Abstract
Questions of belief are essential in analysing protocols for the authentication of principals in distributed computing systems. In this paper we motivate, set out, and exemplify a logic specifically designed for this analysis: we show how various protocols differ subtly with respect to the required initial assumptions of the participants and their final beliefs. Our formalism has enabled us to isolate and express these differences with a precision that was not previously possible. It has drawn attention to features of protocols of which we and their authors were previously unaware, and allowed us to suggest improvements to the protocols. The reasoning about some protocols has been mechanically verified. This paper starts with an informal account of the problem, goes on to explain the formalism to be used, and gives examples of its application to protocols from the literature, both with shared-key cryptography and with public-key cryptography. Some of the examples are chosen because of their practical importance, whereas others serve to illustrate subtle points of the logic and to explain how we use it. We discuss extensions of the logic motivated by actual practice; for example, to account for the use of hash functions in signatures. The final sections contain a formal semantics of the logic and some conclusions.
Reference15 articles.
1. Burrows M. Abadi M. & Needham. R. M. 1 9 8 8 Authentication : a practical study in belief and action. Proc. 2ndConf. 325-342.
2. Theor.Aspects
3. Bauer R. K. Berson T. A. & Feiertag R. J. 1 9 8 3 A key distribution protocol using event markers. ACMTrans. Computer Syst. 1 249-255.
4. CCITT 1 9 8 7 Draft recommendation X.509. The directory-authentication framework version 7. Gloucester.
5. DeMillo R. A. Lynch N. A. & Merritt M. J. 1 9 8 2 Cryptographic protocols. Proc. 14th ACM Symp. Theory of Computing pp. 383-400.
Cited by
444 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献