Advertisement

Authentication Revisited: Flaw or Not, the Recursive Authentication Protocol

  • Guoqiang Li
  • Mizuhito Ogawa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5311)

Abstract

Authentication and secrecy have been widely investigated in security protocols. They are closely related to each other and variants of definitions have been proposed, which focus on the concepts of corresponding assertion and key distribution. This paper proposes an on-the-fly model checking method based on the pushdown system to verify the authentication of recursive protocols with an unbounded number of principals. By experiments of the Maude implementation, we find the recursive authentication protocol, which was verified in the sense of (weak) key distribution, has a flaw in the sense of correspondence assertion.

Keywords

Authentication Protocol Security Protocol Recursive Process Unbounded Number Authentication Property 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Woo, T.Y., Lam, S.S.: A Semantic Model for Authentication Protocols. In: Proceedings of the S&P 1993, pp. 178–194. IEEE Computer Society Press, Los Alamitos (1993)Google Scholar
  2. 2.
    Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols: The Spi Calculus. In: Proceedings of the CCS 1997, pp. 36–47. ACM Press, New York (1997)Google Scholar
  3. 3.
    Boreale, M.: Symbolic Trace Analysis of Cryptographic Protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 667–681. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Bella, G.: Inductive Verification of Cryptographic Protocols. PhD thesis, University of Cambridge (2000)Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: The Three Party Case. In: Proceedings of the STOC 1995, pp. 57–66. ACM Press, New York (1995)Google Scholar
  6. 6.
    Paulson, L.C.: Mechanized Proofs for a Recursive Authentication Protocol. In: Proceedings of the CSFW 1997, pp. 84–95. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar
  7. 7.
    Li, G., Ogawa, M.: On-the-Fly Model Checking of Security Protocols and Its Implementation by Maude. IPSJ Transactions on Programming 48, 50–75 (2007)Google Scholar
  8. 8.
    Li, G., Ogawa, M.: On-the-Fly Model Checking of Fair Non-repudiation Protocols. In: Namjoshi, K.S., Yoneda, T., Higashino, T., Okamura, Y. (eds.) ATVA 2007. LNCS, vol. 4762, pp. 511–522. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Li, G.: On-the-Fly Model Checking of Security Protocols. PhD thesis, Japan Advanced Institute of Science and Technology (2008)Google Scholar
  10. 10.
    Li, G., Ogawa, M.: Authentication Revisited: Flaw or Not, the Recursive Authentication Protocol. Technical Report IS-RR-2008-002, Japan Advanced Institute of Science and Technology (2008)Google Scholar
  11. 11.
    Sangiorgi, D., Walker, D.: The Pi-Calculus: A Theory of Mobile Processes. Cambridge University Press, Cambridge (2003)zbMATHGoogle Scholar
  12. 12.
    Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-key Using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  13. 13.
    Bull, J.A., Otway, D.J.: The Authentication Protocol. Technical report, Defence Research Agency, UK (1997)Google Scholar
  14. 14.
    Clavel, M., Durán, F., Eker, S., Lincolnand, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: Maude Manual (Version 2.2) (2005)Google Scholar
  15. 15.
    Lowe, G.: A Hierarchy of Authentication Specifications. In: Proceedings of the CSFW 1997, pp. 31–43. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar
  16. 16.
    Bryans, J., Schneider, S.: CSP, PVS and a Recursive Authentication Protocol. In: Proceedings of the DIMACS FVSP 1997 (1997)Google Scholar
  17. 17.
    Basin, D.A., Mödersheim, S., Viganò, L.: OFMC: A Symbolic Model Checker for Security Protocols. International Journal of Information Security 4(3), 181–208 (2005)CrossRefGoogle Scholar
  18. 18.
    Küsters, R., Wilke, T.: Automata-based Analysis of Recursive Cryptographic Protocols. In: Diekert, V., Habib, M. (eds.) STACS 2004. LNCS, vol. 2996, pp. 382–393. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Truderung, T.: Selecting Theories and Recursive Protocols. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 217–232. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Ryan, P., Schneider, S.: An Attack on a Recursive Authentication Protocol: A Cautionary Tale. Information Processing Letters 65, 7–10 (1998)CrossRefzbMATHGoogle Scholar
  21. 21.
    Küsters, R., Truderung, T.: On the Automatic Analysis of Recursive Security Protocols with XOR. In: Thomas, W., Weil, P. (eds.) STACS 2007. LNCS, vol. 4393, pp. 646–657. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Guoqiang Li
    • 1
  • Mizuhito Ogawa
    • 2
  1. 1.NCES, Graduate School of Information ScienceNagoya UniversityJapan
  2. 2.Japan Advanced Institute of Science and TechnologyJapan

Personalised recommendations