Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR

Lowe, Gavin

doi:10.1007/3-540-61042-1_43

Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR

Regular Sessions Session 4: Security

Gavin Lowe¹

Conference paper
First Online: 02 June 2005

2880 Accesses
410 Citations

Part of the Lecture Notes in Computer Science book series (LNCS,volume 1055)

Abstract

In this paper we analyse the well known Needham-Schroeder Public-Key Protocol using FDR, a refinement checker for CSP. We use FDR to discover an attack upon the protocol, which allows an intruder to impersonate another agent. We adapt the protocol, and then use FDR to show that the new protocol is secure, at least for a small system. Finally we prove a result which tells us that if this small system is secure, then so is a system of arbitrary size.

Keywords

Small System
Security Protocol
Arbitrary Size
Cipher Block Chain
Honest Agent

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

Colin Boyd. Hidden assumptions in cryptographic protocols. Proceedings of the IEE, 137, Part E(6):433–436, November 1990.
Google Scholar
Michael Burrows, Martín Abadi, and Roger Needham. A logic of authentication. Proceedings of the Royal Society of London A, 426:233–271, 1989. A preliminary version appeared as Digital Equipment Corporation Systems Research Center report No. 39, 1989.
Google Scholar
Dorothy E. Denning and Giovanni Maria Sacco. Timestamps in key distribution protocols. Communications of the ACM, 24(8):533–536, 1981.
Google Scholar
W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22:644–654, 1976.
Google Scholar
Formal Systems (Europe) Ltd. Failures Divergence Refinement—User Manual and Tutorial, 1993. Version 1.3.
Google Scholar
C. A. R. Hoare. Communicating Sequential Processes. Prentice Hall, 1985.
Google Scholar
Gavin Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters, 56:131–133, 1995.
Google Scholar
Roger Needham and Michael Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.
Google Scholar
R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, February 1978.
Google Scholar
A. W. Roscoe. Developing and verifying protocols in CSP. In Proceedings of Mierlo workshop on protocols. TU Eindhoven, 1993.
Google Scholar
A. W. Roscoe. Model-checking CSP. In A Classical Mind, Essays in Honour of C. A. R. Hoare. Prentice-Hall, 1994.
Google Scholar
A. W. Roscoe and Helen MacCarthy. Verifying a replicated database: A case study in model-checking CSP. Submitted for publication.
Google Scholar
Steve Schneider. Security properties and CSP. In preparation, 1995.
Google Scholar
Bruce Schneier. Applied Cryptography. Wiley, 1994.
Google Scholar

Download references

Author information

Authors and Affiliations

Oxford University Computing Laboratory, Wolfson Building, Parks Road, OX1 3QD, Oxford, UK
Gavin Lowe

Authors

Gavin Lowe
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Lowe, G. (1996). Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR. In: Margaria, T., Steffen, B. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 1996. Lecture Notes in Computer Science, vol 1055. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-61042-1_43

Download citation

DOI: https://doi.org/10.1007/3-540-61042-1_43
Published: 02 June 2005
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61042-7
Online ISBN: 978-3-540-49874-2
eBook Packages: Springer Book Archive