Knowledge and Information Systems

, Volume 7, Issue 1, pp 84–109 | Cite as

ENDL: A Logical Framework for Verifying Secure Transaction Protocols

Article

Abstract

This paper proposes a new logic for verifying secure transaction protocols. We have named this logic the ENDL (extension of non-monotonic dynamic logic). In this logic, timestamps and signed certificates are used for protecting against replays of old keys or the substitution of bogus keys. The logic is useful for verifying the authentication properties of secure protocols, and especially for protecting data integrity. To evaluate the logic, three practical instances of secure protocols are illustrated. This evaluation demonstrates that the ENDL is effective and promising.

Keywords

Security Secure transaction protocol Confidentiality Electronic commerce Integrity Verification 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi M, Tuttle M (1991) A semantics for a logic of authentication. In: Proceedings of the 10th ACM Symposium on Principles of Distributed Computing. ACM Press, pp 201–216Google Scholar
  2. Bai S, Chen QF (2002) The verification logic for secure electronic protocols. J Software (China) 11(2):213–221Google Scholar
  3. Bella G, Massacci F, Paulson L, Tramontano P (2000) Formal Verification of cardholder registration in SET. In: Proceedings of the 6th European Symposium on Research in Computer Security (ESORICS’00), Lecture Notes in Computer Science. Springer-Verlag, Berlin, pp 159–174Google Scholar
  4. Birrell A (1985) Secure communications using remote procedure calls. ACM Trans Comput Syst 3(1):1–14CrossRefGoogle Scholar
  5. Brackin S (1996) A HOL extension of GNY for automatically analyzing cryptographic protocols. In: Proceeding of the Ninth IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, pp 62–76Google Scholar
  6. Brackin S (1997) Automatic formal analyses of two large commercial protocols. In: Proceedings of the DIMACS Workshop on Design and Formal Verification of Security Protocols (paper available at http://dimacs.rutgers.edu/Workshops/Security/ program2/brackin.html)Google Scholar
  7. Burrows M, Abadi M, Needham R (1990) A logic for authentication. ACM Trans Comput Syst 8(1):18–36CrossRefGoogle Scholar
  8. Denning D, Sacco G (1981) Timestamp in key distribution protocols. Commun ACM 24(8):533–536CrossRefGoogle Scholar
  9. Dierks T, Allen C (1999) http://www.ietf.org/rfc/rfc2246.txtGoogle Scholar
  10. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRefGoogle Scholar
  11. Foner LN (1996) A security architecture for multi-agent matchmaking. In: Proceedings of the Second International Conference on Multi-Agent Systems (ICMAS96). AAAI Press, Menlo Park, CA, pp 80–86Google Scholar
  12. Forrester (1998) http://www.forrester.com/ER/researchGoogle Scholar
  13. Gong L (1991) Handling infeasible specifications of cryptographic protocols. In: Proceedings of Computer Security Foundations Workshop IV, Franconia, NH, pp 99–102Google Scholar
  14. Gong L, Needham R, Yahalom R (1990) Reasoning about belief in cryptographic protocols. In: Proceeding of the Symposium on Security and Privacy, Oakland, CA, pp 234–248Google Scholar
  15. Gong L, Syverson P (1995) Fail-stop protocols: an approach to designing secure protocols. In: 5th International Working Conference on Dependable Computing for Critical Applications, pp 44–55Google Scholar
  16. Gong L (1992) A security risk of depending on synchronized clocks. ACM Oper Syst Rev 26(1):49–53CrossRefGoogle Scholar
  17. Gritzalis S (1999) Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification. Comput Commun 22(8):695–707CrossRefGoogle Scholar
  18. Huberman B, Franklin M, Hogg T (1999) Enhancing privacy and trust in electronic communities. Proc ACM e-Commerce 99:78–86Google Scholar
  19. ITU-T ITU-T X.509 (1998) The Directory – An Authentication Framework. ITU-TGoogle Scholar
  20. Kailar R (1995) Reasoning about accountability in protocols for electronic commerce. In: Proceedings of the 1995 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, pp 236–250Google Scholar
  21. Kessler V, Wedel G (1994) AUTLOG – an advanced logic of authentication. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop, Los Alamitors. IEEE Computer Society Press, Los Alamitos, CA, pp 90–99Google Scholar
  22. Kohl J, Neuman C (1990) The Kerberos Network Authentication Service. Version 5 RFC, Drft No 4, Network Working Group, MIT Project AthenaGoogle Scholar
  23. Meadows C (1996) The NRL Protocol Analyzer: an overview. J Logic Program 26(2):113–131CrossRefGoogle Scholar
  24. Meadows C, Syverson P (1998) A formal specification of requirements for payment transactions in the SET protocol. In: Hirschfeld R (ed) Proceedings of Financial Cryptography 98. Lecture Notes in Computer Science 1465:122–140. Springer-Verlag, BerlinCrossRefGoogle Scholar
  25. Millen JC (1995) The Interrogator Model. In: Proceeding of the 1995 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, pp 251–260Google Scholar
  26. Needham R, Schroeder M (1978) Using encryption for authentication in large networks of computers. Commun ACM 21(12):993–999CrossRefGoogle Scholar
  27. Neuman B, Ts’o T (1994) Kerberos: an authentication service for computer networks. IEEE Commun 32(9):33–38CrossRefGoogle Scholar
  28. SET Secure Electronic Transaction Specification, Book 1: Business Description, Version 1.0,Google Scholar
  29. SET Secure Electronic Transaction Specification, Book 2: Programmer’s Guide, Version 1.0.Google Scholar
  30. SET Secure Electronic Transaction Specification, Book 3: Formal Protocol Definition, Version 1.0Google Scholar
  31. Sherif MH (2000) Protocols for Secure Electronic Commerce. CRC Press, Boca Raton, FLGoogle Scholar
  32. Syverson P (1994) A taxonomy of replay attacks. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos, CA, pp 131–136Google Scholar

Copyright information

© Springer-Verlag 2004

Authors and Affiliations

  1. 1.Faculty of Information TechnologyUniversity of Technology, SydneyBroadwayAustralia

Personalised recommendations