DOCSLIB.ORG

A Security Policy Model for Clinical Information Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Security Policy Model for Clinical Information Systems A Security Policy Mo del for Clinical Information Systems Ross J Anderson University of Cambridge Computer Lab oratory Pembroke Street Cambridge CB QG rossandersonclcamacuk Abstract up a numb er of centralised applications that will use it One of them will centralise the billing of hospital The protection of personal health information has treatment in a single system that will pro cess large become a live issue in a number of countries including amounts of p ersonal health information and make the USA Canada Britain and Germany The debate various analyses available to administrators Do ctors has shown that there is widespread confusion about will remain resp onsible for the security of clinical in what should be protected and why Designers of mil formation which they originate yet the do ctors main itary and banking systems can refer to Bel lLaPadula professional organisation the British Medical Asso and ClarkWilson respectively but there is no com ciation BMA has b een refused information ab out parable security policy model that spel ls out clear and the security mechanisms that are supp osed to protect concise access rules for clinical information systems patient information on the new network and its appli In this article we present just such a model It cations was commissioned by doctors and is driven by medical It also b ecame clear that there was much confu ethics it is informed by the actual threats to privacy sion ab out the actual threats and ab out the protec and reects current best clinical practice Its eect tion measures that it would b e prudent to take For is to restrict both the number of users who can ac these reasons the BMA asked the author to study cess any record and the maximum number of records the threats to p ersonal health information And accessed by any user This entails control ling infor Andc and then to draw up a security p olicy mo del mation ows across rather than down and enforcing Anda and interim guidelines for prudent practice a strong notication property We discuss its rela Andb In this pap er we present the p olicy mo del tionship with existing security policy models and its The presentation is of necessity abbreviated and read possible use in other applications where information ers are urged to obtain a the full do cument from the exposure must be localised these range from private BMA or via the web Anda banking to the management of intel ligence data A note on terminology Intro duction We dene and discuss the terminology at length in the full p olicy so it is merely summarised here The intro duction of nationwide health information By clinician or clinical professional we mean a li networks has caused concern ab out security Do c censed professional such as a do ctor nurse pharma tors are worried that making health information more cist radiologist or dentist who has access in the line of widely available may endanger patient condentiality duty to p ersonal health information by this we mean In the USA there is controversy over a prop osed law any information concerning a p ersons health or treat on medical privacy Ben In Ontario an attempt ment that enables them to b e identied By patient to give the Minister of Health access to all medical we mean the patient or his representative who ever records was defeated after intense pressure by the pub must give consent and b e notied We ignore dele lic and the Ontario Medical Asso ciation Lan In gation of access to p ersons such as receptionists as a Germany there has b een disquiet ab out the intro duc clinician remains resp onsible for their actions tion of a uniform national smartcard system to handle For economy of expression we will assume that the health insurance payments clinician is female and the patient male The fem In the UK the government has commissioned a na inist versus grammarian issue is traditionally solved tionwide health information network and is setting in the crypto literature by assigning denite gender A numb er of exceptions to this rule have develop ed roles with the females b eing at least as high status over time For example Britain has rules on noti as the males Our choice is not meant to assert that able diseases adverse drug reactions nonaccidental the clinician has higher status than the patient in the injuries and tness to drive Boy However these therap eutic partnership b etween them exceptions are p eripheral as disclosures are rare and Finally some authors draw a distinction b etween are typically made on pap er condentiality which protects the interests of the organisation and privacy which protects the auton Threats to clinical condentiality omy of the individual We will rather follow the com Many organisations have replaced disp ersed manual mon medical usage in which b oth words interchange record keeping systems with centralised or networked ably mean privacy computer systems which give b etter access to data The ethical basis of condentiality Their exp erience is that the main new threat comes from abuse by insiders For example most of the big The Hipp o cratic oath says UK banks now let any teller access any account The eect is that private eyes get hold of information by Whatso ever I shall see or hear in the course bribing tellers and sell it for $ or so LB The of my dealings with men if it b e what should practice was made illegal by a recent amendment to not b e published abroad I will never divulge the Data Protection Act but there have still b een no holding such things to b e holy secrets prosecutions of which we are aware The eects of aggregating data should have b een Do ctors