Skip to main content
SpringerLink
Log in

Knowledge structure approach to verification of authentication protocols

  • Published:
Science in China Series F: Information Sciences Aims and scope Submit manuscript

Abstract

The standard Kripke semantics of epistemic logics has been applied successfully to reasoning communication protocols under the assumption that the network is not hostile. This paper introduces a natural semantics of Kripke semantics calledknowledge structure and, by this kind of Kripke semantics, analyzes communication protocols over hostile networks, especially on authentication protocols. Compared with BAN-like logics, the method is automatically implementable because it operates on the actual definitions of the protocols, not on some difficult-to-establish justifications of them. What is more, the corresponding tool called SPV (Security Protocol Verifier) has been developed. Another salient point of this approach is that it is justification-oriented instead of falsification-oriented, i.e. finding bugs in protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Hintikka, J., Knowledge and Belief, Ithaca, NY: Cornell University Press, 1962.

    Google Scholar 

  2. Fagin, R., Halpern, J., Moses, Y. et al., Reasoning About Knowledge, Cambridge, MA: MIT Press, 1995.

    MATH  Google Scholar 

  3. Halpern, J., Zuck, L., A little knowledge goes a long way: Simple knowledge based derivations and correctness proofs for a family of protocols, Journal of the ACM, 1992, 39(3): 449–478.

    Article  MATH  MathSciNet  Google Scholar 

  4. Stulp, F., Verbrugge, R., A knowledge-based algorithm for the internet protocol TCP, Bulletin of Economic Research, 2002, 54(1): 69–94.

    Article  Google Scholar 

  5. Burrows, M., Abadi, M., Needham, R. M., A logic of authentication, ACM Transactions on Computer Systems, 1990, 8(1): 18–36.

    Article  Google Scholar 

  6. Abadi, M., Tuttle, M. R., A semantics for a logic of authentication, in Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing, Montreal, Canada: ACM Press, 1991, 201–216.

    Chapter  Google Scholar 

  7. Syversion, P. F., van Oorschot, P. C., A unified cryptographic protocol logic, Technical Report, NRL Publication 5540-227, Naval Research Lab, 1996.

  8. Su, K., Lv, G., Zhang, Y., Reasoning about knowledge by variable forgetting, in Proceedings of the 9th International Conference on Principles of Knowledge Representation and Reasoning (KR-2004), Whistler, Canada: AAAI Press, 2004.

    Google Scholar 

  9. Woo, T. Y. C., Lam, S. S., A semantic model for authentication protocols, in Proceedings of IEEE Symposium on Research in Security and Privacy, Oakland, May, CA, USA: IEEE Computer Society Press, 1993.

    Google Scholar 

  10. Dolev, D., Yao, A. C., On the security of public-key protocols, IEEE Transactions on Information Theory, 1983, 8(29): 198–208.

    Article  MathSciNet  Google Scholar 

  11. Cervesato, I., The Dolev-Yao intruder is the most powerful attacker, in Proc. 16th Annual Int. Symp on Logic in Computer Science, Boston, MA: IEEE Computer Society Press, 2001.

    Google Scholar 

  12. Delaune, S., Jacquemard, F., A theory of dictionary attacks and its complexity, in proc. 17th IEEE Computer Security Foundations Workshop, Asilomar, CA, USA, IEEE Computer Society Press, 2004.

    Google Scholar 

  13. Kripke, S., A semantical analysis of modal logic, in Normal modal propositional calculi, Z. Math. Logik Grundl. Math., 1963, 9: 67–96.

    Article  MATH  MathSciNet  Google Scholar 

  14. van der Meyden, R., Engelhardt, K., Moses, Y., Knowledge and the logic of local propositions, in Theoretical Aspects of Rationality and Knowledge, Proc. of TARK 1998, Morgan Kaufmann, July 1998.

  15. Guttman, J. D., Fabrega, F. J., Herzog, J. C., Strand spaces, Technical report, The MITRE Corporation, November, 1997.

  16. Needham, R. M., Schroeder, M. D., Using encryption for authentication in large networks of computers, Communication of the ACM, 1978, 21(12): 993–999.

    Article  MATH  Google Scholar 

  17. Lowe, G., Breaking and fixing the Needham-Schroeder public-key protocol using FDR, in Tools and Algorithms for the Construction and Analysis of Systems, Vol. 1055 of Lecture Notes in Computer Science, Berlin: Springer Verlag, 1996, 147–166.

    Google Scholar 

  18. Bryant, R. E., Graph-based algorithms for boolean function manipulation, IEEE Transactions on Computers, 1986, 35(8): 677–691.

    Article  MATH  Google Scholar 

  19. Zhao, Y., Zhang, L., Malik, S. et al., Chaff: Engineering an efficient sat solver, in Proc. 39th Design Automation Conference (DAC), Las Vegas, NV: ACM Press, 2001.

    Google Scholar 

  20. Needham, R., Gong, L., Yahalom, R., Reasoning about beliefs in cryptographic protocols, in Proc. 1990, IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, California: IEEE Computer Society Press, 1990, 234–248.

    Google Scholar 

  21. Bieber, P., A logic of communication in hostile environment, in Proc. the third IEEE Computer Security Foundations Workshop, Franconia, New Hampshire, USA: IEEE Computer Society Press, June, 1990.

    Google Scholar 

  22. Kailar, R., Accountability in electronic commerce protocols, IEEE Transactions on Software Engineering, May, 1996, 22(5): 313–328.

    Article  Google Scholar 

  23. Sui Liying, Bai Shuo, Fu Yan et al., The verification logic for secure protocols, Chinese Journal of Software, 2000, 11(2): 212–221.

    Google Scholar 

  24. Kessler, V., Wedel, G., AUTLOG—An advanced logic of authentication, in Proceedings of the Computer Security Foundations Workshop VII, Franconia, New Hampshire, USA: IEEE Computer Society, 1994.

    Google Scholar 

  25. van der Meyden, R., Su Kaile, Symbolic model checking the knowledge of the dining cryptographers, in Proc. of 17th IEEE Computer Security Foundations Workshop, June, Pacific Grove, CA: IEEE Computer Society, 2004, 280–291.

    Chapter  Google Scholar 

  26. Chaum, D., The dining cryptographers problem: unconditional sender and recipient untraceability, Journal of Cryptology, 1988, 1(1): 65–75.

    Article  MATH  MathSciNet  Google Scholar 

  27. Su Kaile, Model checking temporal logics of knowledge in distributed systems, in Proceedings of the Nineteenth National Conference of Artificial Intelligence, Sixteenth Conference on Innovative Applications of Artificial Intelligence, July 25–29, 2004, San Jose, California, USA: AAAI Press/The MIT Press, 2004.

    Google Scholar 

  28. Li Mengjun, Li Zhoujun, Chen Huowang, A survey of security protocol verification based on process albegra, Chinese Journal of Computer Research and Development, 2004, 41(7): 1097–1103.

    Google Scholar 

  29. Hoare, C. A. R., Communication Sequential Processes, Prentice Hall, 1985.

  30. Abadi, M., Gordon, A., A calculus for cryptographic protocols: the spi calculus, in Proceedings of the 4th ACM Conference on Computer and Communication Security, April, Zurich, Switzerland, ACM Press, 1997.

  31. Milner, R., Comminication and Concurrency, Prentice Hall, 1989.

  32. Huai Jinpeng, Li Xianxian, Algebra model and security analysis for cryptographic protocols, Science in China, Ser. F, 2004, 47(2): 199–200.

    Article  MATH  MathSciNet  Google Scholar 

  33. Ji Qingguang, Qing Sihan, Zhou Yongbin et al., Study on strand space model theory, Journal of Computer Science and Technology, 2003, 18(5): 553–570.

    Article  MATH  MathSciNet  Google Scholar 

  34. Syverson Paul, Towards a strand semantics for authentication logic, Electronic Notes in Theoretical Computer Science URL=http://www.elsevier.nl/locate/entcs/volume20.html, 1999.

  35. Song, D., Berezin, S., Perrig, A., Athena: a novel approach to efficient automatic security protocol analysis, Journal of Computer Security, 2001, 9(1): 47–74.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Sun Yat-sen University, 510275, Guangzhou, China

    Su Kaile, Lü Guanfeng & Chen Qingliang

Authors
  1. Su Kaile
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lü Guanfeng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chen Qingliang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chen Qingliang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Su, K., Lü, G. & Chen, Q. Knowledge structure approach to verification of authentication protocols. Sci China Ser F 48, 513–532 (2005). https://doi.org/10.1360/122004-78

Download citation

  • Received:

  • Revised:

  • Issue Date:

  • DOI: https://doi.org/10.1360/122004-78

Keywords

Search

Navigation