Specifying Authentication Protocols Using Rewriting and Strategies

Authors:
Horatiu Cirstea
Affiliations:
-
Venue:
PADL '01 Proceedings of the Third International Symposium on Practical Aspects of Declarative Languages
Year:
2001

Citing 8
Cited 2

Model-checking CSP

A classical mind
An attack on the Needham-Schroeder public-key authentication protocol

Information Processing Letters
Casper: a compiler for the analysis of security protocols

Journal of Computer Security
Using encryption for authentication in large networks of computers

Communications of the ACM
Protocol Verification as a Hardware Design Aid

ICCD '92 Proceedings of the 1991 IEEE International Conference on Computer Design on VLSI in Computer & Processors
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Analyzing the Needham-Schroeder Public-Key Protocol: A Comparison of Two Approaches

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Automated analysis of cryptographic protocols using Mur/spl phi/

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy

An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Promoting rewriting to a programming language: a compiler for non-deterministic rewrite programs in associative-commutative theories

Journal of Functional Programming

Quantified Score

Hi-index	0.00

Visualization

Abstract

Programming with rewrite rules and strategies has been already used for describing several computational logics. This paper describes the way the Needham-Schroeder Public-Key protocol is specified in ELAN, the system developed in Nancy to model and compute in the rewriting calculus. The protocol aims to establish a mutual authentication between an initiator and a responder that communicate via an insecure network. The protocol has been shown to be vulnerable and a correction has been proposed. The behavior of the agents and of the intruders as well as the security invariants the protocol should verify are naturally described by conditional rewrite rules whose application is controlled by strategies. Similar attacks to those already described in the literature have been discovered. We show how different strategies using the same set of rewrite rules can improve the efficiency in finding the attacks and we compare our results to existing approaches.