• DocumentCode
    3392244
  • Title

    Strand spaces: why is a security protocol correct?

  • Author

    Fábrega, F. Javier Thayer ; Herzog, Jonathan C. ; Guttman, Joshua D.

  • Author_Institution
    Mitre Corp., USA
  • fYear
    1998
  • fDate
    3-6 May 1998
  • Firstpage
    160
  • Lastpage
    171
  • Abstract
    A strand is a sequence of events; it represents either the execution of an action by a legitimate party in a security protocol or else a sequence of actions by a penetrator. A strand space is a collection of strands, equipped with a graph structure generated by causal interaction. In this framework, protocol correctness claims may be expressed in terms of the connections between strands of different kinds. In this paper, we develop the notion of a strand space. We then prove a generally useful lemma, as a sample result giving a general bound on the abilities of the penetrator in any protocol. We apply the strand space formalism to prove the correctness of the Needham-Schroeder-Lowe protocol (G. Lowe, 1995, 1996). Our approach gives a detailed view of the conditions under which the protocol achieves authentication and protects the secrecy of the values exchanged. We also use our proof methods to explain why the original Needham-Schroeder (1978) protocol fails. We believe that our approach is distinguished from other work on protocol verification by the simplicity of the model and the ease of producing intelligible and reliable proofs of protocol correctness even without automated support
  • Keywords
    cryptography; formal verification; message authentication; protocols; sequences; Needham-Schroeder protocol; Needham-Schroeder-Lowe protocol; authentication conditions; causal interaction; event sequence; exchanged values; graph structure; legitimate party; penetrator abilities; penetrator actions; protocol verification; reliable proofs; secrecy protection; security protocol correctness; strand spaces; Authentication; Contracts; Cryptographic protocols; Cryptography; National security; Protection; Read only memory;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on
  • Conference_Location
    Oakland, CA
  • ISSN
    1081-6011
  • Print_ISBN
    0-8186-8386-4
  • Type

    conf

  • DOI
    10.1109/SECPRI.1998.674832
  • Filename
    674832