Mechanising a Protocol for Smart Cards
Paulson’s Inductive Approach for verifying traditional cryptographic protocols is tailored to those where agents make use of smart cards. An intruder can actively exploit other agents’ cards, which can be stolen or cloned. The approach is demonstrated on the Shoup-Rubin protocol, which is modelled and verified thoroughly. The protocol achieves strong goals of confidentiality, authentication and key distribution. However, our proofs highlight that a few messages require additional explicitness in order to guarantee those goals to the peers when the cards’ data buses are unreliable.
Keywordssmart card protocols Inductive Approach confidentiality authentication key distribution
Unable to display preview. Download preview PDF.
- 1.M. Abadi and R. M. Needham. Prudent Engineering Practice for Cryptographic Protocols. IEEE Transactions on Software Engineering, 22(1):6–15, January 1996.Google Scholar
- 2.R. J. Anderson and M. J. Kuhn. Low Cost Attacks on Tamper Resistant Devices. In M. e. a. Lomas, editor, Proc. of the 5th International Workshop on Security Protocols, LNCS 1361, pages 125–136. Springer-Verlag, 1997.Google Scholar
- 3.G. Bella. Message Reception in the Inductive Approach. Research Report 460, University of Cambridge — Computer Laboratory, 1999.Google Scholar
- 4.G. Bella. Modelling Agents’ Knowledge Inductively. In Proc. of the 7th International Workshop on Security Protocols, LNCS 1796. Springer-Verlag, 1999.Google Scholar
- 5.G. Bella. Inductive Verification of Cryptographic Protocols. PhD thesis, University of Cambridge, Computer Laboratory, 2000. Research Report 493.Google Scholar
- 6.G. Bella and L. C. Paulson. Are Timestamps Worth the Effort? A Formal Treatment. Research Report 447, University of Cambridge — Computer Laboratory, 1998.Google Scholar
- 7.G. Bella and L. C. Paulson. Kerberos Version IV: Inductive Analysis of the Secrecy Goals. In J.-J. Quisquater, Y. Desware, C. Meadows, and D. Gollmann, editors, Proc. of the 5th European Symposium on Research in Computer Security (ESORICS’98), LNCS 1485, pages 361–375. Springer-Verlag, 1998.Google Scholar
- 9.R. Jerdonek, P. Honeyman, K. Coffman, J. Rees, and K. Wheeler. Implementation of a Provably Secure, Smartcard-based Key Distribution Protocol. In J.-J. Quisquater and B. Schneier, editors, Proc. of the 3rd Smart Card Research and Advanced Application Conference (CARDIS’98), 1998.Google Scholar
- 10.T. Leighton and S. Micali. Secret-key Agreement without Public-key Cryptography. In D. R. Stinson, editor, Proc. of Advances in Cryptography — CRYPTO’93, LNCS 773, pages 456–479. Springer-Verlag, 1993.Google Scholar
- 12.L. C. Paulson. The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security, 6:85–128, 1998.Google Scholar
- 13.P. Y. A. Ryan and S. A. Schneider. The Modelling and Analysis of Security Protocols: the CSP Approach. Addison-Wesley, 2000.Google Scholar
- 14.V. Shoup and A. Rubin. Session Key Distribution using Smart Cards. In U. Maurer, editor, Advances in Cryptology — Eurocrypt’96, LNCS 1070, pages 321–331. Springer-Verlag, 1996.Google Scholar