Abstract
In the quest for open systems, standardization of security mechanisms, framework, and protocols are becoming increasingly important. This puts high demands on the correctness of the standards. In this paper we use a formal logic-based approach to protocol analysis introduced by Burrows et al. [1]. We extend this logic to deal with protocols using public key cryptography, and with the notion of “duration” to capture some time-related aspects. The extended logic is used to analyse an important CCITT standard, the X.509 Authentication Framework. We conclude that protocol analysis can benefit from the use of the notation and that it highlights important aspects of the protocol analysed. Some aspects of the formalism need further study.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
M. Burrows, M. Abadi, and R. Needham. Authentication: A Practical Study in Belief and Action. Technical Report 138, University of Cambridge Computer Laboratory, 1988.
M. Burrows, M. Abadi, and R. Needham. A Logic of Authentication. Technical Report 39, Digital Systems Research Center, 1989.
M. Burrows, M. Abadi, and R. Needham. A logic of authentication. ACM Transactions on Computer Systems, 8(1): 18–36, February 1990.
CCITT. CCITT Blue Book, Recommendation X.509 and ISO 9594-8, Information Processing Systems—Open Systems Interconnection—The Directory—Authentication Framework. Geneva, March 1988.
D. Coppersmith. Analysis of ISO/CCITT Document X.509 Annex D. IBM Thomas J. Watson Research Center, Yorktown Heights, June 1989.
D. E. Denning and G. M. Sacco. Timestamps in key distribution protocols. Communications of the ACM, 24(28): 533–536, 1981.
W. Diffie and M. E. Helleman. New Directions in cryptography. IEEE Transactions on Information Theory, 22(6), 1976.
U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. Journal of Cryptology, 1(2): 77–94, 1988.
S. Goldwasser, S. Micali, and C. Rackoff. Knowledge complexity of interactive proof systems. SIAM Journal of Computing, 18(1): 186–208, 1989.
C. A. R. Hoare. An axiomatic basis for computer programming. Communications of the ACM, 12(10): 576–580, 1969.
C. l'Anson and C. Mitchell. Security defects in CCITT recomendation X.509—the directory authentication framework. Computer Communication Review, 20(2): 30–34, April 1990.
C. Meadows. Using narrowing in the analysis of key management protocols. In IEEE Computer Society Symposium on Security and Privacy, p. 138–147, 1989.
D. M. Nessett. A critique of the Burrows, Abadi and Needham logic. Operating System Review, 24(2), April 1990.
R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public key crypto systems. Communications of the ACM, 21(2): 120–126, 1978.
Author information
Authors and Affiliations
Additional information
This research was sponsored by the Royal Norwegian Council for Scientific and Industrial Research under Grant IT 0333.22222, and was performed while K. Gaarder was at Alcatel STK Research Centre.
Rights and permissions
About this article
Cite this article
Gaarder, K., Snekkenes, E. Applying a formal analysis technique to the CCITT X.509 strong two-way authentication protocol. J. Cryptology 3, 81–98 (1991). https://doi.org/10.1007/BF00196790
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF00196790