in most countries interpret the words exp ected The likeliho o d that information will b e im should not in terms of consent In Britain for exam prop erly disclosed dep ends on its value and the num ple the do ctors disciplinary b o dy is the General Med b er of p eople who have access to it Aggregation in ical Council which expresses the duty of condence as creases b oth these risk factors at the same time It follows GMC may also create a valuable resource which brings p olit ical pressure for legalised access by interests claiming Patients have a right to exp ect that you will a need to know Smu not pass on any p ersonal information which you learn in the course of your professional Health systems are no dierent At present privacy duties unless they agree dep ends on the fragmentation and scattering inherent in manual systems and standalone computers remov The GMC further stipulates that do ctors who ing this without intro ducing eective comp ensating record or who are the custo dians of condential infor controls is unethical There have b een p ersistent UK mation must make sure that it is eectively protected press rep orts of health records b eing sold by private against improp er disclosure when it is stored trans detectives for as little as $ LB RL Perhaps the most serious rep orted case is that of Dr Jackson mitted received and disp osed of GMC Other clini cians such as nurses pharmacists and physiotherapists a Merseyside sex stalker who wins the condence of are under similar professional obligations Finally a young women by discussing their family medical his tory over the telephone urges them to examine them numb er of countries have laws on data protection and from an EU directive on data protection will selves tries to arrange meetings and then attempts to comp el Europ ean countries to make patient consent ab duct them Police b elieve that he is a health worker the paramount principle in the protection of p ersonal or a computer hacker ISM health information The US exp erience is much worse This may b e partly due to the control exerted by HMOs and insur Consent must b e informed and voluntary For ex ample patients must b e made aware that information ance companies and partly b ecause networking has may b e shared b etween memb ers of a care team such advanced somewhat more than in Britain 1 as a general medical practice or hospital department a banker on a state health commission had access and if researchers want access to records which cannot to a list of all the patients in his state who had eectively b e made anonymous then every eort must b een diagnosed with cancer He crossreferenced b e made to inform the patient and gain his consent it with his client list and called in the patients which must b e renewed every ve years Som loans HRM 1 the UK general practitioner or GP is the primary care physician or family do ctor a Harris p oll on health information privacy showed that of resp ondents were worried AIDS suerers to assist in estimating the need for ab out medical record privacy and a quarter had lo cal community services is b eing resisted by the pro p ersonal exp erience of abuse GTP fession In addition the EU directive is ab out to enforce the Forty p ercent of insurers disclose medical infor principle of consent throughout Europ e So adminis mation to lenders employers or marketers with trators are scrambling to redene consent out customer p ermission CR and over half of The UK governments initial p osition was that a Americas largest companies admitted using patient gave implied consent to information sharing medical records to make hiring and other p erson by the mere act of seeking treatment More recently nel decisions Bru ocials have tried to redene informed consent as the consequence of putting up notices informing patients The problem was studied by the US governments that their p ersonal health information may b e shared Oce of Technology Assessment which conrmed
Load more

Recommended publications
  • Optimizing the Block Cipher Resource Overhead at the Link Layer Security Framework in the Wireless Sensor Networks
    Proceedings of the World Congress on Engineering 2008 Vol I WCE 2008, July 2 - 4, 2008, London, U.K. Optimizing the Block Cipher Resource Overhead at the Link Layer Security Framework in the Wireless Sensor Networks Devesh C. Jinwala, Dhiren R. Patel and Kankar S. Dasgupta, data collected from different sensor nodes. Since the Abstract—The security requirements in Wireless Sensor processing of the data is done on-the-fly, while being Networks (WSNs) and the mechanisms to support the transmitted to the base station; the overall communication requirements, demand a critical examination. Therefore, the costs are reduced [2]. Due to the multi-hop communication security protocols employed in WSNs should be so designed, as and the in-network processing demanding applications, the to yield the optimum performance. The efficiency of the block cipher is, one of the important factors in leveraging the conventional end-to-end security mechanisms are not performance of any security protocol. feasible for the WSN [3]. Hence, the use of the standard In this paper, therefore, we focus on the issue of optimizing end-to-end security protocols like SSH, SSL [4] or IPSec [5] the security vs. performance tradeoff in the security protocols in WSN environment is rejected. Instead, appropriate link in WSNs. As part of the exercise, we evaluate the storage layer security architecture, with low associated overhead is requirements of the block ciphers viz. the Advanced Encryption required. Standard (AES) cipher Rijndael, the Corrected Block Tiny Encryption Algorithm (XXTEA) using the Output Codebook There are a number of research attempts that aim to do so.
