Abstract
This paper proposes a new logic for verifying secure transaction protocols. We have named this logic the ENDL (extension of non-monotonic dynamic logic). In this logic, timestamps and signed certificates are used for protecting against replays of old keys or the substitution of bogus keys. The logic is useful for verifying the authentication properties of secure protocols, and especially for protecting data integrity. To evaluate the logic, three practical instances of secure protocols are illustrated. This evaluation demonstrates that the ENDL is effective and promising.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abadi M, Tuttle M (1991) A semantics for a logic of authentication. In: Proceedings of the 10th ACM Symposium on Principles of Distributed Computing. ACM Press, pp 201–216
Bai S, Chen QF (2002) The verification logic for secure electronic protocols. J Software (China) 11(2):213–221
Bella G, Massacci F, Paulson L, Tramontano P (2000) Formal Verification of cardholder registration in SET. In: Proceedings of the 6th European Symposium on Research in Computer Security (ESORICS’00), Lecture Notes in Computer Science. Springer-Verlag, Berlin, pp 159–174
Birrell A (1985) Secure communications using remote procedure calls. ACM Trans Comput Syst 3(1):1–14
Brackin S (1996) A HOL extension of GNY for automatically analyzing cryptographic protocols. In: Proceeding of the Ninth IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, pp 62–76
Brackin S (1997) Automatic formal analyses of two large commercial protocols. In: Proceedings of the DIMACS Workshop on Design and Formal Verification of Security Protocols (paper available at http://dimacs.rutgers.edu/Workshops/Security/ program2/brackin.html)
Burrows M, Abadi M, Needham R (1990) A logic for authentication. ACM Trans Comput Syst 8(1):18–36
Denning D, Sacco G (1981) Timestamp in key distribution protocols. Commun ACM 24(8):533–536
Dierks T, Allen C (1999) http://www.ietf.org/rfc/rfc2246.txt
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208
Foner LN (1996) A security architecture for multi-agent matchmaking. In: Proceedings of the Second International Conference on Multi-Agent Systems (ICMAS96). AAAI Press, Menlo Park, CA, pp 80–86
Forrester (1998) http://www.forrester.com/ER/research
Gong L (1991) Handling infeasible specifications of cryptographic protocols. In: Proceedings of Computer Security Foundations Workshop IV, Franconia, NH, pp 99–102
Gong L, Needham R, Yahalom R (1990) Reasoning about belief in cryptographic protocols. In: Proceeding of the Symposium on Security and Privacy, Oakland, CA, pp 234–248
Gong L, Syverson P (1995) Fail-stop protocols: an approach to designing secure protocols. In: 5th International Working Conference on Dependable Computing for Critical Applications, pp 44–55
Gong L (1992) A security risk of depending on synchronized clocks. ACM Oper Syst Rev 26(1):49–53
Gritzalis S (1999) Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification. Comput Commun 22(8):695–707
Huberman B, Franklin M, Hogg T (1999) Enhancing privacy and trust in electronic communities. Proc ACM e-Commerce 99:78–86
ITU-T ITU-T X.509 (1998) The Directory – An Authentication Framework. ITU-T
Kailar R (1995) Reasoning about accountability in protocols for electronic commerce. In: Proceedings of the 1995 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, pp 236–250
Kessler V, Wedel G (1994) AUTLOG – an advanced logic of authentication. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop, Los Alamitors. IEEE Computer Society Press, Los Alamitos, CA, pp 90–99
Kohl J, Neuman C (1990) The Kerberos Network Authentication Service. Version 5 RFC, Drft No 4, Network Working Group, MIT Project Athena
Meadows C (1996) The NRL Protocol Analyzer: an overview. J Logic Program 26(2):113–131
Meadows C, Syverson P (1998) A formal specification of requirements for payment transactions in the SET protocol. In: Hirschfeld R (ed) Proceedings of Financial Cryptography 98. Lecture Notes in Computer Science 1465:122–140. Springer-Verlag, Berlin
Millen JC (1995) The Interrogator Model. In: Proceeding of the 1995 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, pp 251–260
Needham R, Schroeder M (1978) Using encryption for authentication in large networks of computers. Commun ACM 21(12):993–999
Neuman B, Ts’o T (1994) Kerberos: an authentication service for computer networks. IEEE Commun 32(9):33–38
SET Secure Electronic Transaction Specification, Book 1: Business Description, Version 1.0,
SET Secure Electronic Transaction Specification, Book 2: Programmer’s Guide, Version 1.0.
SET Secure Electronic Transaction Specification, Book 3: Formal Protocol Definition, Version 1.0
Sherif MH (2000) Protocols for Secure Electronic Commerce. CRC Press, Boca Raton, FL
Syverson P (1994) A taxonomy of replay attacks. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos, CA, pp 131–136
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chen, Q., Zhang, C. & Zhang, S. ENDL: A Logical Framework for Verifying Secure Transaction Protocols. Know. Inf. Sys. 7, 84–109 (2005). https://doi.org/10.1007/s10115-003-0127-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10115-003-0127-4