*** Welcome to piglix ***

Burrows-Abadi-Needham logic


Burrows–Abadi–Needham logic (also known as the BAN logic) is a set of rules for defining and analyzing information exchange protocols. Specifically, BAN logic helps its users determine whether exchanged information is trustworthy, secured against eavesdropping, or both. BAN logic starts with the assumption that all information exchanges happen on media vulnerable to tampering and public monitoring. This has evolved into the popular security mantra, "Don't trust the network."

A typical BAN logic sequence includes three steps:

BAN logic uses postulates and definitions – like all axiomatic systems – to analyze authentication . Use of the BAN logic often accompanies a formulation of a protocol and is sometimes given in papers.

BAN logic, and logics in the same family, are decidable: there exists an algorithm taking BAN hypotheses and a purported conclusion, and that answers whether or not the conclusion is derivable from the hypotheses. The proposed algorithms use a variant of magic sets.

BAN logic inspired many other similar formalisms, such as GNY logic. Some of these try to repair one weakness of BAN logic: the lack of a good semantics with a clear meaning in terms of knowledge and possible universes. However, starting in the mid-1990s, crypto protocols were analyzed in operational models (assuming perfect cryptography) using model checkers, and numerous bugs were found in protocols that were "verified" with BAN logic and related formalisms. In some cases a protocol was reasoned as secure by the BAN analysis but where in fact insecure. This has led to the abandonment of BAN-family logics in favor of proof methods based on standard invariance reasoning.

The definitions and their implications are below (P and Q are network agents, X is a message, and K is an encryption key):

The meaning of these definitions is captured in a series of postulates:

P must believe that X is fresh here. If X is not known to be fresh, then it might be an obsolete message, replayed by an attacker.

Using this notation, the assumptions behind an authentication protocol can be formalized. Using the postulates, one can prove that certain agents believe that they can communicate using certain keys. If the proof fails, the point of failure usually suggests an attack which compromises the protocol.


...
Wikipedia

...