Transport Level Security: a proof using the Gong-Needham-Yahalom Logic
نویسنده
چکیده
This paper provides a proof of the proposed Internet standard Transport Level Security protocol using the Gong{Needham{Yahalom logic. It is intended as a teaching aid and hopes to show to students: the potency of a formal method for protocol design; some of the subtleties of authenticating parties on a network where all messages can be intercepted; the design of what should be a widely accepted standard. 1 Transport Level Security Protocol This section provides an insight into the workings of the next generation of authentication protocol: the Transport Level Security Protocol version 1.0[DA97], the successor to the Secure Sockets Layer[FKK95]. To do this, the Gong{ Needham{Yahalom, GNY, logic [GNY90] is introduced which is a formal method for proving the safety of a cryptographically-based protocol. It is described at length in appendix A. When working through protocols the relevant rule of inference will be stated and will refer to those in the appendix. The Transport Level Security handshake protocol [DA97], TLS, has an unknown heritage, but it has a great deal of similarity to that described in [DS81]. It is predicated on the existence of readily available public keys: TLS’s predecessor made use of X.509 certi cates, see [CCI88], issued by a Certi cation Authority, CA, an example of which is Thawte[THA99]. A discussion of the limitations of certi cate technology can be found in R oscheisen’s on{line paper [Ros95]. TLS has three sub{protocols: Server anonymous Server named, client anonymous Server named, client named These di er by who is required to send their X.509 certi cates, the key exchange protocol is di erent only when the client is named and thus has a public{key that can be used. The messages are shown in gure 1 sent during a run of the protocol are more or less the same for all sub{protocols. As can be seen, no key issuing server is needed.
منابع مشابه
Some Remarks on the Logic of Gong , Needham
We reveal instances of unsoundness, incompleteness, and redundancy in the cryptographic protocol analysis logic of Gong, Needham and Yahalom. Solutions are proposed for each of these problems. The logic is extended to formalize the use of an uncertiied key in the Yahalom protocol, and our analysis of the protocol suggests the possibility of a redundancy in the protocol.
متن کاملA HOL Extension of GNY for Automatically
This paper describes a Higher Order Logic (HOL) theory formalizing an extended version of the Gong, Needham, Yahalom (GNY) belief logic, a theory used by software that automatically proves authentication properties of cryptographic protocols. The theory's extensions to the GNY logic include being able to specify protocol properties at intermediate stages and being able to specify protocols that...
متن کاملRelations Between Secrets: Two Formal Analyses of the Yahalom Protocol
The Yahalom protocol is one of those analyzed by Burrows et al. [5]. Based upon their analysis, they have proposed modifications to make the protocol easier to understand and to analyze. Both versions of Yahalom have now been analyzed using Isabelle/HOL. Modified Yahalom satisfies strong security goals, and the original version is adequate. The mathematical reasoning behind these machine proofs...
متن کاملOn the Automation of Gny Logic
The cryptographic protocol analysis logic of Gong, Needham and Yahalom (GNY) ooers signiicant advantages over its predecessor, the Burrows, Abadi and Needham (BAN) logic. Manual analysis of protocols using the GNY logic, however, is cumbersome , as the logic has a large set of inference rules. This paper proposes a modiied GNY logic, and describes the implementation of a protocol analysis tool ...
متن کاملA Proof of Revised Yahalom Protocol in the Bellare and Rogaway (1993) Model
Although the Yahalom protocol, proposed by Burrows, Abadi, and Needham in 1990, is one of the most prominent key establishment protocols analyzed by researchers from the computer security community (using automated proof tools), a simplified version of the protocol is only recently proven secure by Backes and Pfitzmann (2006) in their cryptographic library framework. We present a protocol for k...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره cs.CR/9904005 شماره
صفحات -
تاریخ انتشار 1999