Authentication Primitives for Refining Protocol Specifications

We propose a way to abstract from various specifications of authentication and to obtain idealized protocols “secure by construction”. This feature enables us to prove that a cryptographic protocol is the correct implementation of the corresponding abstract protocol. Our proposal relies on the combination of two authentication primitives, proposed by the authors in [20, 18] to a simplified version of the spi calculus. Introduction Authentication is one of the main issues in security and it can have different purposes depending on the specific application considered. For example, entity authentication is related to the verification of an entity’s claimed identity [1], whilemessage authentication should make it possible for the receiver of a message to ascertain its origin [2]. In recent years there have been some formalizations of these different aspects of authentication (see, e.g., [3, 4, 5, 6, 7, 8, 9, 16]). These formalizations are crucial for proofs of authentication properties, that sometimes have been automatized (see, e.g. [10, 11, 12, 13, 14]). This work has been partially supported by MURST Progetto TOSCA, Progetto AI, TS & CFA and Progetto “Metodi formali per la Sicurezza”.