Showing papers by "Paul Syverson published in 1993"

A logical language for specifying cryptographic protocol requirements

Abstract: A formal language is presented for specifying and reasoning about cryptographic protocol requirements Examples of simple sets of requirements in that language are given The authors examine two versions of a protocol that might meet those requirements and show how to specify them in the language of the NRL Protocol Analyzer They also show how to map one of the sets of formal requirements to the language of the NRL Protocol Analyzer and use the Analyzer to show that one version of the protocol meets those requirements The Analyzer is used as a model checker to assess the validity of the formulas that make up the requirements >

Adding time to a logic of authentication

Abstract: In [BAN89] Burrows, Abadi, and Needham presented a logic (BAN) for analyzing cryptographic protocols in terms of belief. This logic is quite useful in uncovering flaws in protocols; however, it also has produced confusion and controversy. Much of the confusion was cleared up when Abadi and Tuttle provided a semantics for a version of that logic (AT) in [AT91].In this paper we present a protocol to show that both BAN and AT are not expressive enough to capture all of the kinds of flaws that appear to be within their scope. We then present a logic that adds temporal formalisms to AT and that is rich enough to reveal the flaws in the presented protocol; nonetheless, this logic is sound with respect to the same semantics that was given in [AT91]. Finally, we argue that any approach of this type is inadequate by itself to demonstrate the absence of such flaws. We must supplement the formal logic with semantic analysis techniques.

On key distribution protocols for repeated authentication

Abstract: In [KSL92], Kehne et al. present a protocol (KSL) for key distribution. Their protocol allows for repeated authentication by means of a ticket. They also give a proof in BAN logic [BAN89] that the protocol provides the principals with a reasonable degree of trust in the authentication and key distribution. They present an optimality result that their protocol contains a minimal number of messages. Nonetheless, in [NS93] Neuman and Stubblebine present a protocol (NS) as an explicit alternative to KSL that requires one less message in the initial authentication and key distribution. One goal of this paper is to examine some of the reasons for this discrepancy. Another goal is to demonstrate possible attacks on NS. Like any attacks on cryptographic protocols, these depend on assumptions about implementation details. But, when possible they are serious: a penetrator can initiate the protocol, masquerade as another principal, obtain the session key, and even generate the session key herself.1 We will set out implementation assumptions required for the attacks to take place and implementation assumptions that preclude such an attack. We will also look at other protocols, including one that is not subject to this form of attack and has the same number of messages as NS. Finally, we will briefly discuss the logical analysis of these repeat authentication protocols.

Logic, convention, and common knowledge

Abstract: This dissertation examines and defends the idea that logic is conventional. It also presents logics for reasoning about knowledge and common knowledge. A fundamental thesis is that logical consequence and logical truth are not simply given; they arise as conventions amongst the users of logic. And, a primary goal of the dissertation is to respond to Quine's argument that conventional accounts of logic must be either trivial or vacuous. Convention is explicated in a game theoretic framework along the lines of Lewis's Convention. A convention is thus a kind of equilibrium in the strategies of players of a game. They coordinate by adopting strategies that consistently yield a certain outcome. Players coordinating in this manner are assumed to have common knowledge of what is happening. I look in detail at the shared-situation approach to common knowledge as set out by Barwise. This is illustrated via a classic coordination problem distributed computing that was first introduced by Gray, viz: the coordinated attack. Though generally thought to be probably unsolvable, on a realistic understanding of common knowledge (taking into account the cognitive limitations of any knower) a solution is shown to exist. The solution provided is based on shared situations, and a situation semantics is set out in detail. A corresponding epistemic logic is also presented that is sound and complete with respect to the semantics. This logic introduces knowledge predicates that allow us to represent knowing an individual (including an individual situation) simpliciter as opposed to knowing something involving the individual. One cannot express and reason about common knowledge and shared situations entirely within the logic itself. Another logic is presented that is sufficiently expressive, and it is also shown to be sound and complete. The last chapter returns to Quine's critique and explains how conventions can arise when common knowledge is available only ex post facto. This provides the final justification for a conventional view of logic: it better accounts for logical behavior than the alternative view.