Evaluating and improving protocol analysis by automatic proof

Author

Brackin, Stephen H.

Author_Institution

Arca Syst. Inc., Ithaca, NY, USA

fYear

1998

fDate

9-11 Jun 1998

Firstpage

138

Lastpage

152

Abstract

The paper summarizes the results of Automatic Authentication Protocol Analyzer (AAPA) analyses of 52 protocols from A Survey of Authentication Protocol Literature: Version 1.0 by Clark and Jacob, a continually updated library of protocols analyzed in the protocol-failure literature. The AAPA found no problems in 27 that Clark and Jacob did not identify as having problems, but also found no problems in 16 that Clark and Jacob did identify as having problems, though the attacks on 8 of these would be prevented by type checks that the AAPA assumes are always made. It found problems in 6 that Clark and Jacob also identified as having problems, and found problems in 3 that Clark anal Jacob did not identify as having problems. The paper defines a semantics for the AAPA´s specification language, defines valid inference and protocol failure with respect to this semantics, identifies reasons for each of the AAPA´s “misses”, and sketches ongoing work that should correct all, or all except one, of these “misses”

Keywords

formal specification; message authentication; protocols; A Survey of Authentication Protocol Literature: Version 1.0; Automatic Authentication Protocol Analyzer; attacks; automatic proof; improved protocol analysis; inference; protocol analysis evaluation; protocol failure; protocol library; semantics; specification language; type checks; Authentication; Automatic logic units; Contracts; Failure analysis; Information analysis; Jacobian matrices; Laboratories; Libraries; Protocols; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Workshop, 1998. Proceedings. 11th IEEE

Conference_Location

Rockport, MA

ISSN

1063-6900

Print_ISBN

0-8186-8488-7

Type

conf

DOI

10.1109/CSFW.1998.683164

Filename

683164