skip to main content
article

Just fast keying in the pi calculus

Authors Info & Claims
Published:01 July 2007Publication History
Skip Abstract Section

Abstract

JFK is a recent, attractive protocol for fast key establishment as part of securing IP communication. In this paper, we formally analyze this protocol in the applied pi calculus (partly in terms of observational equivalences and partly with the assistance of an automatic protocol verifier). We treat JFK's core security properties and also other properties that are rarely articulated and rigorously studied, such as plausible deniability and resistance to denial-of-service attacks. In the course of this analysis, we found some ambiguities and minor problems, such as limitations in identity protection, but we mostly obtain positive results about JFK. For this purpose, we develop ideas and techniques that should be more generally useful in the specification and verification of security protocols.

References

  1. Abadi, M. and Blanchet, B. 2005a. Analyzing security protocols with secrecy types and logic programs. Journal of the ACM 52, 1, 102--146. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Abadi, M. and Blanchet, B. 2005b. Computer-assisted verification of a protocol for certified email. Science of Computer Programming 58, 1--2 (Oct.), 3--27. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Abadi, M. and Fournet, C. 2001. Mobile values, new names, and secure communication. In 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'01). 104--115. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Abadi, M. and Fournet, C. 2004. Private authentication. Theoretical Computer Science 322, 3 (Sept.), 427--476. Parts of this work were presented at PET'02 (LNCS 2482) and ISSS'02 (LNCS 2602). Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Abadi, M. and Gordon, A. D. 1999. A calculus for cryptographic protocols: The spi calculus. Information and Computation 148, 1 (Jan.), 1--70. An extended version appeared as Digital Equipment Corporation Systems Research Center report No. 149, January 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Aiello, W., Bellovin, S., Blaze, M., Canetti, R., Ionnidis, J., Keromytis, A., and Reingold, O. 2002a. Efficient, DoS-resistant, secure key exchange for internet protocols. In 9th ACM Conference on Computer and Communications Security (CCS'02). 48--58. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Aiello, W., Bellovin, S., Blaze, M., Canetti, R., Ionnidis, J., Keromytis, A., and Reingold, O. 2002b. Just fast keying (JFK). IETF Internet Draft draft-ietf-ipsec-jfk-04.txt.Google ScholarGoogle Scholar
  8. Aiello, W., Bellovin, S., Blaze, M., Canetti, R., Ionnidis, J., Keromytis, A., and Reingold, O. 2004. Just fast keying: Key agreement in a hostile internet. ACM Transactions on Information and System Security 7, 2 (May), 1--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Blanchet, B. 2001. An efficient cryptographic protocol verifier based on Prolog rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14). 82--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Blanchet, B. 2002. From secrecy to authenticity in security protocols. In Static Analysis, 9th International Symposium (SAS'02). LNCS, vol. 2477. Springer-Verlag, New York. 342--359. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Blanchet, B. 2004. Automatic proof of strong secrecy for security protocols. In IEEE Symposium on Security and Privacy. 86--100.Google ScholarGoogle ScholarCross RefCross Ref
  12. Blanchet, B., Abadi, M., and Fournet, C. 2005. Automated verification of selected equivalences for security protocols. In 20th IEEE Symposium on Logic in Computer Science (LICS 2005). IEEE Computer Society, Washington, D.C. 331--340. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Bodei, C. 2000. Security issues in process calculi. Ph.D. thesis, Università di Pisa.Google ScholarGoogle Scholar
  14. Datta, A., Mitchell, J. C., and Pavlovic, D. 2002. Derivation of the JFK protocol. http://www.stanford.edu/~danupam/composition.ps.Google ScholarGoogle Scholar
  15. Datta, A., Derek, A., Mitchell, J. C., and Pavlovic, D. 2004. Abstraction and refinement in protocol derivation. In 17th IEEE Computer Security Foundations Workshop (CSFW-17). 30--45. Google ScholarGoogle ScholarCross RefCross Ref
