Computers & Security 11(1), 75–89 (1992)

    Article  Google Scholar 

  23. Mäki, S., Aura, T.: Towards a survivable security architecture for ad-hoc networks. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2001. LNCS, vol. 2467, pp. 63–73. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  24. Mäki, S., Aura, T., Hietalahti, M.: Robust membership management for ad-hoc groups. In: Proceedings of the 5th Nordic Workshop on Secure IT Systems, NORDSEC 2000 (2000)

    Google Scholar 

  25. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)

    MATH  Google Scholar 

  26. Needham, R.: Keynote address: The changing environment (transcript of discussion). In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 1–5. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  27. Paulson, L.C.: Inductive analysis of the internet protocol TLS. ACM Transactions on Information and System Security 2(3), 332–351 (1999)

    Article  Google Scholar 

  28. Schaefer, M.: Symbol security condition considered harmful. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 20–46 (1989)

    Google Scholar 

  29. Vaudenay, S.: Provable security for block ciphers by decorrelation. In: Meinel, C., Morvan, M. (eds.) STACS 1998. LNCS, vol. 1373, pp. 249–275. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  30. Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols. In: Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy, pp. 178–194 (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research, 7 J J Thomson Avenue, Cambridge, CB3 0FB, United Kingdom

    Dieter Gollmann

Authors
  1. Dieter Gollmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of BCIM, Institute for Computing Research, London South Bank University, 103 Borough Road, SE1 0AA, London, UK

    Ali E. Abdallah

  2. University of Newcastle, UK

    Peter Ryan

  3. Department of Computing, University of Surrey,  

    Steve Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gollmann, D. (2003). Analysing Security Protocols. In: Abdallah, A.E., Ryan, P., Schneider, S. (eds) Formal Aspects of Security. FASec 2002. Lecture Notes in Computer Science, vol 2629. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40981-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-40981-6_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20693-4

  • Online ISBN: 978-3-540-40981-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics