Abstract
The standard Kripke semantics of epistemic logics has been applied successfully to reasoning communication protocols under the assumption that the network is not hostile. This paper introduces a natural semantics of Kripke semantics calledknowledge structure and, by this kind of Kripke semantics, analyzes communication protocols over hostile networks, especially on authentication protocols. Compared with BAN-like logics, the method is automatically implementable because it operates on the actual definitions of the protocols, not on some difficult-to-establish justifications of them. What is more, the corresponding tool called SPV (Security Protocol Verifier) has been developed. Another salient point of this approach is that it is justification-oriented instead of falsification-oriented, i.e. finding bugs in protocols.
Similar content being viewed by others
References
Hintikka, J., Knowledge and Belief, Ithaca, NY: Cornell University Press, 1962.
Fagin, R., Halpern, J., Moses, Y. et al., Reasoning About Knowledge, Cambridge, MA: MIT Press, 1995.
Halpern, J., Zuck, L., A little knowledge goes a long way: Simple knowledge based derivations and correctness proofs for a family of protocols, Journal of the ACM, 1992, 39(3): 449–478.
Stulp, F., Verbrugge, R., A knowledge-based algorithm for the internet protocol TCP, Bulletin of Economic Research, 2002, 54(1): 69–94.
Burrows, M., Abadi, M., Needham, R. M., A logic of authentication, ACM Transactions on Computer Systems, 1990, 8(1): 18–36.
Abadi, M., Tuttle, M. R., A semantics for a logic of authentication, in Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing, Montreal, Canada: ACM Press, 1991, 201–216.
Syversion, P. F., van Oorschot, P. C., A unified cryptographic protocol logic, Technical Report, NRL Publication 5540-227, Naval Research Lab, 1996.
Su, K., Lv, G., Zhang, Y., Reasoning about knowledge by variable forgetting, in Proceedings of the 9th International Conference on Principles of Knowledge Representation and Reasoning (KR-2004), Whistler, Canada: AAAI Press, 2004.
Woo, T. Y. C., Lam, S. S., A semantic model for authentication protocols, in Proceedings of IEEE Symposium on Research in Security and Privacy, Oakland, May, CA, USA: IEEE Computer Society Press, 1993.
Dolev, D., Yao, A. C., On the security of public-key protocols, IEEE Transactions on Information Theory, 1983, 8(29): 198–208.
Cervesato, I., The Dolev-Yao intruder is the most powerful attacker, in Proc. 16th Annual Int. Symp on Logic in Computer Science, Boston, MA: IEEE Computer Society Press, 2001.
Delaune, S., Jacquemard, F., A theory of dictionary attacks and its complexity, in proc. 17th IEEE Computer Security Foundations Workshop, Asilomar, CA, USA, IEEE Computer Society Press, 2004.
Kripke, S., A semantical analysis of modal logic, in Normal modal propositional calculi, Z. Math. Logik Grundl. Math., 1963, 9: 67–96.
van der Meyden, R., Engelhardt, K., Moses, Y., Knowledge and the logic of local propositions, in Theoretical Aspects of Rationality and Knowledge, Proc. of TARK 1998, Morgan Kaufmann, July 1998.
Guttman, J. D., Fabrega, F. J., Herzog, J. C., Strand spaces, Technical report, The MITRE Corporation, November, 1997.
Needham, R. M., Schroeder, M. D., Using encryption for authentication in large networks of computers, Communication of the ACM, 1978, 21(12): 993–999.
Lowe, G., Breaking and fixing the Needham-Schroeder public-key protocol using FDR, in Tools and Algorithms for the Construction and Analysis of Systems, Vol. 1055 of Lecture Notes in Computer Science, Berlin: Springer Verlag, 1996, 147–166.
Bryant, R. E., Graph-based algorithms for boolean function manipulation, IEEE Transactions on Computers, 1986, 35(8): 677–691.
Zhao, Y., Zhang, L., Malik, S. et al., Chaff: Engineering an efficient sat solver, in Proc. 39th Design Automation Conference (DAC), Las Vegas, NV: ACM Press, 2001.
Needham, R., Gong, L., Yahalom, R., Reasoning about beliefs in cryptographic protocols, in Proc. 1990, IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, California: IEEE Computer Society Press, 1990, 234–248.
Bieber, P., A logic of communication in hostile environment, in Proc. the third IEEE Computer Security Foundations Workshop, Franconia, New Hampshire, USA: IEEE Computer Society Press, June, 1990.
Kailar, R., Accountability in electronic commerce protocols, IEEE Transactions on Software Engineering, May, 1996, 22(5): 313–328.
Sui Liying, Bai Shuo, Fu Yan et al., The verification logic for secure protocols, Chinese Journal of Software, 2000, 11(2): 212–221.
Kessler, V., Wedel, G., AUTLOG—An advanced logic of authentication, in Proceedings of the Computer Security Foundations Workshop VII, Franconia, New Hampshire, USA: IEEE Computer Society, 1994.
van der Meyden, R., Su Kaile, Symbolic model checking the knowledge of the dining cryptographers, in Proc. of 17th IEEE Computer Security Foundations Workshop, June, Pacific Grove, CA: IEEE Computer Society, 2004, 280–291.
Chaum, D., The dining cryptographers problem: unconditional sender and recipient untraceability, Journal of Cryptology, 1988, 1(1): 65–75.
Su Kaile, Model checking temporal logics of knowledge in distributed systems, in Proceedings of the Nineteenth National Conference of Artificial Intelligence, Sixteenth Conference on Innovative Applications of Artificial Intelligence, July 25–29, 2004, San Jose, California, USA: AAAI Press/The MIT Press, 2004.
Li Mengjun, Li Zhoujun, Chen Huowang, A survey of security protocol verification based on process albegra, Chinese Journal of Computer Research and Development, 2004, 41(7): 1097–1103.
Hoare, C. A. R., Communication Sequential Processes, Prentice Hall, 1985.
Abadi, M., Gordon, A., A calculus for cryptographic protocols: the spi calculus, in Proceedings of the 4th ACM Conference on Computer and Communication Security, April, Zurich, Switzerland, ACM Press, 1997.
Milner, R., Comminication and Concurrency, Prentice Hall, 1989.
Huai Jinpeng, Li Xianxian, Algebra model and security analysis for cryptographic protocols, Science in China, Ser. F, 2004, 47(2): 199–200.
Ji Qingguang, Qing Sihan, Zhou Yongbin et al., Study on strand space model theory, Journal of Computer Science and Technology, 2003, 18(5): 553–570.
Syverson Paul, Towards a strand semantics for authentication logic, Electronic Notes in Theoretical Computer Science URL=http://www.elsevier.nl/locate/entcs/volume20.html, 1999.
Song, D., Berezin, S., Perrig, A., Athena: a novel approach to efficient automatic security protocol analysis, Journal of Computer Security, 2001, 9(1): 47–74.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Su, K., Lü, G. & Chen, Q. Knowledge structure approach to verification of authentication protocols. Sci China Ser F 48, 513–532 (2005). https://doi.org/10.1360/122004-78
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1360/122004-78