Analysis of Authentication Protocols Based on Rubin Logic

Author

Xu, Yang ; Xie, Xiaoyao

Author_Institution

Sch. of Comput. Sci. & Technol., Guizhou Univ., Guiyang

fYear

2008

fDate

12-14 Oct. 2008

Firstpage

1

Lastpage

5

Abstract

Authentication protocols are the basis of security in networks. Therefore, it is essential to ensure that these protocols function correctly. However, it is difficult to design authentication protocols that are immune to malicious attack, since good analysis techniques are lacking. BAN-like logic is one of the main techniques for analysis of authentication protocols, but protocols idealization is the fatal weakness of it. In this paper, Rubin logic which is a new technique for analyzing security protocols is introduced. Two examples of Rubin logic´s applications are given. First example is the Andrew secure RPC protocol using symmetric keys. The second one is the X.509 authentication protocol using asymmetric keys. Not only are the flaws of the protocols got with BAN logic found, but also some previously unknown flaws are found. With the result of the analysis, the new fixes of the two protocols are presented. These are stunning confirmations of the importance of Rubin logic for analyzing protocols.

Keywords

authorisation; protocols; telecommunication security; BAN logic; Rubin logic; authentication protocols; Authentication; Body sensor networks; Computer science; Computer security; Data security; Information security; Law; Logic; Protocols; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless Communications, Networking and Mobile Computing, 2008. WiCOM '08. 4th International Conference on

Conference_Location

Dalian

Print_ISBN

978-1-4244-2107-7

Electronic_ISBN

978-1-4244-2108-4

Type

conf

DOI

10.1109/WiCom.2008.1120

Filename

4679028