    [Show full text]
  • Roger Needham
    The Marshall Symposium: Address: Roger Needham Table of Contents Participants The Marshall Philip Power: Good morning. In remorseless pursuit of our Scholarships timetable, which envisages a busy and crowded day, I think that it's time to get going. Home Welcome to the second session of the Marshall Symposium. I'd like to get some housekeeping matters out of the way. For those of you who don't have programs, they are available in the lobby. There will be a fifteen-minute break between the first and the second panel, at approximately ten forty-five. There will be coffee and pop available in the lobby, but we will resume our panel discussions promptly at eleven. We are hopeful of provoking as much interplay between our panels and the audience as we can. To facilitate that, there are microphones at each aisle, and so at the end of panels, people are encouraged and invited to ask questions. Our morning speaker is a most distinguished trans-Atlantic visitor who suffered the indignities inflicted on many airline travelers at the hands of Northwest Airlines and its associated unions. Roger Needham, who is a pro-vice chancellor of Cambridge University, was born in 1935 and has been in computing at Cambridge since 1956. His Ph.D. thesis in 1961 concerned the application of digital computers to problems of classification and grouping. In 1962, he joined the computer laboratory, which was then called the mathematical laboratory, and has been on the faculty since 1963. He took a leading role in Cambridge projects in operating systems, in time-sharing systems, in memory protection, in local area networks and in distributed systems over the next twenty years.
    [Show full text]
  • An Interview with Tony Hoare ACM 1980 A.M. Turing Award Recipient
    1 An Interview with 2 Tony Hoare 3 ACM 1980 A.M. Turing Award Recipient 4 (Interviewer: Cliff Jones, Newcastle University) 5 At Tony’s home in Cambridge 6 November 24, 2015 7 8 9 10 CJ = Cliff Jones (Interviewer) 11 12 TH = Tony Hoare, 1980 A.M. Turing Award Recipient 13 14 CJ: This is a video interview of Tony Hoare for the ACM Turing Award Winners project. 15 Tony received the award in 1980. My name is Cliff Jones and my aim is to suggest 16 an order that might help the audience understand Tony’s long, varied, and influential 17 career. The date today is November 24th, 2015, and we’re sitting in Tony and Jill’s 18 house in Cambridge, UK. 19 20 Tony, I wonder if we could just start by clarifying your name. Initials ‘C. A. R.’, but 21 always ‘Tony’. 22 23 TH: My original name with which I was baptised was Charles Antony Richard Hoare. 24 And originally my parents called me ‘Charles Antony’, but they abbreviated that 25 quite quickly to ‘Antony’. My family always called me ‘Antony’, but when I went to 26 school, I think I moved informally to ‘Tony’. And I didn’t move officially to ‘Tony’ 27 until I retired and I thought ‘Sir Tony’ would sound better than ‘Sir Antony’. 28 29 CJ: Right. If you agree, I’d like to structure the discussion around the year 1980 when 30 you got the Turing Award. I think it would be useful for the audience to understand 31 just how much you’ve done since that award.
