Looking for Diamonds in the Desert - Extending Automatic Protocol Generation to Three-Party Authentication and Key Agreement Protocols

In this paper, we describe our new results in developing and extending Automatic Protocol Generation (APG), an approach to automatically generate security protocols. We explore two-party mutual authentication and key agreement protocols, with a trusted third party (TTP) which shares a symmetric key with each of the two principals. During the process, we experienced the challenge of a gigantic protocol space (even after we limit the protocol complexity and size, and after constraining message format and sending order, we estimate the state space at 1012 protocols!). Facing this challenge, we develop more powerful reduction techniques for the protocol generator. We also develop new pruning theorems and probabilistic methods of picking goal orderings for the protocol screener, Athena, which greatly improve the efficiency and worst-case performance of Athena. In our first experiment, APG found new protocols for two-party mutual authentication with a TTP using symmetric keys. In our second experiment, APG also found new protocols for three different sets of security properties for two-party authentication and key agreement. Our new list of security properties for key agreement also uncovered an undocumented deficiency in the Yahalom protocol. We gratefully acknowledge support for this research from several US government agencies. This research was suported in part by the Defense Advanced Research Projects Agency under DARPA contract N6601-9928913 (under supervision of the Space and Naval Warfare Systems Center San Diego), by the National Science foundation under grant FD99-79852, and by the United States Postal Service under grant USPS 1025 90-98-C3513. Views and conclusions contained in this document are those of the authors and do not necessarily represent the official opinion or policies, either expressed or implied of the US government or any of its agencies, DARPA, NSF, USPS.