Abstract
This paper discusses a formal approach for establishing theories of trust for authentication systems which can be used to reason about how agent beliefs evolve through time. The goal of an authentication system is to verify and authorise users in order to protect restricted data and information, so trust is a critical issue for authentication systems. After authentication, two principals (people, computers, services) should be entitled to believe that they are communicating with each other and not with intruders. So, it is important to express such beliefs precisely and to capture the reasoning that leads to them. In this paper, we focus on analysis of agent beliefs in dynamic environments using a temporalised belief logic, obtained by adding a temporal logic onto a belief logic. Working through a well-known authentication protocol, namely Kerberos, we discuss how to express principal beliefs involved in authentication protocols and the evolution of those beliefs based on a series of observations of agents as a consequence of communication. Our approach could be used for designing, verifying and implementing authentication protocols.
Similar content being viewed by others
References
Burrows, M., Abadi, M., & Needham, R. M. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.
Campbell, E. A., Safavi-Naini, R., & Pleasants, P. A. (1992). Partial belief and probabilistic reasoning in the analysis of secure protocols. In Proceedings of the 5th IEEE computer security foundations workshop (pp. 84–91). IEEE Computer Society Press.
Denning, D. E., & Sacco, G. M. (1981). Timestamps in key distribution protocols. In Commun. ACM, vol. 24.8 (pp. 533–536).
Finger, M., & Gabbay, D. M. (1992). Adding a temporal dimension to a logic system. Journal of Logic, Language and Information, 1, 203–233.
Fisher, M., & Ghidini, C. (2002). Agents with bounded temporal resources. In Foundations and applications of multi-agent systems. UKMAS workshops 1996-2000. Selected papers, LNAI, vol. 2403 (pp. 169–184). Springer.
Fitting, M., & Mendelsohn, R. L. (1999). First-order modal logic. Kluwer Academic Publishers.
Gabbay, D. M. (2000). Fibring logics. Journal of Logic, Language and Information, 9(4), 511–513.
Gabbay, D., Pigozzi, G., & Woods, J. (2003). Controlled revision—an algorithmic approach for belief revision. Journal of Logic and Computation, 13(1), 3–22.
Giacomo, G. D., Lenzerini, M., Poggi, A., & Rosati, R. (2006). On the update of description logic ontologies at the instance level. In Proceedings of the twenty-first national conference on artificial intelligence. AAAI Press.
Gong, L., Needham, R., & Yahalom, R. (1990). Reasoning about belief in cryptographic protocols. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, (pp. 234–248). IEEE Computer Society Press.
Hughes, G. E., & Cresswell, M. J. (1996). A New Introduction to Modal Logic. London: Routledge.
Jonker, C. M., & Treur, J. (1999). Formal analysis of models for the dynamics of trust based on experiences. In Proceedings of Multi-Agent System Engineering ’99, vol. 1647 (pp. 221–231). Springer.
Kripke, S. A. (1963) Semantical considerations on modal logic. Acta Philosophica Fennica, 16, 83–94.
Liu, C. (2001). Logical foundations for reasoning about trust in secure digital communication. In Proceedings of AI2001: Advances in Artificial Intelligence. LNCS, vol. 2256 (pp. 333–344). Springer.
Liu, C., & Orgun, M. A. (1996). Dealing with multiple granularity of time in temporal logic programming. Journal of Symbolic Computation, 22(5/6), 699–720.
Liu, C., & Orgun, M. A. (1999). Verification of reactive systems using temporal logic with clocks. Theoretical Computer Science, 220(2), 377–408.
Liu, C., & Ozols, M. A. (2002). Trust in secure communication systems—the concept, representations, and reasoning techniques. In Proceedings of AI2002: Advances in artificial intelligence. LNCS, vol. 2557 (pp. 60–70). Springer.
Liu, C., Ozols, M. A., & Orgun, M. A. (2004). A temporalised belief logic for specifying the dynamics of trust for multi-agent systems. In Proceedings of the Ninth Asian Computer Science Conference 2004. LNCS, vol. 3321 (pp. 142–156). Springer.
Liu, H., Lutz, C., Milicic, M., & Wolter, F. (2006). Updating description logic aboxes. In Proceedings of International Conference of Principles of knowledge Representation and Reasoning (KR) (pp. 46–56).
Ma, J., & Orgun, M. (2006a). Theories of trust for authentication systems. In 2nd Secure Knowledge Management Workshop (unpaginated cd-rom proceedings).
Ma, J., & Orgun, M. (2006b). Trust management and trust theory revision. IEEE Transactions on Systems, Man and Cybernetics, Part A, 36(3), 451–460.
Ma, J., & Orgun, M. (2007). Specifying agent beliefs for authentication systems. In Proceedings of 4th European Conference on Universal Multiservice Networks, (pp. 410–418). IEEE Computer Society Press.
McCarthy, J. (1990). Formalizing common sense: Papers by John McCarthy (V. Lifschitz). Ablex Publishing Corporation.
Meyer, T. (1999). Basic infobase change. In Proceedings of AI’99. LNCS, vol. 1747 (pp. 156–167). Springer.
Miller, S. P., Neuman, C., Schiller, J. I., & Saltzer, J. H. (1987). Kerberos authentication and authorization system. Project Athena Technical Plan, Sect. E.2.1. MIT.
Moser, L. (1989). A logic of knowledge and belief for reasoning about computer security. In Proceedings of the Computer Security Foundations Workshop II (pp. 57–63). IEEE Computer Society Press.
Needham, R. M., & Schroeder, M. D. (1978). Using encryption for authentication in large networks of computers. In Commun. ACM, vol. 21 (pp. 993–999).
Oorschot, P. C. V. (1993). Extending cryptographic logics of belief to key agreement protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security, (pp. 233–243). ACM Press.
Orgun, M. A., Ma, J., Liu, C., & Governatori, G. (2006). Analysing stream authentication protocols in autonomous agent-based systems. In Proceedings of the 2nd International Symposium on Dependable Autonomic and Secure Computing (pp. 325–332). IEEE Computer Society Press.
Rangan, P. V. (1988). An axiomatic basis of trust in distributed systems. In Proceedings of the 1988 IEEE computer Society Symposium on Research in Security and Privacy, (pp. 204–211).
Schulte, O. (1999). Minimal belief change and pareto-optimality. In Proceedings of AI’99. LNCS, vol. 1747 (pp. 144–155). Springer.
Steiner, J. G., Neuman, B. C., Schiller, J. (1988). Kerberos: An authentication service for open network systems. In Proceedings of the Winter 1988 Usenix Conference, (pp. 191–202).
Syverson, P. F., & Oorschot, P. C. V. (1996). A Unified Cryptographic Protocol Logic. In NRL Publication. Naval Research Lab.
Wedel, G., & Kessler, V. (1996). Formal semantics for authentication logics. In Proceedings of ESORICS’96. LNCS, vol. 1146 (pp. 219–241). Springer.
Wen, J., Zhang, M., & Li, X. (2005) The study on the application of ban logic in formal analysis of authentication protocols. In Proceedings of the 7th International Conference on Electronic Commerce (pp. 744–747). ACM Press.
Yahalom, R., Klein, B., & Beth, T. (1993). Trust relationships in secure systems—a distributed authentication perspective. In Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy (pp. 150–164).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ma, J., Orgun, M.A. Formalising theories of trust for authentication protocols. Inf Syst Front 10, 19–32 (2008). https://doi.org/10.1007/s10796-007-9049-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-007-9049-0