Protocol security is important. So are efficiency and cost. This paper provides an early framework for handling such aspects in a uniform way based on combinatorial optimisation techniques. The belief logic of Burrows, Abadi and Needham (BAN logic) is viewed as both a specification and proof system and as a ‘protocol programming language’. The paper shows how simulated annealing and genetic alg...

The pioneering and well-known work of Burrows, Abadi and Needham (the BAN logic) which dominates the area of security protocol analysis is shown to take an approach which is not fully formal and which consequently permits approval of dangerous protocols. Measures to make the BAN logic formal are then proposed. The formalisation is found to be desirable not only for its potential in providing ri...

BAN logic is a propositional logic of knowledge for the verification of cryptographic protocols. While BAN logic has been successful from a practical point of view, the semantics of the epistemic (knowledge) modality is unclear. Several Kripke semantics have been proposed, but they do not attempt at anything beyond a soundness result. Completeness is prevented by the so called logical omniscien...

In this paper, we compare two methods for security proofs a formal method, and the method by reduction from the complexity theory. A modification of the Otway-Rees protocol is proposed to show out a difference between the two methods : the exchanged key is provably secure in the sense of the BAN logic but it is not when we analyze it by reduction. The difference is due to a limitation of BAN lo...

In this paper, we make the point that the problems with logics in the BAN tradition are not with the idea of basing reasoning about security protocols using epistemic notions, but with some of the specific decisions taken in the formulation of these logics. To illustrate this statement, we describe a formal logic for security protocol analysis based on well-understood modal operators, knowledge...

Tools to evaluate Cryptographic Protocols (CPs) exploded into the literature after development of BAN Logic [BAN88,BAN90]. Many of these were created to repair weaknesses in BAN Logic. Unfortunately, these tools are all complex and difficult to implement individually, with little or no effort available to implement multiple tools in a workbench environment. We propose a framework that allows a ...

Boyd and Mao (“On a Limitation of BAN Logic”, in these proceedings) suggest that it is easy to use the authentication logic of Burrows, Abadi and Needham to approve protocols that are in practice unsound, and present two examples. We illustrate that the problem in the first example can be traced to a violation of pre-conditions in the BAN analysis (involving ill-founded trust in a trusted serve...

Security protocols play an important role in modern communications. However, security protocol development is a delicate task, and experience shows that computer security protocols are notoriously difficult to get right. Recently, Clark and Jacob provided a framework for automatic protocol generation based on combinatorial optimization techniques and the symmetric key part of BAN logic. This pa...

Recently, the security scheme, proposed by Kempf and Koodli, has been adopted as a security standard for Fast handover for Mobile IPv6. But, it does not prevent denial of service attacks while resulting in high computation cost. More importantly, we find that it is still vulnerable to redirection attacks because it fails to secure the Unsolicited Neighbor Advertisement messages. In this paper, ...

Most attacks against security protocols are due to their vulnerable designs. These type of protocols are usually the base which many other protocols and applications are built upon, so proving the correctness of such protocols has become a very important issue in recent years. At the same time, the complexity of security protocols has increased considerably, making it harder to perform an exhau...