A calculus for secure channel establishment in open networks
This paper presents a calculus of channel security properties which allows to analyze and compare protocols for establishing secure channels in an insecure open network at a high level of abstraction. A channel is characterized by its direction, time of availability and its security properties. Cryptographic primitives and trust relations are interpreted as transformations for channel security properties, and cryptographic protocols can be viewed as combinations of such transformations. A protocol thus allows to transform a set of secure channels established during an initial setup phase, together with a set of insecure channels available during operation of the system, into the set of secure channels specified by the security requirements. The necessary and sufficient requirements for establishing a secure channel between two entities are characterized in terms of secure channels to be made available during the initial setup phase and in terms of trust relations between users and/or between users and trusted authorities.
KeywordsNetwork security Key management Cryptography Security transformations Formal models
Unable to display preview. Download preview PDF.
- 1.A. Birell, B. Lampson, R. Needham and M. Schroeder, A global authentication service without global trust, Proc. IEEE Symposium on Research in Security and Privacy, 1986, pp. 223–230.Google Scholar
- 4.M. Gasser, A. Goldstein, C. Kaufman and B. Lampson, The Digital distributed system security architecture, Proc. 12th National Computer Security Conference, NIST/NCSC, Baltimore, 1989, pp. 305–319.Google Scholar
- 6.V.D. Gligor, S.-W. Luan and J.N. Pato, On inter-realm authentication in large distributed systems, Proc. IEEE Conference on security and privacy, 1992, pp. 2–17.Google Scholar
- 7.B. Lampson, M. Abadi, M. Burrows and E. Wobber, Authentication in distributed systems: theory and practice, Proc. 13th ACM Symp. on Operating Systems Principles, 1991, pp. 165–182.Google Scholar
- 8.J. Linn, Privacy enhancement for internet electronic mail: Part I, Message encipherment and authentication procedures, Internet RFC 1421, Feb. 1993.Google Scholar
- 9.R. Molva, G. Tsudik, E. Van Herreweghen and S. Zatti, “KryptoKnight Authentication and Key Distribution System”, Proc. 1992 European Symposium on Research in Computer Security (ESORICS 92), Toulouse (Nov. 92).Google Scholar
- 13.J.G. Steiner, C. Neuman and J.I. Schiller, Kerberos: An authentication service for open network systems, Proceedings of Winter USENIX 1988, Dallas, Texas.Google Scholar
- 14.P. Syverson and C. Meadows, A logical language for specifying cryptographic protocols requirements, Proc. IEEE Conf. on Research in Security and Privacy, 1993, pp. 165–180.Google Scholar
- 15.J.J. Tardo and K. Alagappan, SPX: Global authentication using public key certificates, Proc. IEEE Conf. on Research in Security and Privacy, 1991, pp. 232–244.Google Scholar
- 17.R. Yahalom, B. Klein and T. Beth, Trust relationships in secure systems — a distributed autentication perspective, Proc. IEEE Conf. on Research in Security and Privacy, 1993, pp. 150–164.Google Scholar
- 18.P. Zimmermann, PGP User's Guide, Dec. 1992, available on the Internet.Google Scholar
- 19.ISO/IEC International Standard 9594-8, Information technology — open systems interconnection — the directory, Part 8: Authentication framework, 1990.Google Scholar