{"title":"认证协议类型分析分析","authors":"M. Bugliesi, R. Focardi, Matteo Maffei","doi":"10.1109/CSFW.2005.8","DOIUrl":null,"url":null,"abstract":"This paper contrasts two existing type-based techniques for the analysis of authentication protocols. The former, proposed by Gordon and Jeffrey, uses dependent types for nonces and cryptographic keys to statically regulate the way that nonces are created and checked in the authentication exchange. The latter, proposed by the authors, relies on a combination of static and dynamic typing to achieve similar goals. Specifically, the type system employs dependent ciphertext types to statically define certain tags that determine the typed structure of the messages circulated in the authentication exchange. The type tags are then checked dynamically to verify that each message has the format expected at the corresponding step of the authentication exchange. This paper compares the two approaches, drawing on a translation of tagged protocols, validated by our system, into protocols that type check with Gordon and Jeffrey's system. This translation gives new insight into the tradeoffs between the two techniques, and on their relative expressiveness and precision. In addition, it allows us to port verification techniques from one setting to the other.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"103 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":"{\"title\":\"Analysis of typed analyses of authentication protocols\",\"authors\":\"M. Bugliesi, R. Focardi, Matteo Maffei\",\"doi\":\"10.1109/CSFW.2005.8\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper contrasts two existing type-based techniques for the analysis of authentication protocols. The former, proposed by Gordon and Jeffrey, uses dependent types for nonces and cryptographic keys to statically regulate the way that nonces are created and checked in the authentication exchange. The latter, proposed by the authors, relies on a combination of static and dynamic typing to achieve similar goals. Specifically, the type system employs dependent ciphertext types to statically define certain tags that determine the typed structure of the messages circulated in the authentication exchange. The type tags are then checked dynamically to verify that each message has the format expected at the corresponding step of the authentication exchange. This paper compares the two approaches, drawing on a translation of tagged protocols, validated by our system, into protocols that type check with Gordon and Jeffrey's system. This translation gives new insight into the tradeoffs between the two techniques, and on their relative expressiveness and precision. In addition, it allows us to port verification techniques from one setting to the other.\",\"PeriodicalId\":333912,\"journal\":{\"name\":\"18th IEEE Computer Security Foundations Workshop (CSFW'05)\",\"volume\":\"103 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"25\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"18th IEEE Computer Security Foundations Workshop (CSFW'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSFW.2005.8\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSFW.2005.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Analysis of typed analyses of authentication protocols
This paper contrasts two existing type-based techniques for the analysis of authentication protocols. The former, proposed by Gordon and Jeffrey, uses dependent types for nonces and cryptographic keys to statically regulate the way that nonces are created and checked in the authentication exchange. The latter, proposed by the authors, relies on a combination of static and dynamic typing to achieve similar goals. Specifically, the type system employs dependent ciphertext types to statically define certain tags that determine the typed structure of the messages circulated in the authentication exchange. The type tags are then checked dynamically to verify that each message has the format expected at the corresponding step of the authentication exchange. This paper compares the two approaches, drawing on a translation of tagged protocols, validated by our system, into protocols that type check with Gordon and Jeffrey's system. This translation gives new insight into the tradeoffs between the two techniques, and on their relative expressiveness and precision. In addition, it allows us to port verification techniques from one setting to the other.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
