Analyzing the Needham-Schroeder public key protocol: A comparison of two approaches

  • Catherine A. Meadows
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1146)


In this paper we contrast the use of the NRL Protocol Analyzer and Gavin Lowe's use of the model checker FDR [8] to analyze the Needham-Schroeder public key protocol. This is used as a basis for comparing and contrasting the two systems and to point out possible future directions for research.


Model Checker Protocol Analyzer Initiator Process Cryptographic Protocol Finite State Space 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Michael Burrows, Martín Abadi, and Roger Needham. A Logic of Authentication. ACM Transactions in Computer Systems, 8(1):18–36, February 1990.Google Scholar
  2. 2.
    Formal Systems (Europe) Ltd. Failures Divergence Refinement Users Manual and Tutorial, Version 1.4, January 1994.Google Scholar
  3. 3.
    Dieter Gollmann. What do We Mean by Entity Authentication? In Proceedings of the 1996 IEEE Computer Society Symposium on Security and Privacy, pages 55–61. IEEE Computer Society Press, Los Alamitos, California, 1996.Google Scholar
  4. 4.
    C. A. R. Hoare. Communicating Sequential Processes. Prentice Hall, 1985.Google Scholar
  5. 5.
    Richard Kemmerer, Catherine Meadows, and Jonathan Millen. Three Systems for Cryptographic Protocol Analysis. Journal of Cryptology, 7(2), 1994.Google Scholar
  6. 6.
    D. Longley and S. Rigby. An Automatic Search for Security Flaws in Key Management Schemes. Computers and Security, 11(1):75–90, 1992.Google Scholar
  7. 7.
    Gavin Lowe. An attack on the Needham-Schroeder public key protocol. Information Protessing Letters, 56:131–133, 1995.Google Scholar
  8. 8.
    Gavin Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR. In Proceedings of TACAS, Springer Verlag, 1996.Google Scholar
  9. 9.
    Gavin Lowe. personal communication, Feb. 1996.Google Scholar
  10. 10.
    Catherine Meadows. The NRL Protocol Analyzer: An overview. Journal of Logic Programming, 26(2):113–131, February 1996.Google Scholar
  11. 11.
    J. K. Millen, S. C. Clark, and S. B. Freedman. The Interrogator: Protocol Security Analysis. IEEE Transactions on Software Engineering, SE-13(2), 1987.Google Scholar
  12. 12.
    R. M. Needham and M. D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM, 21(12):993–999, December 1978.Google Scholar
  13. 13.
    Einar Snekkenes. Formal Specification and Analysis of Cryptographic Protocols, PhD thesis, University of Oslo, May 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Catherine A. Meadows
    • 1
  1. 1.Naval Research LaboratoryCode 5543 Center for High Assurance Computer SystemsWashington DC

Personalised recommendations