DocumentCode
3392244
Title
Strand spaces: why is a security protocol correct?
Author
Fábrega, F. Javier Thayer ; Herzog, Jonathan C. ; Guttman, Joshua D.
Author_Institution
Mitre Corp., USA
fYear
1998
fDate
3-6 May 1998
Firstpage
160
Lastpage
171
Abstract
A strand is a sequence of events; it represents either the execution of an action by a legitimate party in a security protocol or else a sequence of actions by a penetrator. A strand space is a collection of strands, equipped with a graph structure generated by causal interaction. In this framework, protocol correctness claims may be expressed in terms of the connections between strands of different kinds. In this paper, we develop the notion of a strand space. We then prove a generally useful lemma, as a sample result giving a general bound on the abilities of the penetrator in any protocol. We apply the strand space formalism to prove the correctness of the Needham-Schroeder-Lowe protocol (G. Lowe, 1995, 1996). Our approach gives a detailed view of the conditions under which the protocol achieves authentication and protects the secrecy of the values exchanged. We also use our proof methods to explain why the original Needham-Schroeder (1978) protocol fails. We believe that our approach is distinguished from other work on protocol verification by the simplicity of the model and the ease of producing intelligible and reliable proofs of protocol correctness even without automated support
Keywords
cryptography; formal verification; message authentication; protocols; sequences; Needham-Schroeder protocol; Needham-Schroeder-Lowe protocol; authentication conditions; causal interaction; event sequence; exchanged values; graph structure; legitimate party; penetrator abilities; penetrator actions; protocol verification; reliable proofs; secrecy protection; security protocol correctness; strand spaces; Authentication; Contracts; Cryptographic protocols; Cryptography; National security; Protection; Read only memory;
fLanguage
English
Publisher
ieee
Conference_Titel
Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on
Conference_Location
Oakland, CA
ISSN
1081-6011
Print_ISBN
0-8186-8386-4
Type
conf
DOI
10.1109/SECPRI.1998.674832
Filename
674832
Link To Document