Analysing Applications Layered on Unilaterally Authenticating Protocols
نویسندگان
چکیده
There are many approaches to proving the correctness of application-layer protocols that are layered on secure transport protocols, such as TLS. One popular approach is verification by abstraction, in which the correctness of the application-layer protocol is proven under the assumption that the transport layer satisfies certain properties. Following this approach, we adapt the strand spaces model in order to analyse application-layer protocols that depend on unilaterally authenticating secure transport protocols, such as unilateral TLS. We develop proof rules that enable us to prove the correctness of application-layer protocols that use either unilateral or bilateral secure transport protocols, and illustrate them by proving the correctness of WebAuth, a single-sign-on protocol that makes extensive use of unilateral TLS.
منابع مشابه
Analysing layered security protocols
Many security protocols are built as the composition of an applicationlayer protocol and a secure transport protocol, such as TLS. There are many approaches to proving the correctness of such protocols. One popular approach is verification by abstraction, in which the correctness of the application-layer protocol is proven under the assumption that the transport layer satisfies certain properti...
متن کاملOn Distributed Security Transactions that Use Secure Transport Protocols
In this paper we consider techniques for designing and analysing distributed security transactions. We present a layered approach, with a highlevel security transaction layer running on top of a lower-level secure transport protocol. The secure transport protocol provides protection against dishonest outsiders, while the transaction layer can be designed to provide protection against dishonest ...
متن کاملVisa protocols for controlling interorganizational datagram flow
The increasing use of internetworking protocols to connect administratively heterogeneous networks has raised the question of how an organization can control the flow of information across its network boundaries. One method for doing so is the use of visas, a cryptographic technique for authenticating and authorizing a flow of datagrams. This paper presents and evaluates two visa protocols-one ...
متن کاملVisa Protocols for Controlling Inter - Organizational
The increasing use of internetworking protocols to connect administratively heterogeneous networks has raised the question of how an organization can control the ow of information across its network boundaries. One method for doing so is the use of visas, a cryptographic technique for authenticating and authorizing a ow of datagrams. This paper presents and evaluates two visa protocols-one that...
متن کاملProcess algebraic modeling of authentication protocols for analysis of parallel multi-session executions
Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...
متن کامل