Abstract
One of the greatest obstacles to wide-spread deployment of wireless mobile systems is security. Cryptographically strong protocols and algorithms are required to enable secure communication over links that are easy to monitor and control by an attacker. While good cryptographic algorithms exist, it is difficult to design protocols that are immune to malicious attack. Good analysis techniques are lacking. This paper presents extensions to a technique for specifying and analyzing nonmonotonic cryptographic protocols that use asymmetric keys. We introduce new actions and inference rules, as well as slight modifications to the Update function. An important observation is that reasoning about the origin of messages is quite different when dealing with asymmetric key protocols. We also introduce the notion that keys in certificates should be bound to the principals receiving them. We extend the technique to meet the binding requirements and show how the flaw in the Denning and Sacco public key protocol, which was discovered by Abadi and Needham, is revealed. We demonstrate the extended technique using one protocol of our own and the Needham and Schroeder public key protocol. We also introduce and analyze a fix to a known weakness in Needham and Schroeder’s protocol using our extended technique. Finally, we present several applications of these techniques to protocols for mobile computing over wireless networks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
M. Abadi and R. Needham, Prudent engineering practice for cryptographic protocols, in: Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy (1994) pp. 122–136.
M. Burrows, M. Abadi and R. Needham, A logic of authentication, ACM Transactions on Computer Systems 8 (February 1990).
D.E. Denning and G.M. Sacco, Timestamps in key distribution protocols, Communications of the ACM 24(8) (August 1981) 533–536.
W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory 22(6) (1976).
L. Gong, R. Needham and R. Yahalom, Reasoning about belief in cryptographic protocols, in: Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy (May 1990) pp. 234–248.
W. Mao and C. Boyd, Towards formal analysis of security protocols, in: Proceedings of the Computer Security Foundation Workshop VI, (June 1993) pp. 147–158.
R.M. Needham and M.D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM 21(12) (December 1978) 993–999.
D.M. Nessett, A critique of the Burrows, Abadi and Needham logic, Operating System Review 24(2) (April 1990) 35–38.
A.D. Rubin and P. Honeyman, Long running jobs in an authenticated environment, in: Proc. USENIX Security Conference IV (October 1993) pp. 19–28.
A.D. Rubin and P. Honeyman, Nonmonotonic cryptographic protocols, in: Proceedings of the Computer Security Foundation Workshop VII (June 1994) pp. 100–116.
P. Syverson and C. Meadows, A logical language for specifying cryptographic protocol requirements, in: Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy (May 1993) pp. 165–177.
T.Y.C. Woo and S.S. Lam, A semantic model for authentication protocols, in: Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy (May 1993) pp. 178–194.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Rubin, A.D. Extending NCP for protocols using public keys. Mobile Networks and Applications 2, 227–241 (1997). https://doi.org/10.1023/A:1013636817876
Issue Date:
DOI: https://doi.org/10.1023/A:1013636817876