Abstract
Boyd and Mao (“On a Limitation of BAN Logic”, in these proceedings) suggest that it is easy to use the authentication logic of Burrows, Abadi and Needham to approve protocols that are in practice unsound, and present two examples. We illustrate that the problem in the first example can be traced to a violation of pre-conditions in the BAN analysis (involving ill-founded trust in a trusted server), while in the second the idealization is simply incorrect. For the latter, a general guideline is proposed to avoid similar problems in the future.
Chapter PDF
5 References
M. Abadi, M. Tuttle. “A semantics for a logic of authentication”. Proc. 1991 ACM Symp. on Principles of Distributed Computing, 201–216.
C. Boyd, W. Mao, “On a Limitation of BAN Logic”, presented at Eurocrypt93’, Lofthus, Norway, 1993 May 24–26 (to appear in these proceedings).
M. Burrows, M. Abadi, R. Needham, “A logic of authentication”, ACM Trans. Computer Systems 8 (Feb. 1990), 18–36. A more detailed version is available in: M. Burrows, M. Abadi and R. Needham, “A logic of authentication”, Digital Systems Research Centre SRC Report #39 (1990 Feb. 22), 62 pages.
K. Gaarder, E. Snekkenes, “Applying a formal analysis technique to CCITT X.509 strong two-way authentication protocol”, J. Cryptology 3 (Jan. 1991), 81–98.
V. Gligor, R. Kailar, S. Stubblebine, L. Gong. “Logics for cryptographic protocols — virtues and limitations”. Proc. IEEE 1991 Computer Security Foundations Workshop (Franconia, New Hampshire).
L. Gong, R. Needham, R. Yahalom. “Reasoning about belief in cryptographic protocols”. Proc. 1990 IEEE Symp. on Security and Privacy (Oakland, CA), 234–248.
D.M. Nessett “A critique of the Burrows, Abadi and Needham logic”. Operating Systems Review 24 (1990), 35–38.
P. Van Oorschot. “Extending cryptographic logics of belief to key agreement protocols”. Proc. 1 st ACM Conference on Communications and Computer Security (Fairfax, Virginia, Nov. 3–5 1993).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
van Oorschot, P.C. (1994). An Alternate Explanation of two BAN-logic “failures”. In: Helleseth, T. (eds) Advances in Cryptology — EUROCRYPT ’93. EUROCRYPT 1993. Lecture Notes in Computer Science, vol 765. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48285-7_39
Download citation
DOI: https://doi.org/10.1007/3-540-48285-7_39
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-57600-6
Online ISBN: 978-3-540-48285-7
eBook Packages: Springer Book Archive