Revisiting the Foundations of Authentication Logics

In this paper, we make the point that the problems with logics in the BAN tradition are not with the idea of basing reasoning about security protocols using epistemic notions, but with some of the specific decisions taken in the formulation of these logics. To illustrate this statement, we describe a formal logic for security protocol analysis based on well-understood modal operators, knowledge, time, and probability. We show how the logic can capture the intuitive high-level concepts of BAN and later logics. In particular, we formalize a translation of the BAN operators into our logic to model reasoning about security protocols in the presence of a Dolev-Yao adversary. We validate our translation by analyzing the Needham-Schroeder authentication protocol using our formalism. This analysis highlights some strong assumptions on nonces made by the Dolev-Yao model of the adversary. We address these concerns by formulating a different translation of the BAN operators using probability, and show how to analyze protocols in the presence of Dolev-Yao adversaries that are allowed guesses.