Sciweavers

CSFW
2002
IEEE

Security Protocol Design via Authentication Tests

14 years 5 months ago
Security Protocol Design via Authentication Tests
We describe a protocol design process, and illustrate its use by creating ATSPECT, an Authentication Test-based Secure Protocol for Electronic Commerce Transactions. The design process is organized around the authentication tests, a method for protocol verification based on the strand space theory. The authentication tests dictate how randomly generated values such as nonces may be combined with encryption to achieve authentication and freshness. ATSPECT offers functionality and security guarantees akin to the purchase request, payment authorization, and payment capture phases of SET, the secure electronic transaction standard created by the major credit card firms. In previous work [10, 12, 8], we have developed a method—called the “authentication test” method—that can be used by hand to verify cryptographic protocols. We also pointed out that the same ideas can be used to guide the protocol development process, quickly leading to new protocols; proofs of correctness for th...
Joshua D. Guttman
Added 14 Jul 2010
Updated 14 Jul 2010
Type Conference
Year 2002
Where CSFW
Authors Joshua D. Guttman
Comments (0)