Lecture Notes in Computer Science 2845 Edited by G. Goos, J. Hartmanis, and J. van Leeuwen

Similar documents
Lecture Notes in Computer Science 4631

Foundations of Mathematics

A Algorithms and Combinatorics 13

Formal Concept Analysis

NEUROANATOMY 3D-Stereoscopic Atlas of the Human Brain

How to Write Technical Reports

Ergebnisse der Mathematik und ihrer Grenzgebiete

Damage Mechanics with Finite Elements

Ramanujan's Notebooks

The Sound of Silence

Multicriteria Optimization

Encyclopedia of Marine Sciences

Mathematics, Computer Science and Logic - A Never Ending Story

Lecture Notes in Computer Science 2561 Edited by G. Goos, J. Hartmanis, and J. van Leeuwen

Landolt-Börnstein Numerical Data and Functional Relationships in Science and Technology New Series / Editor in Chief: W.

Zdravko Cvetkovski. Inequalities. Theorems, Techniques and Selected Problems

Phase Equilibria, Crystallographic and Thermodynamic Data of Binary Alloys

Paul M. Gauthier. Lectures on Several Complex

Landolt-Börnstein / New Series

Landolt-Börnstein Numerical Data and Functional Relationships in Science and Technology New Series / Editor in Chief: W.

Companion to European Heritage Revivals / edited by Linde Egberts and Koos Bosma

Lecture Notes in Computer Science 2023 Edited by G. Goos, J. Hartmanis, and J. van Leeuwen

Collected Papers VI. Literary Reality and Relationships

Trends in Mathematics

Introduction to the Representation Theory of Algebras

Communicating Science

Guide to Computing for Expressive Music Performance

Texts in Theoretical Computer Science An EATCS Series

Springer-Verlag Berlin Heidelberg GmbH

EATCS Monographs on Theoretical Computer Science

Köhler s Invention Birkhäuser Verlag Basel Boston Berlin

Lecture Notes in Computer Science 7020

Calculation of Demographic Parameters in Tropical Livestock Herds

What Does a Chameleon Look Like?

THE LITTLE BOOK. bees

Existentialism and Romantic Love

Burkhard Vogel. How to Gain Gain. A Reference Book on Triodes in Audio Pre-Amps

Publications des Archives Henri-Poincaré Publications of the Henri Poincaré Archives

Richard Wollheim on the Art of Painting

Lecture Notes in Computer Science. Edited by G. Goos, J. Hartmanis and J. van Leeuwen

Romanticism and Pragmatism

HANDBOOK OF RECORDING ENGINEERING FOURTH EDITION

A Glossary of Anesthesia and Related Terminology. Second Edition

Human Rights Violation in Turkey

Rasch Models. Foundations, Recent Developments, and Applications

Lecture Notes in Computer Science 2755 Edited by G. Goos, J. Hartmanis, and J. van Leeuwen

Protecting Chips Against Hold Time Violations Due to Variability

Blake and Modern Literature

THEORY AND APPLICATIONS OF SPECIAL FUNCTIONS. A Volume Dedicated to Mizan Rahman

Letters between Forster and Isherwood on Homosexuality and Literature

Narrative Dimensions of Philosophy

Death in Henry James. Andrew Cutting

Seeber Satellite Geodesy

Hauntings: Psychoanalysis and Ghostly Transmissions

The Hegel Marx Connection

The Scientific iemper

Lecture Notes in Physics

A Hybrid Theory of Metaphor

Public Sector Organizations and Cultural Change

The Letter in Flora Tristan s Politics,

SYNTHESE LIBRARY STUDIES IN EPISTEMOLOGY, LOGIC, METHODOLOGY, AND PHILOSOPHY OF SCIENCE. JAAKKO HINTIKKA, Boston University

The New European Left

The Rhetoric of Religious Cults

Klein, Sartre and Imagination in the Films of Ingmar Bergman

The Discourse of Peer Review

The Elegies of Ted Hughes

Max Weber and Postmodern Theory

The Philosophy of Friendship

A Cultural Approach to Discourse

BRITAIN AND THE MAASTRICHT NEGOTIATIONS

Being Agile. Your Roadmap to Successful Adoption of Agile. Mario E. Moreira

MATLAB Ò and Design Recipes for Earth Sciences

Performing Shakespeare s Tragedies Today

Logic and the Limits of Philosophy in Kant and Hegel

MYRIAD-MINDED SHAKESPEARE

Cyber Ireland. Text, Image, Culture. Claire Lynch. Brunel University London, UK

ALLYN YOUNG: THE PERIPATETIC ECONOMIST

TOLKIEN: A CRITICAL ASSESSMENT

Town Twinning, Transnational Connections, and Trans-local Citizenship Practices in Europe

Victorian Celebrity Culture and Tennyson s Circle

Re-Reading Harry Potter

British Women s Life Writing,

Injectable Fillers in Aesthetic Medicine

Conrad s Eastern Vision

Dialectics for the New Century

JACOBEAN POETRY AND PROSE

Performance Anxiety in Media Culture

Defining Literary Criticism

Linear Circuit Design Handbook

Calculating the Human

Freshwater Invertebrates in Central Europe

Problem Books in Mathematics

Studies in German Idealism

Electron Beam Curing of Composites

Experiencing Illness and the Sick Body in Early Modern Europe

Author Chronologies. Published titles include: General Editor: Norman Page, Emeritus Professor of Modem English Literature, University of Nottingham

The Prose Works of Sir Philip Sidney

DOI: / William Corder and the Red Barn Murder

Romanticism, Medicine and the Natural Supernatural

Ten Essays in the Development of Economic Thought. Ronald L. Meek Tyler Professor of Economics at the University of Leicester

Transcription:

Lecture Notes in Computer Science 2845 Edited by G. Goos, J. Hartmanis, and J. van Leeuwen

3 Berlin Heidelberg New York Hong Kong London Milan Paris Tokyo

Bruce Christianson James A. Malcolm Bruno Crispo Michael Roe (Eds.) Security Protocols 10th International Workshop Cambridge, UK, April 17-19, 2002 Revised Papers 13

Series Editors Gerhard Goos, Karlsruhe University, Germany Juris Hartmanis, Cornell University, NY, USA Jan van Leeuwen, Utrecht University, The Netherlands Volume Editors Bruce Christianson James A. Malcolm University of Hertfordshire, Computer Science Department Hatfield AL10 9AB, UK E-mail: {b.christianson,j.a.malcolm}@herts.ac.uk Bruno Crispo Vrije Universiteit De Boelelaan 1081a, 1081 HV Amsterdam, The Netherlands E-mail: crispo@cs.vu.nl Michael Roe Microsoft Research Ltd. 7 J.J. Thomson Avenue, Cambridge CB3 0FB, UK E-mail: mroe@mircosoft.com Cataloging-in-Publication Data applied for A catalog record for this book is available from the Library of Congress. Bibliographic information published by Die Deutsche Bibliothek Die Deutsche Bibliothek lists this publication in the Deutsche Nationalbibliografie; detailed bibliographic data is available in the Internet at <http://dnb.ddb.de>. CR Subject Classification (1998): E.3, F.2.1-2, C.2, K.6.5, J.1, K.4.1, D.4.6 ISSN 0302-9743 ISBN 3-540-20830-5 Springer-Verlag Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer-Verlag. Violations are liable for prosecution under the German Copyright Law. Springer-Verlag is a part of Springer Science+Business Media springeronline.com c Springer-Verlag Berlin Heidelberg 2004 Printed in Germany Typesetting: Camera-ready by author, data conversion by PTP-Berlin, Protago-TeX-Production GmbH Printed on acid-free paper SPIN: 10976111 06/3142 5 4 3 2 1 0