    [Show full text]
  • Obituary Karen Spärck Jones
    Obituary Karen Sp¨arck Jones ∗ John I. Tait University of Sunderland Karen Sparck¨ Jones died peacefully on 4 April 2007 after a number of months battling cancer. Karen was President of the Association for Computation Linguistics in 1994 during a difficult period, and saw through a transitional phase in which a solid basis for the long-term health of the association was established. Karen was an exceptional individual who made very substantial contributions in two separate fields, computational linguistics (CL) and information retrieval (IR), as well as in computing and artificial intelligence more broadly. In IR, her greatest contri- bution was probably her invention (1972) of the concept of inverse document frequency (IDF), in which the importance of terms is weighted according to the proportion of documents in the corpus in which they occur; the intuition being that terms which occur in many documents are poor index terms. This is the partial basis of all weighting schemes adopted by widely used Internet search engines, and will undoubtedly be a lasting contribution to the field. Her primary inspiration and interest was always language, especially language in practical use. Her long involvement with IR arose (as someone who subsisted for an inordinately long time on soft money) by the need to find a new line of research in the aftermath of the ALPAC Report and the subsequent difficulties in getting machine translation work funded. However, she was always well qualified to work in IR, a topic addressed in her very early publications (see, for example, Masterman, Needham, and Sparck¨ Jones 1958), although in a rather different context to her later work.
    [Show full text]
  • 2017 USENIX Vail Computer Elements Workshop
    2017 USENIX Vail Computer Elements Workshop The USENIX Vail Computer Elements Workshop is a unique four day workshop that has been around for 47 years serving leading architects of the computer industry. This intentionally small workshop is intended to allow a lively interaction between the participants and the speakers. The agenda is 100% invited technical talks and the audience is mostly previous speakers. Past keynotes have been Seymour Cray, Gordon Moore, Burton Smith, and Ivan Sutherland. The workshop will be held June 18 - 21, 2017 at the Christiania at Vail. Keynote This year's Keynote will be Rebuilding the Cambridge EDSAC by Andrew Herbert Bio Herbert received his Ph.D. in Computer Science from Cambridge University in 1978 for his work on “A Microprogrammed Operating System Kernel” and worked with Maurice Wilkes and Roger Needham and others on the “Cambridge Model Distributed System”. Later he joined Microsoft Research Cambridge as managing director and chairman of Microsoft Research EMEA. Herbert was appointed Officer of the Order of the British Empire (OBE) in the 2010 New Year Honours, and is a Fellow of the Royal Academy of Engineering. Now in retirement, Herbert is the director of a project to construct a working replica of the Cambridge EDSAC computer. Registration is open here. Preliminary Program Next generation Atom core Intel Nervana - Deep Learning processor Intel Nano-Engineered Computing Systems Technology, or N3XT Stanford IBM Power9 IBM OpenCAPI IBM Ryzen - AMD's new core AMD Intel's 3DNAND and 3DXP storage class
    [Show full text]
  • Original File Was Jvis Final.Tex
    KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS VOL. 14, NO. 2, Feb. 2020 724 Copyright ⓒ 2020 KSII IP Design of Corrected Block TEA Cipher with Variable-Length Message for Smart IoT Hyeopgoo Yeo1, Seungil Sonh1*, Mingoo Kang2 1 Division of Information & Telecommunications, Hanshin University Osan-si, Gyeonggi-do, 18101 - Korea [e-mail: [email protected]] [e-mail: [email protected]] 2 Dept. of IT Contents, Hanshin University Osan-si, Gyeonggi-do, 18101 - Korea [e-mail: kangmg@ hs.ac.kr ] *Corresponding author:Seungil Sonh Received August 14, 2019; revised October 17, 2019; accepted November 12, 2019; published February 29, 2020 Abstract Corrected Block TEA(or XXTEA) is a block cipher designed to correct security weakness in the original block TEA in 1998. In this paper, XXTEA cipher hardware which can encrypt or decrypt between 64-bit and 256-bit messages using 128-bit master key is implemented. Minimum message block size is 64-bit wide and maximal message block size is 256-bit wide. The designed XXTEA can encrypt and decrypt variable-length message blocks which are some arbitrary multiple of 32 bits in message block sizes. XXTEA core of this paper is described using Verilog-HDL and downloaded on Vertex4. The operation frequency is 177MHz. The maximum throughput for 64-bit message blocks is 174Mbps and that of 256-bit message blocks is 467Mbps. The cryptographic IP of this paper is applicable as security module of the mobile areas such as smart card, internet banking, e-commerce and IoT. Keywords: Corrected Block TEA(XXTEA), Symmetric Block Cipher, Encryption, Decryption This research was supported by a research grant from Hanshin Unersity.
