Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Private authentication
Abadi M., Fournet C. Theoretical Computer Science322 (3):427-476,2004.Type:Article
Date Reviewed: Mar 16 2005

This paper focuses on the privacy of communication between two or more mobile interlocutors (principals), and protecting their messages and their identities from third parties (a situation that can arise in mobile telephony and mobile computing). The protection is considered to be against an active adversary (as in security described by Needham-Schroder protocols).

Abadi and Fournet provide a definition of a privacy property (first informally, then in a process calculus). This property implies that each principal may reveal and prove its identity to certain other principals, and hide it from the rest. The main contribution of the paper consists of the construction of two protocols that allow the principals to authenticate with chosen interlocutors, while hiding their identities from others.

The paper spans 50 pages. The first section is a general overview of the subject. Section 2 defines and discusses the privacy properties defined by the authors. Section 3 presents the general assumptions on which the protocols rely. Section 4 develops two protocols, and some optimizations and extensions. The first protocol uses digital signatures, and requires that principals have loosely synchronized clocks. It is based on the Denning-Sacco public key protocol [1], and its corrected version [2]. The second protocol uses only encryption, and avoids the synchronization requirements, at the cost of an extra message.

Section 5 explains the applied pi calculus (an extension of pi calculus), and gives some examples. Section 6 constructs a formal model of the second protocol using the applied pi calculus. Section 7 addresses (in two theorems) the authenticity and secrecy properties of this model of the second protocol. In section 8, the theoretical analysis is concentrated on privacy properties. The results show that the standard authenticity, secrecy, and privacy (identity protection) properties are covered by the protocol. Some applications of this identity protection are developed in subsection 8.3. Section 9 discusses some related problems and related work (including, in particular, work on message untraceability). Section 10 concludes the paper. An appendix contains proofs for the main claims of sections 7 and 8.

The paper is considered by the authors to be a contribution to the formal study of security protocols and of their properties.
Reviewer:  Adrian Atanasiu Review #: CR130994 (0509-1076)
1) Denning, S. Timestamps in key distribution protocols. Comm. ACM 24, 7(1981), 533–535.
2) Abadi, N. Prudent engineering practice for cryptographic protocols. IEEE Trans Software Eng. 22, 1(1996), 6–15.
Bookmark and Share
  Reviewer Selected
  
 
Security and Protection (K.6.5 )
 
 
Access Controls (D.4.6 ... )
 
 
Computability Theory (F.4.1 ... )
 
 
Modeling Techniques (C.4 ... )
 
 
Security, Integrity, And Protection (H.2.0 ... )
 
 
Wireless Communication (C.2.1 ... )
 
  more  
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article		 Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)		 Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)		 Oct 1 1991
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy