Title :
Evaluating and improving protocol analysis by automatic proof
Author :
Brackin, Stephen H.
Author_Institution :
Arca Syst. Inc., Ithaca, NY, USA
Abstract :
The paper summarizes the results of Automatic Authentication Protocol Analyzer (AAPA) analyses of 52 protocols from A Survey of Authentication Protocol Literature: Version 1.0 by Clark and Jacob, a continually updated library of protocols analyzed in the protocol-failure literature. The AAPA found no problems in 27 that Clark and Jacob did not identify as having problems, but also found no problems in 16 that Clark and Jacob did identify as having problems, though the attacks on 8 of these would be prevented by type checks that the AAPA assumes are always made. It found problems in 6 that Clark and Jacob also identified as having problems, and found problems in 3 that Clark anal Jacob did not identify as having problems. The paper defines a semantics for the AAPA´s specification language, defines valid inference and protocol failure with respect to this semantics, identifies reasons for each of the AAPA´s “misses”, and sketches ongoing work that should correct all, or all except one, of these “misses”
Keywords :
formal specification; message authentication; protocols; A Survey of Authentication Protocol Literature: Version 1.0; Automatic Authentication Protocol Analyzer; attacks; automatic proof; improved protocol analysis; inference; protocol analysis evaluation; protocol failure; protocol library; semantics; specification language; type checks; Authentication; Automatic logic units; Contracts; Failure analysis; Information analysis; Jacobian matrices; Laboratories; Libraries; Protocols; Security;
Conference_Titel :
Computer Security Foundations Workshop, 1998. Proceedings. 11th IEEE
Conference_Location :
Rockport, MA
Print_ISBN :
0-8186-8488-7
DOI :
10.1109/CSFW.1998.683164
