Abstract
This paper presents an abstract formal framework for authentication using the standardised formal description technique LOTOS. The purpose of this framework is to investigate the abstract definition of authentication in a standardised formal language and to illustrate how to put some recent standardisation activities on a formal basis. Two authentication protocols are specified as examples of how the framework may be used in the specification and analysis of authentication.
Chapter PDF
Similar content being viewed by others
References
I.Adjubi, G.Scollo & M.van Sinderen, Formal Description of the OSI Session Layer: Introduction, in The Formal Description Technique LOTOS, P.H.J.van Eijk, C.A.Vissers, M.Diaz (Eds.), North-Holland 1989.
T.Bolognesi & E.Brinksma, Introduction to the ISO Specification Language LOTOS, Computer Networks and ISDN Systems, Vol 14, No 1, 1987, pp 25–59.
C.A.Boyd, Hidden Assumptions in Cryptographic Protocols, Proceedings of IEE, Part E, Vol 137, No 6, November 1990, pp433–436.
M.Burrows, M.Abadi and R.Needham, A Logic of Authentication, Proceedings of the Royal Society, Series A, Volume 426, Number 1871, December 1989, pp233–271.
ISO DP 10181-2, Security Frameworks for Open Systems — Part 2: Authentication Framework.
CCITT X509, The Directory — Authentication Framework, November 1987.
ISO JTC1/SC21 N6765, Guide to Open System Security, February 1992.
ISO 7498/2 Open Systems Interconnection Model Security Architecture
ISO 8807: LOTOS — A Formal Description Technique Based on the Temporal Ordering of Observational Behaviour, 1988.
A.K.Marshall, Introduction to LOTOS Tools, in The Formal Description Technique LOTOS, P.H.J.van Eijk, C.A.Vissers, M.Diaz (Eds.), North-Holland 1989.
C.Meadows, A System for the Specification and Analysis of Key Management Protocols, Proceedings of the 1991 IEEE Computer Society Symposium on Security and Privacy, pp. 182–195, IEEE Computer Society Press, 1991.
J.K.Millen, S.C.Clark & S.B.Freedman, The Interrogator: Protocol Security Analysis, IEEE Transactions on Software Engineering, SE-13, No. 2, February 1987.
R.M.Needham & M.D.Schroeder, Using Encryption for Authentication in Large Networks of Computers, Communications of the ACM, 21,12, December 1978, pp.993–999.
G.B.Purdy, A High Security Log-in Procedure, Communications of the ACM, 17,8,August 1974, pp.442–445.
V.Varadharajan & S.Black, Formal Specification of a Secure Distributed Message System, Proceedings of 12th National Computer Security Centre Conference, Baltimore, 1989.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1992 Springer-Verlag
About this paper
Cite this paper
Boyd, C. (1992). A formal framework for authentication. In: Deswarte, Y., Eizenberg, G., Quisquater, JJ. (eds) Computer Security — ESORICS 92. ESORICS 1992. Lecture Notes in Computer Science, vol 648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013903
Download citation
DOI: https://doi.org/10.1007/BFb0013903
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-56246-7
Online ISBN: 978-3-540-47488-3
eBook Packages: Springer Book Archive