Partial belief and probabilistic reasoning in the analysis of secure protocols

Abstract

The authors propose an extension of the BAN logic to reason about a secure protocol in a hostile and/or unknown environment. Probabilities, attached to the sentences and rules of the logic, allow them to quantify the beliefs of principals and represent the insecurities and uncertainties of a real life situation. They develop a probabilistic logic and obtain tight lower bounds on the probability of the conclusion which correspond to the minimum trust that can be put on the goal of the protocol. This gives them a powerful tool to model and study the performance of secure protocols. They discuss a probabilistic semantic for BAN logic and apply the results to the Needham-Schroeder protocol. The paper concludes by discussing the merits of these results and mentioning some open problems.<>