Abstract
Authentication protocols are the basis for secure communication in many distributed systems but are highly prone to errors in their design, preventing them from working properly. It is therefore necessary to analyze an authentication protocol to determine whether the designed protocol meets the requirements. Much attention has been paid to mathematical logic to analyze cryptographic protocols, particularly the logic proposed by Burrows, Abadi, and Needham (BAN logic). This logic has been successful in identifying weaknesses in various examples of authentication protocols. In this paper, we give a concept of “belief” for BAN logic based on the idea of possibility computation and further propose a quantitative BAN logic. It is also applied to the formal analysis and computation of a Radio Frequency Identification (RFID) authentication protocol to show how it works. The quantitative results on belief show that the proposed quantitative approach of BAN logic based on belief can more objectively reflect the security property of the authentication protocol.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Since \(M_2=h(T_A)\oplus T_A \oplus T_B\), for the sake of convenience for representation, we use \(M_2\) to replace \(h(T_A)\oplus T_A \oplus T_B\) if needed as follows.
References
Li, C.-T., Weng, C.-Y., Lee, C.-C.: A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. J. Med. Syst. 39(8), 1–8 (2015). https://doi.org/10.1007/s10916-015-0260-0
Chien, H.Y.: SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4), 337–340 (2007)
Yang, L., Han, J., Qi, Y., Liu, Y.: Identification-free batch authentication for RFID tags. In: The 18th IEEE International Conference on Network Protocols, pp. 154–163. IEEE (2010)
Tewari, A., Gupta, B.B.: Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J. Supercomput. 73(3), 1085–1102 (2016). https://doi.org/10.1007/s11227-016-1849-x
Fan, K., Luo, Q., Li, H., Yang, Y.: Cloud-based lightweight RFID mutual authentication protocol. In: 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC), pp. 333–338. IEEE (2017)
Fan, K., Luo, Q., Zhang, K., Yang, Y.: Cloud-based lightweight secure RFID mutual authentication protocol in IoT. Inf. Sci. 527, 329–340 (2020)
Kang, J., Fan, K., Zhang, K., Cheng, X., Li, H., Yang, Y.: An ultra light weight and secure RFID batch authentication scheme for IoMT. Comput. Commun. 167, 48–54 (2021)
Das, A.K., Goswami, A.: A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3), 1–16 (2013). https://doi.org/10.1007/s10916-013-9948-1
Lee, C.C., Chen, C.T., Li, C.T., Wu, P.H.: A practical RFID authentication mechanism for digital television. Telecommun. Syst. 57(3), 239–246 (2014). https://doi.org/10.1007/s11235-013-9844-5
Li, C., Lee, C., Weng, C., Fan, C.: A RFID-based macro-payment scheme with security and authentication for retailing services. ICIC Express Lett. 6(12), 3163–3170 (2012)
Liu, Y., Ezerman, M., Wang, H.: Double verification protocol via secret sharing for low-cost RFID tags. Futur. Gener. Comput. Syst. 90, 118–128 (2019)
Agrahari, A.K., Varma, S.: A provably secure RFID authentication protocol based on ECQV for the medical internet of things. Peer-to-Peer Netw. Appl. 14(3), 1277–1289 (2021). https://doi.org/10.1007/s12083-020-01069-z
Clarke, E.M., Henzinger, T.A., Veith, H., Bloem, R. (Eds.): Handbook of Model Checking, vol. 10. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8
Clarke, E.M.: Model checking. In: Ramesh, S., Sivakumar, G. (eds.) FSTTCS 1997. LNCS, vol. 1346, pp. 54–56. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0058022
Baier, C., Katoen, J.P.: Principles of Model Checking. MIT Press, Cambridge (2008)
Sihan, Q.: Formal analysis of authentication protocols. J. Softw. 7, 107–114 (1996)
Woo-Sik, B.: Formal verification of an RFID authentication protocol based on hash function and secret code. Wireless Pers. Commun. 79(4), 2595–2609 (2014). https://doi.org/10.1007/s11277-014-1745-8
Sohrabi-Bonab, Z., Alagheband, M.R., Aref, M.R.: Formal cryptanalysis of a CRC-based RFID authentication protocol. In: 2014 22nd Iranian Conference on Electrical Engineering (ICEE), pp. 1642–1647 (2014)
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_5
Abadi, M., Tuttle, M.R.: A logic of authentication. In: ACM Transactions on Computer Systems, vol. 8, pp. 18–36. Citeseer (1990)
Chen, Y., Wu, H.: Domain semantics of possibility computations. Inf. Sci. 178(12), 2661–2679 (2008)
De Cooman, G., Ruan, D., Kerre, E.: Foundations and applications of possibility theory. Advances in Fuzzy Systems Applications and Theory, vol. 8 (World Scientific 1995) (1995)
Liang, W., Xie, S., Long, J., Li, K.C., Zhang, D., Li, K.: A double PUF-based RFID identity authentication protocol in service-centric internet of things environments. Inf. Sci. 503, 129–147 (2019)
Li, T., Liu, Y.: A double PUF-based RFID authentication protocol. J. Comput. Res. Dev. 58(8), 1801 (2021)
Ha, J.H., Moon, S.J., Zhou, J., Ha, J.C.: A new formal proof model for RFID location privacy. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 267–281. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_18
Basin, D., Cremers, C., Meadows, C.: Model checking security protocols. In: Handbook of Model Checking, pp. 727–762. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_22
Boyd, C., Mao, W.: On a limitation of BAN logic. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 240–247. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_20
Mao, W., Boyd, C.: Towards formal analysis of security protocols. In: Proceedings Computer Security Foundations Workshop VI, pp. 147–158. IEEE (1993)
Blum, A.: A logic of belief. Notre Dame J. Form. Log. 17(3), 344–348 (1976)
Gong, L., Needham, R.M., Yahalom, R.: Reasoning about belief in cryptographic protocols. In: IEEE Symposium on Security and Privacy, vol. 1990, pp. 234–248. Citeseer (1990)
Knuth, D.E.: Backus normal form vs. backus naur form. Commun. ACM 7(12), 735–736 (1964)
Hawthorne, J., Makinson, D.: The quantitative/qualitative watershed for rules of uncertain inference. Stud. Logica. 86(2), 247–297 (2007). https://doi.org/10.1007/s11225-007-9061-x
Acknowledgement
This work is supported by the East China Normal University - Huawei Trustworthiness Innovation Center and the Shanghai Trusted Industry Internet Software Collaborative Innovation Center.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Li, K., Wu, H., Xu, J., Chen, Y. (2022). Quantitative BAN Logic Based on Belief Degree. In: Chen, Y., Zhang, S. (eds) Artificial Intelligence Logic and Applications. AILA 2022. Communications in Computer and Information Science, vol 1657. Springer, Singapore. https://doi.org/10.1007/978-981-19-7510-3_2
Download citation
DOI: https://doi.org/10.1007/978-981-19-7510-3_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-7509-7
Online ISBN: 978-981-19-7510-3
eBook Packages: Computer ScienceComputer Science (R0)