  16. Datta, A., Derek, A., Mitchell, J. C., and Pavlovic, D. 2005. A derivation system and compositional logic for security protocols. Journal of Computer Security 13, 3, 423--482. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Harkins, D. and Carrel, D. 1998. RFC 2409: The Internet Key Exchange (IKE). http://www.ietf.org/rfc/rfc2409.txt. Google ScholarGoogle Scholar
  18. Harkins, D., Kaufman, C., Kivinen, T., Kent, S., and Perlman, R. 2002. Design rationale for IKEv2. IETF Internet Draft (expired) draft-ietf-ipsec-ikev2-rationale-00.txt.Google ScholarGoogle Scholar
  19. Karn, P. and Simpson, W. 1999. RFC 2522: Photuris: Session-key management protocol. http://www.ietf.org/rfc/rfc2522.txt. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Kaufman, C. 2005. RFC 4306: Internet Key Exchange (IKEv2) Protocol. http://www.ietf.org/rfc/rfc4306.txt.Google ScholarGoogle Scholar
  21. Kemmerer, R., Meadows, C., and Millen, J. 1994. Three systems for cryptographic protocol analysis. Journal of Cryptology 7, 2 (Spring), 79--130.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Lincoln, P., Mitchell, J., Mitchell, M., and Scedrov, A. 1998. A probabilistic poly-time framework for protocol analysis. In Fifth ACM Conference on Computer and Communications Security (CCS'98). 112--121. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Lowe, G. 1996. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems. LNCS, vol. 1055. Springer-Verlag, New York. 147--166. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Mao, W. and Paterson, K. G. 2003. On the plausible deniability feature of internet protocols. Unpublished manuscript.Google ScholarGoogle Scholar
  25. Meadows, C. 1999. Analysis of the Internet Key Exchange protocol using the NRL protocol analyzer. In IEEE Symposium on Security and Privacy. 216--231.Google ScholarGoogle ScholarCross RefCross Ref
  26. Meadows, C. 2001. A cost-based framework for analysis of denial of service networks. Journal of Computer Security 9, 1/2, 143--164. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Needham, R. M. and Schroeder, M. D. 1978. Using encryption for authentication in large networks of computers. Communications of the ACM 21, 12 (Dec.), 993--999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Paulson, L. C. 1998. The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6, 1--2, 85--128. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Roe, M. 1997. Cryptography and evidence. Ph.D. thesis, Clare College, University of Cambrige, UK. Available at http://research.microsoft.com/users/mroe/thesis.pdf.Google ScholarGoogle Scholar
  30. Sangiorgi, D. and Walker, D. 2001. The Pi-calculus: A Theory of Mobile Processes. Cambridge University Press, Cambridge. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Thayer Fábrega, F. J., Herzog, J. C., and Guttman, J. D. 1998. Strand spaces: Why is a security protocol correct? In IEEE Symposium on Security and Privacy. 160--171.Google ScholarGoogle Scholar
  32. Wagner, D. and Schneier, B. 1996. Analysis of the SSL 3.0 protocol. In 2nd USENIX Workshop on Electronic Commerce. 29--40. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Just fast keying in the pi calculus

                Recommendations

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in

                Full Access

                • Published in

                  cover image ACM Transactions on Information and System Security
                  ACM Transactions on Information and System Security  Volume 10, Issue 3
                  July 2007
                  195 pages
                  ISSN:1094-9224
                  EISSN:1557-7406
                  DOI:10.1145/1266977
                  Issue’s Table of Contents

                  Copyright © 2007 ACM

                  Publisher

                  Association for Computing Machinery

                  New York, NY, United States

                  Publication History

                  • Published: 1 July 2007
                  Published in tissec Volume 10, Issue 3

                  Permissions

                  Request permissions about this article.

                  Request Permissions

                  Check for updates

                  Qualifiers

                  • article

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader
                About Cookies On This Site

                We use cookies to ensure that we give you the best experience on our website.

                Learn more

                Got it!