Skip to main content
SpringerLink
Log in

SG logic — a formal analysis technique for authentication protocols

  • Conference paper
  • First Online:
Security Protocols (Security Protocols 1997)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1361))

Included in the following conference series:

Abstract

The security of electronic communication relies to a great extent on the security of authentication protocols used to distribute cryptographic keys. Hence formal techniques are needed which help to analyse the security of these protocols. In this paper we introduce a formal method which allows to detect the possibility of certain replay and interleaving attacks. By using our method we are able to show the weakness of the Neuman-Stubblebine protocol and to detect inaccuracies in some authentication protocols standardized in ISO. These inaccuracies may cause the protocol to allow interleaving attacks in certain environments, a fact which seems to be unrecognized so far.

Funded by Deutsche Telekom AG, Darmstadt

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Tuttle, MR.: A Semantics for a Logic of Authentication. Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing, Montreal, Canada, August 1991, pp. 201–216.

    Google Scholar 

  2. Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. Report 39 Digital Systems Research Center, Palo Alto, California, 1989.

    Google Scholar 

  3. Carlsen, U.: Using Logics to Detect Implementation-Dependent Flaws. Ninth Annual Computer Security Applications Conference, De. 6-10, 1993, Orlando, Florida, pp. 64–73.

    Google Scholar 

  4. CCITT Recommandation X.509-ISO/IEC 9594/8 (1987)

    Google Scholar 

  5. Denning, D.E., Sacco, G.M.: Timestamps in Key Distribution Protocols. CALM Vol. 24, No. 8, August 1982, pp. 533–536.

    Google Scholar 

  6. ElGamal, T.,: A Public Key Cryptosystem and a Signature Scheme based on Discrete Logarithms, IEEE Transactions on Information Theory, Vol.31, NrA, July 1985, S.469–472

    Google Scholar 

  7. Gaarder, K., Snekkenes, E.: Applying a Formal Analysis Technique to the CCITT X.509 Strong Two-Way Authentication Protocol. J. Cryptology, Vol. 3, No. 2 (1991) 81–98.

    Article  MathSciNet  Google Scholar 

  8. Gong, L., Needham, R., Yahalom, R.: Reasoning about Belief in Cryptographic Protocols. Proc. 1990 IEEE Symp. on Security and Privacy (Oakland, California), pp. 234–248.

    Google Scholar 

  9. Güergens, S.: A Formal Analysis Technique for Authentication Protocols. Proceedings of Pragocrypt 1996.

    Google Scholar 

  10. ISO/IEC 7816-4: 1995(E) “Information technology-Identification cards-Integrated circuit(s) cards with contacts-Part 4: Inter-industry commands for interchange”

    Google Scholar 

  11. WD 7816-8: 1995(E) “Information technology-Identification cards-Integrated circuit(s) cards with contacts-Part 8: Security related interindustry commandsx”

    Google Scholar 

  12. ISO/IEC 9798-2: 1994(E) “Information technology-Security techniques-Entity authentication-Part 2: Mechanisms using encipherment algorithms”

    Google Scholar 

  13. Mathuria, A., Safavi-Naini, R, Nickolas, P.: Some Remarks on the Logic of Gong, Needham and Yahalom. Proceedings of the International Computer Symposium 1994, Dec. 12-15, NCTU, Hsinchu, Taiwan, R.O.C, Vol.1, pp. 303–308

    Google Scholar 

  14. Needham, R. M., Schroeder, M. D.: Authentication Revisited. Operating Systems Review, Vol. 21, No. 12, December 1978, pp. 993–999.

    Google Scholar 

  15. Neuman, B.C., Stubblebine, S.G.: A note on the use of timestamps as Nonces. Operating Systems Rev. 27 (2), 1993, pp. 10–14.

    Article  Google Scholar 

  16. Rivest, R. L., Shamir, A., Adleman, L. A.: A method for obtaining digital signatures and public-key cryptosystems; Communications of the ACM, Vol.21, Nr.2, 1978, 5.120-126.

    Google Scholar 

  17. Syverson, P.: On Key Distribution Protocols for Repeated Authentication; Operating Systems Review, vol. 27, no. 4, October 1993, pp. 24–30.

    Article  Google Scholar 

  18. Van Oorschot, P.C.: Extending Cryptographic Logics of Belief to Key Agreement Protocols. 1st ACM Conference on Computer and Communications Security, Nov. 3-5 1993, Fairfax, Virginia, pp. 232–243.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. GMD - German National Research Center for Information Technology, Rheinstrasse 75, D-64295, Darmstadt, Germany

    Sigrid Gürgens

Authors
  1. Sigrid Gürgens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Bruce Christianson Bruno Crispo Mark Lomas Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gürgens, S. (1998). SG logic — a formal analysis technique for authentication protocols. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds) Security Protocols. Security Protocols 1997. Lecture Notes in Computer Science, vol 1361. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0028167

Download citation

  • DOI: https://doi.org/10.1007/BFb0028167

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-64040-0

  • Online ISBN: 978-3-540-69688-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation