Authenticity and provability - A formal framework

Sigrid Gürgens, Peter Ochsenschläger, Carsten Rudolph

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

17 Citations (Scopus)

Abstract

This paper presents a new formalisation of authenticity and proof of authenticity. These security properties constitute essential requirements for secure electronic commerce and other types of binding telecooperation. Based on the notions of formal language theory, authenticity and proof of authenticity are defined relative to the agents’ knowledge about the system. Abstraction by language homomorphisms satisfying particular properties preserves the respective security properties from a higher to a lower level of abstraction. Thus, the new formalisation is suitable for a top-down security engineering method. The approach is demonstrated by a typical e-commerce example, a price-offer transaction. We present specifications of this example on two different abstraction levels. On the lower of these abstraction levels, Asynchronous Product Automata (APA) are used to model cryptographic protocols, and properties of cryptographic algorithms are formally described by abstract secure channels.

Original languageEnglish
Title of host publicationInfrastructure Security - International Conference, InfraSec 2002, Proceedings
PublisherSpringer-Verlag London Ltd.
Pages227-245
Number of pages19
ISBN (Print)3540443096
Publication statusPublished - 1 Jan 2002
Externally publishedYes
EventInternational Conference on Infrastructure Security, InfraSec 2002 - Bristol, United Kingdom
Duration: 1 Oct 20023 Oct 2002

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2437
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Conference on Infrastructure Security, InfraSec 2002
Country/TerritoryUnited Kingdom
CityBristol
Period1/10/023/10/02

Cite this