1993-10-29 - Formal Methods for the Analysis of Authentication Protocols

Header Data

From: peter honeyman <honey@citi.umich.edu>
To: cypherpunks@toad.com
Message Hash: 996450ddfc05ba80bbe36f70f695c5de36b2ade499848e6691ea50bd0fa61b17
Message ID: <9310291501.AA23581@toad.com>
Reply To: N/A
UTC Datetime: 1993-10-29 15:02:46 UTC
Raw Date: Fri, 29 Oct 93 08:02:46 PDT

Raw message

From: peter honeyman <honey@citi.umich.edu>
Date: Fri, 29 Oct 93 08:02:46 PDT
To: cypherpunks@toad.com
Subject: Formal Methods for the Analysis of Authentication Protocols
Message-ID: <9310291501.AA23581@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


avi rubin and i recently completed a survey paper that may be of interest
to cpunx.  it is available via anonymous ftp from citi.umich.edu:

/afs/umich.edu/group/itd/citi/public/techreports/PS.Z/citi-tr-93-7.ps.Z

i have attached the abstract to this message.

	peter

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Formal Methods for the Analysis of Authentication Protocols

A D. Rubin
P. Honeyman

Center for Information Technology Integration
University of Michigan
Ann Arbor


In this paper, we examine current approaches and the state of the art
in the application of formal methods to the analysis of cryptographic
protocols.  We use Meadows' classification of analysis techniques into
four types.

The Type I approach models and verifies a protocol using specification
languages and verification tools not specifically developed for the
analysis of cryptographic protocols.  In the Type II approach, a
protocol designer develops expert systems to create and examine
different scenarios, from which she may draw conclusions about the
security of the protocols being studied.  The Type III approach models
the requirements of a protocol family using logics developed
specifically for the analysis of knowledge and belief.  Finally, the
Type IV approach develops a formal model based on the algebraic
term-rewriting properties of cryptographic systems.

The majority of research and the most interesting results are in the
Type III approach, including reasoning systems such as the BAN logic;
we present these systems and compare their relative merits.  While each
approach has its benefits, no current method is able to provide a
rigorous proof that a protocol is secure.






Thread