Abstract
With the emergence of numerous distributed services, the importance of electronic authentication in networks is rapidly increasing. Many authentication protocols have been proposed and discussed. Burrows, Abadi and Needham [BAN1] created a logic of authentication to formally analyze authentication protocols. This BAN-logic has been subject to critique and several extensions have been suggested. Nonetheless, due to its straightforward design and its ease-of-use, it attracts the attention of current research. In this paper, an authentication logic is proposed which is built closely after the BAN-logic. It addresses answers to important criticisms of BAN like the non-disclosure problem, and avoids some newly discovered weaknesses of BAN, e.g. with respect to freshness. It also does not require any idealization which is a major hurdle to the correct usage of BAN. This extended BAN-logic is instrumented as a verification tool which also allows for modelling the different protocol participants as finite state machines. Also, actions of intruders, consequences of such intrusions, and the respective counter-measures can be modelled and simulated.
Most of the work for this paper was done for a thesis for the degree of a Master of Science in Computer Science in the University of Toronto.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Michael Burrows, Martin Abadi, and Roger Needham, ”A Logic of Authentication”, Report #39, Feb. 1989, Report of Systems Research Center, DEC Palo Alto, California; also in Operating Systems Review, Dec 3–6, 1989, Vol. 23, # 5, pp 1–13.
Li Gong, Roger Needham, and Raphael Yahalom, ”Reasoning about Belief in Cryptographic Protocols”, Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, May 20–22, 1991, Oakland California, pp. 234–248.
R. M. Needham and M. D. Schroeder, ”Using Encryption for Authentication in Large Networks of Computers”, CACM vol. 21, no 12, Dec 1978, pp. 993–999.
D. E. Denning, G. M. Sacco, ”Timestamps in Key Distribution Protocols”, CACM 24, 1981 pp. 533.
R. K. Bauer, T. A. Berson, and R. J. Feiertag, ”A Key Distribution Protocol using Event Markers”, ACM Transactions on Computer Systems, vol. 1, no 3, Aug. 1983, pp. 249–255.
T. Mark A. Lomas, Li Gong, Jerome H. Saltzer, Roger M. Needham, ”Reducing Risks from Poorly Chosen Keys”, Proceedings of the 12th ACM Symposium on Operating Systems Principles, Dec 1989, pp 14–18.
Richard A. Kemmerer, ”Analyzing Encryption Protocols Using Formal Verification Techniques”, IEEE Journal on Selected Areas in Communications, Vol. 7,4, May 1989, p 448–457.
J. K. Millen, S. C. Clark, and S. B. Freedman, ”The Interrogator: Protocol Security Analysis”, IEEE Transactions on Software Engineering, vol. 13, no 2, Feb. 1987, pp. 274–288.
R. E. Soper, E. S. Lee, P. I. P. Boulton, M. Stumm, B. Thomson, ”Protocol Verification in a Trusted Network Architecture”, Technical Report CSRI-236, October 1989.
Jennifer G. Steiner, Clifford Neuman, Jeffrey I. Schiller, ”Kerberos: An Authentication Service for Open Network Systems”, Proceedings of the USENIX Winter Conference, Feb. 1988.
D. Nesset, ”A Critique of the Burrows, Abadi, and Needham Logic”, Operating Systems Review, vol. 24, no. 2, April 1990, pp. 35–38.
E. S. Lee, P. I. P. Boulton, D. M. Lewis, M. Stumm, and B. Thompson, ”A Trusted Network Architecture”, Technical Report, Computer Systems Research Institute, University of Toronto, Oct. 1988, pp. 97.
National Bureau of Standards, Federal Information Processing Standards, National Bureau of Standards, Publication 46, 1977.
R. L. Rivest, A. Shamir, and L Adleman, ”A Method for Obtaining Digital Signatures and Public-key Cryptosystems”, Communications of the ACM Vol. 21, No. 2 Feb. 1978, pp. 120–126
E. Snekkenes, ”Exploring the BAN Approach to Protocol Analysis” Proceedings of the 1991 IEEE CS Symposium on Research in Security and Privacy, May 20–22, 1991, Oakland California, pp. 171–181.
Steven M. Bellovin, Michael Merritt, ”Limitations of the Kerberos Authentication System”, Proceedings of the USENIX Winter 1991 Conference, Dallas, TX, earlier version in Computer Communications Review, vol. 20, no 5,October 1990, pp. 119–132.
Leslie Lamport, ”Time, clocks and the ordering of events in a distributed system”, CACM, 21(7), July 1978, pp. 558–565.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1992 Springer-Verlag
About this paper
Cite this paper
Hauser, R.C., Lee, E.S. (1992). Verification and modelling of authentication protocols. In: Deswarte, Y., Eizenberg, G., Quisquater, JJ. (eds) Computer Security — ESORICS 92. ESORICS 1992. Lecture Notes in Computer Science, vol 648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013896
Download citation
DOI: https://doi.org/10.1007/BFb0013896
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-56246-7
Online ISBN: 978-3-540-47488-3
eBook Packages: Springer Book Archive