Compositional Analysis of Authentication Protocols

  • Michele Bugliesi
  • Riccardo Focardi
  • Matteo Maffei
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2986)


We propose a new method for the static analysis of entity authentication protocols. We develop our approach based on a dialect of the spi-calculus as the underlying formalism for expressing protocol narrations. Our analysis validates the honest protocol participants against static (hence decidable) conditions that provide formal guarantees of entity authentication. The main result is that the validation of each component is provably sound and fully compositional: if all the protocol participants are successfully validated, then the protocol as a whole guarantees entity authentication in the presence of Dolev-Yao intruders.


Authentication Protocol Security Protocol Cryptographic Protocol Encrypt Message Entity Authentication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M., Blanchet, B.: Secrecy types for asymmetric communication. Theor. Comput. Sci. 298(3), 387–415 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148(1), 1–70 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Abadi, M., Needham, R.: Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering 22(1), 6–15 (1996)CrossRefGoogle Scholar
  4. 4.
    Blanchet, B., Podelski, A.: Verification of cryptographic protocols: Tagging enforces termination. In: Proceedings of Foundations of Software Science and Computation Structures, pp. 136–152 (2003)Google Scholar
  5. 5.
    Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Automatic validation of protocol narration. In: Proceedings of 16th IEEE Computer Security FoundationsWorkshop (CSFW 16), June 2003, pp. 126–140 (2003)Google Scholar
  6. 6.
    Boreale, M.: Symbolic trace analysis of cryptographic protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 667–681. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Boreale, M., De Nicola, R., Pugliese, R.: Proof techniques for cryptographic processes. In: Logic in Computer Science, pp. 157–166 (1999)Google Scholar
  8. 8.
    Bugliesi, M., Focardi, R., Maffei, M.: Principles for entity authentication. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 294–306. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. Proceedings of the Royal Society of London 426(1871), 233–271 (1871)MathSciNetGoogle Scholar
  10. 10.
    Clark, J., Jacob, J.: A survey of authentication protocol literature: Version 1.0 (November 1997),
  11. 11.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Durgin, N., Mitchell, J., Pavlovic, D.: A compositional logic for proving security properties of protocols. Journal of Computer Security 11 (2003)Google Scholar
  13. 13.
    Focardi, R., Gorrieri, R., Martinelli, F.: Non interference for the analysis of cryptographic protocols. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 354–372. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Gollmann, D.: What do we mean by Entity Authentication. In: Proceedings of the 1996 Symposium on Security and Privacy, pp. 46–54. IEEE Computer Society Press, Los Alamitos (1996)CrossRefGoogle Scholar
  15. 15.
    Gong, L., Needham, R., Yahalom, R.: Reasoning About Belief in Cryptographic Protocols. In: Cooper, D., Lunt, T. (eds.) Proceedings 1990 IEEE Symposium on Research in Security and Privacy, pp. 234–248. IEEE Computer Society, Los Alamitos (1990)CrossRefGoogle Scholar
  16. 16.
    Gordon, A., Jeffrey, A.: Authenticity by typing for security protocols. In: 14th IEEE Computer Security FoundationsWorkshop (CSFW-14), June 2001, pp. 145–159 (2001)Google Scholar
  17. 17.
    Gordon, A., Jeffrey, A.: Types and effects for asymmetric cryptographic protocols. In: 15th IEEE Computer Security Foundations Workshop—CSFW 2001, June 24-26, pp. 77–91. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  18. 18.
    Guttman, J.: Security protocol design via authentication tests. In: 15th IEEE Computer Security Foundations Workshop—CSFW 2001, Cape Breton, Canada, June 24-26, pp. 92–103. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  19. 19.
    Guttman, J.D., Javier Thayer, F.: Authentication tests and the structure of bundles. Theoretical Computer Science 283(2), 333–380 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Heather, J., Lowe, G., Schneider, S.: How to prevent type flaw attacks on security protocols. In: 13th IEEE Computer Security Foundations Workshop — CSFW 2000, Cambridge, UK, July 3-5, pp. 255–268. IEEE Computer Society Press, Los Alamitos (2000)CrossRefGoogle Scholar
  21. 21.
    ISO/IEC. Entity Authentication Using Symmetric Techniques. Report ISO/IEC JTC1.27.02.2 ( (June 1990)Google Scholar
  22. 22.
    Lowe, G.: A Hierarchy of Authentication Specification. In: Proceedings of the 10th Computer Security Foundation Workshop, pp. 31–44. IEEE Press, Los Alamitos (1997)CrossRefGoogle Scholar
  23. 23.
    Meadows, C., Syverson, P.: Formal specification and analysis of the group domain of intrepretation protocol using npatrl and the nrl protocol analyzer (2003), To appear in Journal of Computer SecurityGoogle Scholar
  24. 24.
    Mitchell, J.C., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using murφ. In: Proceedings of the 1997 IEEE Symposium on Research in Security and Privacy, pp. 141–153. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar
  25. 25.
    Needham, R.M., Schroeder, M.D.: Authentication revisited. ACM SIGOPS Operating Systems Review 21(1), 7 (1987)CrossRefGoogle Scholar
  26. 26.
    Paulson, L.C.: Relations between secrets: Two formal analyses of the yahalom protocol. Journal of Computer Security 9(3), 197–216 (2001)MathSciNetGoogle Scholar
  27. 27.
    Thayer, J., Herzog, J., Guttman, J.: Strand spaces: Proving security protocols correct. Journal of Computer Security, 15 (1999)Google Scholar
  28. 28.
    Woo, T.Y.C., Lam, S.S.: Authentication for distributed systems. IEEE Computer 25(3), 39–51 (1992)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Michele Bugliesi
    • 1
  • Riccardo Focardi
    • 1
  • Matteo Maffei
    • 1
  1. 1.Dipartimento di InformaticaUniversità Ca’ Foscari di VeneziaMestre (Ve)Italy

Personalised recommendations