Preface Once again we bring you the proceedings of the International Workshop on Security Protocols. It seems hard to believe that we have reached the tenth event in this annual series. This year our theme was Discerning the Protocol Participants. Security protocols are usually described in terms of the active participants Alice computes foo and sends it to Bob. However most security protocols also include off-line participants, which are not synchronously involved in the exchange of messages: a bank may participate on behalf of a customer, and an arbiter may subsequently be asked to interpret the meaning of a run. These silent partners to the protocol have their own security policies, and assumptions about identity, authorization and capability need to be re-examined when the agenda of a hidden participant may change. We hope that the position papers published here, which have been rewritten and rethought in the light of the discussions at the workshop, will be of interest, not just for the specific contributions they make but also for the deeper issues which they expose. In order to identify these issues more clearly, we include transcripts for some of the discussions which took place in Cambridge during the workshop. What would you have liked to add? Do let us know. As in past years, these proceedings also include a transcript of the keynote address given by Roger Needham. Alas, this is the last time. Roger s death during the preparation of these proceedings represents a loss, not only to us in the security community but indeed to the whole of computer science, of a magnitude that we are only just beginning to discern. In these proceedings, as in life, he has the last word. Our thanks to Sidney Sussex College, Cambridge for the use of their facilities, to Lori Klimaszewska of the University of Cambridge Computing Service for transcribing the audio tapes (in which fine grain cement at Wapping nearly proved a sticking point for concurrency) and to Johanna Hunt at the University of Hertfordshire for her assistance in editing the resulting Heraclitian texts. July 2003 Bruce Christianson Bruno Crispo James Malcolm Michael Roe

VI Previous Proceedings in This Series The proceedings of previous International Workshops on Security Protocols have also been published by Springer-Verlag as Lecture Notes in Computer Science, and are occasionally referred to in the text: 9th Workshop (2001), LNCS 2467, ISBN 3-540-44263-4 8th Workshop (2000), LNCS 2133, ISBN 3-540-42566-7 7th Workshop (1999), LNCS 1796, ISBN 3-540-67381-4 6th Workshop (1998), LNCS 1550, ISBN 3-540-65663-4 5th Workshop (1997), LNCS 1361, ISBN 3-540-64040-1 4th Workshop (1996), LNCS 1189, ISBN 3-540-63494-5

Table of Contents Introduction Bruce Christianson (Transcript)... 1 Keynote Address Roger M. Needham... 2 Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties Jari Arkko and Pekka Nikander... 5 Discussion... 17 Is Entity Authentication Necessary? Chris J. Mitchell and Paulo S. Pagliusi... 20 Discussion... 30 A Structured Operational Modelling of the Dolev-Yao Threat Model Wenbo Mao...34 Discussion... 45 On Trust Establishment in Mobile Ad-Hoc Networks Laurent Eschenauer, Virgil D. Gligor, and John Barras...47 Discussion... 63 Legally Authorized and Unauthorized Digital Evidence Hiroshi Y oshiura, Kunihiko Miyazaki, Shinji Itoh, Kazuo Takaragi, and Ryoichi Sasaki...67 Discussion... 71 Shrink-Wrapped Optimism: The DODA Approach to Distributed Document Processing Bruce Christianson and Jean F. Snook... 74 Discussion... 87 Contractual Access Control Babak Sadighi F irozabadi and Marek Sergot... 96 Discussion... 103 Confidentiality Levels and Deliberate/Indeliberate Protocol Attacks Giampaolo Bella and Stefano Bistarelli... 104 Discussion... 119

VIII Table of Contents Analyzing Delegation Properties Giampaolo Bella and Lawrence C. P aulson... 120 Discussion... 126 Combinatorial Optimization of Countermeasures against Illegal Copying Ryoichi Sasaki, Hiroshi Yoshiura, and Shinji Itoh... 128 Discussion... 144 Protocols with Certified-Transfer Servers Raphael Yahalom... 145 Discussion... 154 An Architecture for an Adaptive Intrusion-Tolerant Server Alfonso Valdes, Magnus Almgren, Steven Cheung, Yves Deswarte, Bruno Dutertre, Joshua Levy, Hassen Saïdi, Victoria Stavridou, and Tomás E. Uribe... 158 Discussion... 178 Supporting Imprecise Delegation in KeyNote Simon N. Foley... 179 Discussion... 188 Modelling Protocols for Secure Group Communications in Ad Hoc Networks Alec Y asinsac and James A. Davis... 189 Discussion... 202 Delegation of Signalling Rights Pekka Nikander and Jari Arkko... 203 Discussion... 213 Mobile IPv6 Security Tuomas Aura... 215 Discussion... 229 Concluding Discussion: Accounting for Resources All (Chair: Bruce Christianson) (Discussion)... 235 Back to the Beginning Roger M. Needham... 242 Author Index... 243

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback