skip to main content
10.1145/1029133.1029139acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Stepwise development of security protocols: a speech act-oriented approach

Published: 29 October 2004 Publication History

Abstract

We propose a novel multi-layers paradigm for the design of key exchange protocols. In the top layer, protocols are specified in a high-level, declarative, formal language using speech acts as the basic building blocks. The declarative semantics of speech acts are specified by their preconditions and effects like in Hoare logics. A protocol logic, called ProtoLog, is developed for reasoning about speech act oriented protocols. Using the language of speech acts, protocol designers could develop their protocols in an modular and compositional way that are correct from the outset.
High-level speech act-oriented protocols are automatically translated into lower-level message exchanging protocols by a "protocol compiler" that implements speech acts by sending and receiving appropriate encrypted messages.
To demonstrate the applicability of our idea, we apply it on the class of well-designed key exchange protocols where a protocol is well-designed if a speech act is executed only if its preconditions are satisfied. We develop a "protocol compiler" for the class of well-designed protocols and prove the soundness and a limited form of completeness of the protocol logic ProtoLog wrt the translation, implemented by the compiler, under the Dolev-Yao assumption of perfect cryptography. An immediate corollary from the soundness result is the guarantee of the secrecy of exchanged keys (an essential security requirement of key exchange protocols) in well-designed protocols.

References

[1]
M. Abadi Secrecy by typing in security protocols, JACM, 46, 5, 1999, 749--786]]
[2]
M. Abadi, R. Needham. Prudent engineering practices for cryptographic protocols, IEEE Transactions on SE, 22(1): 6--15, 1996]]
[3]
G. Bella, F. Massacci, L.C. Paulson Verifying the SET registration protocol, IEEE, Journal on selected areas in communication 21, 1, 2003]]
[4]
G. Bella, F. Massacci, L.C. Paulson An overview of the verification of SET, International J. of Information security, in Press]]
[5]
C. Boyd, W. Mao. Designing secure key exchange protocol, Esorics'94, pp 93--105]]
[6]
M. Burrows, M. Abadi, R. Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1): 18--36, 1990]]
[7]
L. Buttyan, S. Staamann, U. Wilhelm A simple logic for authentication protocol design, Proceedings of the 11th IEEE Computer Security Foundation Workshop, 153--162, 1998]]
[8]
J. Clark, J. Jakob. A survey of authentication protocol literature, version 1, Department of Computer Science, University of York, Nov 1997]]
[9]
A. Datta, A. Derek, J. Mitchell, D. Pavlovic A derivation system for security protocols and its logical formalization, IEEE Computer Security Foundation Workshop, 2003]]
[10]
T. Dierks, C. Allen The TLS protocol version 1.0, RFC 2246, January 1999]]
[11]
F. J.T. Fabrega, J.C. Herzog, J.D. Guttman. Strand spaces: Why is a security protocol correct ? Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp 160--171, 1998, IEEE Computer Scociety Press]]
[12]
R. Fagin, J.Y. Halpern, Y. Moses, M.Y. Vardi. Reasoning about knowledge. MIT Press, 1995]]
[13]
J.D. Guttman. Security protocol design via authentication test, Proceedings of the 15th IEEE Computer Security Foundation Workshop, 2002]]
[14]
J.D. Guttman, F. J.T. Fabrega Authentication tests and the structure of bundles, Theoretical computer science, 2001]]
[15]
L. Gong, P. Syverson. Fail-stop protocols: An approavch to designing secure protocols, Proceedings of teh 5th International Conference on Dependable Computing for Critical Applications, 1995, pp 44--55]]
[16]
J. Heather, G. Lowe, S. Schneider How to prevent type flaw attacks on security protocols, 13th CSFW, 2000]]
[17]
G.E. Hughes, M.J. Cresswell. An introduction to modal logic, Methuen, London and NewYork, 1985]]
[18]
Y. Labrou, T. Finin, Y. Peng. Agent communication languages: The current landscape, IEEE Intelligent Agents, March/April 1999, 45--52]]
[19]
G. Lowe An attack on the Needham-Schroeder public key authentication protocol, Information Processing Letters 56, 1995]]
[20]
L. Loeb Secure Electronic Transactions: Introduction and technical Reference, Artech House Pub., 1998]]
[21]
C. Meadows. Formal verification of cryptographic protocols: A Survey, pp 135--150, Asiacrypt 1994,]]
[22]
J. Mitchell, V. Schmatikov, U. Stern Finite State Analysis of SSL 3.0, 7th Usenix Security Symposium, 1998]]
[23]
L.C. Paulson Inductive analysis of the internet protocol TLS, ACM Transaction on Computer and System Security, 1999]]
[24]
A. Perrig, D. Song Looking for a diamond in the desert: Extending automatic protocol generation to three-party auhtentication and keyagreement protocols, Proceedings of the 13th IEEE Computer Security Foundation Workshop, 2000]]
[25]
P. Syverson. Towards a strand semantics for authentication logic, Electronic Notes in Theoretical Computer Science, 20,2000]]
[26]
P. Syverson, C. Meadows A formal language for cryptographic protocol requirements. Design, Codes and Cryptography, 7(1 and 2): 27--59, 1996]]
[27]
P. Syverson, P.C. van Oorshot. On unifying some cryptographic protocols, Proceedings of the 1994 IEEE Symposium on Security and Privacy, 14--28]]
[28]
D.X. Song. Athena: a new efficient automated checker for security protocol analysis, Proceedings of the 12th IEEE Computer Security Foundation Workshop, 1999]]
[29]
D. Wagner, B. Schneier Analysisof the SSL 3.0 protocol, In 2nd Usenix workshop on electronic commerce, 1996]]

Cited By

View all
  • (2018)Fully automatic generation of web user interfaces for multiple devices from a high-level model based on communicative actsInternational Journal of Web Engineering and Technology10.1504/IJWET.2009.0286185:2(135-161)Online publication date: 20-Dec-2018
  • (2007)Fully-automatic generation of user interfaces for multiple devices from a high-level model based on communicative actsProceedings of the 40th Annual Hawaii International Conference on System Sciences10.1109/HICSS.2007.236Online publication date: 3-Jan-2007

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
FMSE '04: Proceedings of the 2004 ACM workshop on Formal methods in security engineering
October 2004
102 pages
ISBN:1581139713
DOI:10.1145/1029133
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 October 2004

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cryptographic protocols
  2. security protocols

Qualifiers

  • Article

Conference

CCS04
Sponsor:

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)1
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2018)Fully automatic generation of web user interfaces for multiple devices from a high-level model based on communicative actsInternational Journal of Web Engineering and Technology10.1504/IJWET.2009.0286185:2(135-161)Online publication date: 20-Dec-2018
  • (2007)Fully-automatic generation of user interfaces for multiple devices from a high-level model based on communicative actsProceedings of the 40th Annual Hawaii International Conference on System Sciences10.1109/HICSS.2007.236Online publication date: 3-Jan-2007

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media