Theoretical Computer Science
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Using encryption for authentication in large networks of computers
Communications of the ACM
The Logic of Authentication Protocols
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
A Meta-Notation for Protocol Analysis
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
A Formal Analysis of Some Properties of Kerberos 5 Using MSR
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Compositional Logic for Protocol Correctness
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Hi-index | 0.00 |
A process following a security protocol is represented by a formal proof (of a fragment of linear logic based on the multiset rewriting model), modifying the idea by Cervesato-Durgin-Lincoln-Mitchell-Scedrov [4], while the (modified) BAN logic (which was first introduced by Burrows-Abadi-Needham [2]) is used as an evaluation semantics on security-properties for processes. By this method, we can get rid of the so called "idealization" step in the verification procedure of the BAN framework. In particular, we classify BAN-style belief-inferences into two categories; the inferences which only require some syntactic structure of a process observed by a participant on one hand, and the inferences which require a participant's knowledge on the structure of a protocol and a certain honesty assumption.We call the latter the honesty inferences.We shall show how such honesty inferences are used in the evaluation semantics for the security verification. We also point out that the evaluation inferences on freshness of nonces/keys/messages are classified as in the first category but that some of such inferences lack the information how to evaluate due to the lack of a certain concrete time-constraint setting. We introduce a natural time-constraint setting in our process/protocol descriptions and enrich the expressive power of the freshness evaluation.