摘要
提出了一种基于逻辑的信任多集方法,它与已有的密码协议安全性分析方法本质上不同:每个参与主体建立的新信任只应依赖于该主体已拥有的信任和接收或发送的包含了信任的新鲜性标识符的消息本身.在基于匹配对话和不可区分性的计算模型下,证明了给出的保证密码协议单方认证安全、双方认证安全、单方密钥安全和双方密钥安全的充分必要条件分别满足4个可证安全定义.实例研究和对比分析表明,信任多集方法有以下特点:首先,安全性分析结果要么证明了一个密码协议是安全的,要么指出了密码协议安全属性的缺失,由安全属性的缺失能够直接导出构造攻击的结构;其次,分析方法与密码协议和攻击者能力的具体形式化描述无关;最后,不仅可用于手工分析,而且便于开发出自动验证系统.
This paper proposes a belief multisets formalism for analyzing cryptographic protocols, and the formalism is foundationally different from the previous: a participant's beliefs should depend only on the sent or received fresh messages and the beliefs already possessed by this party. The presented security adequacy of unilateral authentication secure, mutual authentication secure, unilateral session key secure, or mutual session key secure is proved not only substantial but also necessary to meet 4 security definitions respectively under the computational model of matching conversation and indistinguishability. Illustrations and comparison show that the analysis results based on the belief multisets suggest the correctness of a protocol or the way to construct attacks intuitively from the absence of security properties. The formalism is independent of the concrete formalization of a protocol or attackers' possible behaviors. The formalism can be developed not only by hand but also by automation.
出处
《软件学报》
EI
CSCD
北大核心
2009年第11期3060-3076,共17页
Journal of Software
基金
国家自然科学基金No.90704004
国家高技术研究发展计划(863)Nos.2006AA01Z422
2009AA01Z418~~
关键词
密码协议
安全性分析
形式化方法
自动化
cryptographic protocol
security analysis
formalism
automation
