Abstract
Cryptographic protocols are useful for trust engineering in distributed transactions. Transactions require specific degrees of confidentiality and agreement between the principals engaging in it. Moreover, trust management assertions may be attached to protocol actions, constraining the behavior of a principal to be compatible with its own trust policy. We embody these ideas in a cryptographic protocol programming language cppl at the Dolev-Yao level of abstraction. A strand space semantics for cppl shaped our compiler development, and allows a protocol designer to prove that a protocol is sound.
Supported by the MITRE-Sponsored Research program. Authors’ addresses: guttman, jherzog, ramsdell, bsniffen@mitre.org.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11580850_20 .
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Blanchet, B., Fournet, C.: Just Fast Keying in the pi calculus. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 340–354. Springer, Heidelberg (2004)
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.D.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: 28th ACM Symposium on Principles of Programming Languages (POPL 2001), January 2001, pp. 104–115 (2001)
Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148(1), 1–70 (1999)
Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: 6th ACM Conference on Computer and Communications Security (November 1999)
Blanchet, B., Podelski, A.: Verification of cryptographic protocols: Tagging enforces termination. In: Gordon, A.D. (ed.) FOSSACS 2003. LNCS, vol. 2620, pp. 136–152. Springer, Heidelberg (2003)
Blaze, M., Feigenbaum, J., Lacy, J.: Distributed trust management. In: Proceedings, 1996 IEEE Symposium on Security and Privacy, May 1997, pp. 164–173 (1997)
Boreale, M.: Symbolic trace analysis of cryptographic protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, p. 667. Springer, Heidelberg (2001)
Broadfoot, P., Lowe, G.: On distributed security transactions that use secure transport protocols. In: Proceedings, 16th Computer Security Foundations Workshop, pp. 63–73. IEEE Computer Society Press, Los Alamitos (2003)
Ceri, S., Gottlob, G., Tanca, L.: What you always wanted to know about datalog (and never dared to ask). IEEE Transactions of Knowledge and Data Engineering 1(1) (1989)
Chen, W., Swift, T., Warren, D.S.: Efficient top-down computation of queries under the well-founded semantics. J. Logic Prog. 24(3), 161–199 (1995)
Chen, W., Warren, D.S.: Tabled evaluation with delaying for general logic programs. J. ACM 43(1), 20–74 (1996)
Crazzolara, F., Milicia, G.: Developing security protocols in χ-spaces. In: Proceedings, 7th Nordic Workshop on Secure IT Systems, Karlstad, Sweden (November 2002)
Crazzolara, F., Winskel, G.: Composing strand spaces. In: Agrawal, M., Seth, A.K. (eds.) FSTTCS 2002. LNCS, vol. 2556, pp. 97–108. Springer, Heidelberg (2002)
Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Transactions on Information Theory 29, 198–208 (1983)
Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols. Journal of Computer Security 12(2), 247–311 (2004); Initial version appeared in Workshop on Formal Methods and Security Protocols (1999)
Fournet, C., Gordon, A.D., Maffeis, S.: A type discipline for authorization policies. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 141–156. Springer, Heidelberg (2005)
Gordon, A.D., Jeffrey, A.: Types and effects for asymmetric cryptographic protocols. In: Proceedings, 15th Computer Security Foundations Workshop, June 2002. IEEE Computer Society Press, Los Alamitos (2002)
Guttman, J.D.: Key compromise and the authentication tests. In: Mislove, M. (ed.) Electronic Notes in Theoretical Computer Science, vol. 47, p. 21 (2001), http://www.elsevier.nl/locate/entcs/volume47.html
Guttman, J.D., Thayer, F.J.: Protocol independence through disjoint encryption. In: Proceedings, 13th Computer Security Foundations Workshop, July 2000. IEEE Computer Society Press, Los Alamitos (2000)
Guttman, J.D., Thayer, F.J.: Authentication tests and the structure of bundles. Theoretical Computer Science 283, 333–380 (2002)
Guttman, J.D., Thayer, F.J.: The sizes of skeletons: Decidable cryptographic protocol authentication and secrecy goals. MTR 05B09 Revision 1, The MITRE Corporation (March 2005)
Guttman, J.D., Thayer, F.J., Carlson, J.A., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Trust management in strand spaces: A rely-guarantee method. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 325–339. Springer, Heidelberg (2004)
Kaufman, C., (ed.): Internet key exchange (IKEv2) protocol. Internet Draft (September 2004), Available at http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-17.txt
Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)
Leroy, X.: Cryptokit. Sofwtare available via Version 1.3 (April 2005), http://pauillac.inria.fr/~xleroy/software.html
Leroy, X., Doligez, D., Garrigue, J., Rémy, D., Vouillon, J.: The Objective Caml System. INRIA Version 3.00 (2000), http://caml.inria.fr/
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings, 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)
Lowe, G.: An attack on the Needham-Schroeder public key authentication protocol. Information Processing Letters 56(3), 131–136 (1995)
Lowe, G.: A hierarchy of authentication specifications. In: 10th Computer Security Foundations Workshop Proceedings, pp. 31–43. IEEE Computer Society Press, Los Alamitos (1997)
Millen, J., Muller, F.: Cryptographic protocol generation from CAPSL. Technical Report SRI-CSL-01-07, SRI International (December 2001)
Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACMÂ 21(12) (December 1978)
Perrig, A., Song, D.X.: A first step toward the automatic generation of security protocols. In: Network and Distributed System Security Symposium, February 2000. Internet Society (2000)
Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7(2/3), 191–230 (1999)
Trusted Computing Group TCG Specification Architecture Overview, revision 1.2 edition (April 2004), https://www.trustedcomputinggroup.org/downloads/TCG_1_0_Architecture_Overview.pdf
Trusted Computing Group TPM Main: Part I Design Principles, specification version 1.2, revision 85 edn. (February 2005), https://www.trustedcomputinggroup.org/downloads/specifications/mainP1DP_rev85.zip
Woo, T.Y.C., Lam, S.S.: Authentication for distributed systems. Computer 25(1), 39–52 (1992)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Guttman, J.D., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T. (2005). Programming Cryptographic Protocols. In: De Nicola, R., Sangiorgi, D. (eds) Trustworthy Global Computing. TGC 2005. Lecture Notes in Computer Science, vol 3705. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11580850_8
Download citation
DOI: https://doi.org/10.1007/11580850_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30007-6
Online ISBN: 978-3-540-31483-7
eBook Packages: Computer ScienceComputer Science (R0)