1 / 23

Extensions of BAN

Extensions of BAN. by Heather Goldsby Michelle Pirtle. Overview. BAN Logic – Burrows, Abadi, and Needham GNY – Gong, Needham, Yahalom RV AT – Abadi and Tuttle VO – van Oorschot SVO – Syverson and van Oorschot Wenbo Mao – “Mao” Comparison Conclusion. BAN Logic – 1989.

bedros
Télécharger la présentation

Extensions of BAN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Extensions of BAN by Heather Goldsby Michelle Pirtle CSE 914 - Michigan State University

  2. Overview • BAN Logic – Burrows, Abadi, and Needham • GNY – Gong, Needham, Yahalom • RV • AT – Abadi and Tuttle • VO – van Oorschot • SVO – Syverson and van Oorschot • Wenbo Mao – “Mao” • Comparison • Conclusion CSE 914 - Michigan State University

  3. BAN Logic – 1989 • Goal: Offer a formalization of the description and analysis of authentication protocols over distributed computer systems • State what is accomplished by the protocol • Allow reasoning about, and comparisons of, protocol assumptions • Draw attention to unnecessary actions that can be removed from a protocol • Highlight any encrypted messages that could be sent in clear text • Tool: SPEAR • Model analyzer for BAN Logic and GNY • Developed for security protocols CSE 914 - Michigan State University

  4. BAN (cont.) • Advantages • Introduced a simple and powerful notation • Logic postulates (ie. Nonce-verification rule) are straight forward to apply for deriving BAN beliefs • Disadvantages • Idealization step can cause analysis problems • No formal syntax or semantics • Does not account for improper encryption • A principal’s beliefs cannot be changed at later stages of the protocol • Logic limited to analyze authentication protocols • Honesty and trust in other principals is not addressed CSE 914 - Michigan State University

  5. Foundation of Each Logic Read across - States which logic(s) were used to design the new logic Read down - States which logic(s) extended from the logic Logics listed in increasing year of publication

  6. GNY - 1990 • Goal: Gain ability to analyze more protocols in a more consistent manner • Extends and reformulates BAN • Notions are expanded • New rules and constructs • Eliminate some of BAN’s universal assumptions • Tools: • SPEAR • Model analyzer for BAN Logic and GNY • Developed for security protocols • Pattern scanner used as a parser for “not-originated-here” notion CSE 914 - Michigan State University

  7. GNY (cont.) • Advantages • Multiple levels of trust can be used in reasoning • More protocols can be analyzed • Making some BAN assumptions explicit allows for generality • Disadvantages • R6 is unsound • Combining rules can result in unsound conclusions • The set of rules is incomplete • Some rules have redundant premises • E.g. I2 CSE 914 - Michigan State University

  8. RV – 1996 • Goal: Provide a logic of belief, based on BAN for use with a theory generator • Extension of BAN • Explicit interpretation • Idealization step • Fails to consider other interpretations • Hidden assumptions about safety of message • Responsibility • Account for principal’s irresponsible behavior • Tool: RVChecker • Theory Generator CSE 914 - Michigan State University

  9. RV (cont.) • Advantages • Maintains the original simplicity of BAN • Has tool support • Addresses principal responsibility and the idealization step • Disadvantages • No formal syntax or semantics • Unable to specify full range of protocols CSE 914 - Michigan State University

  10. AT – 1991 • Goal: Find a natural semantic model for BAN • Extensions: • Provides formal syntax and semantics • Simplifies existing BAN inference rules • Reformulates inference rules as axioms • Removes need for honesty CSE 914 - Michigan State University

  11. AT (cont.) • Advantages • Formal syntax and semantics • Addresses question of principal honesty • More elegant proof system owing to rules of BAN being rewritten as axioms • Disadvantages • No tool support • Assumes perfect encryption • Does not address idealization step CSE 914 - Michigan State University

  12. VO – 1993 • Goal: Extend BAN family of logics in a manner that allows authenticated key agreement protocols to be analyzed, and to better examine goals and beliefs in the protocols. • Extensions • Refine the BAN construct “shares the good crypto key” • Define new key confirmation primitive • Define new postulates for use with reasoning about “jointly established” keys CSE 914 - Michigan State University

  13. VO (cont.) • Advantages • Accomplishes analysis of a new set of protocols • Allows for a closer analysis of the goals and beliefs of the new set of protocols • Disadvantages • Time is ignored • Message ordering is not addressed CSE 914 - Michigan State University

  14. SVO – 1994 • Goal: Unification of BAN, GNY, AT, & VO • Extensions: • Include public keys • New functions • Message comprehensibility CSE 914 - Michigan State University

  15. SVO (cont.) • Advantages • Proved to be sound • Disadvantages • Not suited for tool support • SVD revamped SVO: developed to be compatible with Isabelle theorem prover CSE 914 - Michigan State University

  16. Mao – 1995 • Goal: Formalize the idealization step • Extension: • Rule-based idealization technique • Remove need for perfect encryption assumption CSE 914 - Michigan State University

  17. Mao (cont.) • Advantages • Formalization of idealization technique • Eliminates assumption of perfect cryptography • Disadvantages • No tool support • No proof of soundness for idealization rules CSE 914 - Michigan State University

  18. Comparison Table Part 1 CSE 914 - Michigan State University

  19. Comparison Table Part 2 CSE 914 - Michigan State University

  20. Conclusions • BAN gave a very good foundation to expand upon • BAN-like logics do not need to be limited to authentication protocols • No one logic can or will cover all aspects of protocol analysis • More tool support is needed CSE 914 - Michigan State University

  21. Possible Future Work • Possible extensions to our work: • Include other BAN-like logics • Gaarder Snekkenes - GS • Sigrid Gurgens – SG • Mao and Boyd • SVD – An extension of SVO • Design and develop tool support CSE 914 - Michigan State University

  22. References • Kindred, "Theory Generation for Security Protocols“. 1999. http://reports-archive.adm.cs.cmu.edu/anon/1999/CMU-CS-99-130.pdf • Mao, "An Augmentation of BAN-Like Logics“. 1995. http://www.citeseer.nj.nec.com/mao95augmentation.html • Syverson and van Oorschot, "On unifying some cryptographic protocol logics“. 1994. http://www.citeseer.nj.nec.com/syverson94unifying.html • M. Abadi and M. Tuttle, "A Semantics for a Logic of Authentication“. http://www.citeseer.nj.nec.com/article/abadi91semantics.html • Burrows, Abadi & Needham, “A Logic of Authentication”. 1989. http://citeseer.nj.nec.com/burrows90logic.html • Gong, Needham and Yahalom, "Reasoning About Belief in Cryptographic Protocols”. 1990. http://citeseer.nj.nec.com/gong90reasoning.html • van Oorschot,”Extending cryptographic logics of belief to key agreement protocols”. 1993. http://doi.acm.org/10.1145/168588.168617 CSE 914 - Michigan State University

  23. Relationships Among Logics BAN - 1989 GS - 1991 GNY - 1990 RV - 1996 AT - 1991 VO - 1993 SG - 1996? SVO - 1994 Mao - 1995 CSE 914 - Michigan State University

More Related