    [Show full text]
  • Professor Sir Tony Hoare Interviewed by Dr
    IN PARTNERSHIP WITH NATIONAL LIFE STORIES AN ORAL HISTORY OF BRITISH SCIENCE Professor Sir Tony Hoare Interviewed by Dr Thomas Lean C1379/52 © The British Library Board http://sounds.bl.uk This interview and transcript is accessible via http://sounds.bl.uk . © The British Library Board. Please refer to the Oral History curators at the British Library prior to any publication or broadcast from this document. Oral History The British Library 96 Euston Road London NW1 2DB United Kingdom +44 (0)20 7412 7404 [email protected] Every effort is made to ensure the accuracy of this transcript, however no transcript is an exact translation of the spoken word, and this document is intended to be a guide to the original recording, not replace it. Should you find any errors please inform the Oral History curators. © The British Library Board http://sounds.bl.uk The British Library National Life Stories Interview Summary Sheet Title Page Ref no: C1379/52 Collection title: An Oral History of British Science Interviewee’s Hoare Title: Professor Sir surname: Interviewee’s Tony Sex: Male forename: (Charles Anthony Richard) Occupation: Computer scientist Date and place of birth: Mother’s Father’s occupation: Colonial civil servant occupation: Dates of recording, Compact flash cards used, tracks (from – to): 17/05/2011 (1-3), 08/09/2011 (4-6), 12/10/2011 (7-8), 12/12/2011 (9-10), 09/01/2012 (11- 13),27/02/2012 (14-15) Location of Interviewee’s home, Cambridge. interview: Name of Thomas Lean interviewer: Type of recorder: Marantz PMD661 on secure digital Recording format : WAV 24 bit 48 kHz Total no.
    [Show full text]
  • A Secure and Efficient Lightweight Symmetric Encryption Scheme For
    S S symmetry Article A Secure and Efficient Lightweight Symmetric Encryption Scheme for Transfer of Text Files between Embedded IoT Devices Sreeja Rajesh 1, Varghese Paul 2, Varun G. Menon 3,* and Mohammad R. Khosravi 4 1 Department of Computer Science, Bharathiar University, Coimbatore 641046, Tamil Nadu, India; [email protected] 2 Department of Information Technology, Cochin University of Science and Technology, Ernakulam 682022, Kerala, India; [email protected] 3 Department of Computer Science and Engineering, SCMS School of Engineering and Technology, Ernakulam 683582, Kerala, India 4 Department of Electrical and Electronic Engineering, Shiraz University of Technology, Shiraz 71555-313, Iran; [email protected] * Correspondence: [email protected]; Tel.: +918714504684 Received: 29 January 2019; Accepted: 20 February 2019; Published: 24 February 2019 Abstract: Recent advancements in wireless technology have created an exponential rise in the number of connected devices leading to the internet of things (IoT) revolution. Large amounts of data are captured, processed and transmitted through the network by these embedded devices. Security of the transmitted data is a major area of concern in IoT networks. Numerous encryption algorithms have been proposed in these years to ensure security of transmitted data through the IoT network. Tiny encryption algorithm (TEA) is the most attractive among all, with its lower memory utilization and ease of implementation on both hardware and software scales. But one of the major issues of TEA and its numerous developed versions is the usage of the same key through all rounds of encryption, which yields a reduced security evident from the avalanche effect of the algorithm.
    [Show full text]
  • Information Technology 1 and 2
    OCCASION This publication has been made available to the public on the occasion of the 50th anniversary of the United Nations Industrial Development Organisation. DISCLAIMER This document has been produced without formal United Nations editing. The designations employed and the presentation of the material in this document do not imply the expression of any opinion whatsoever on the part of the Secretariat of the United Nations Industrial Development Organization (UNIDO) concerning the legal status of any country, territory, city or area or of its authorities, or concerning the delimitation of its frontiers or boundaries, or its economic system or degree of development. Designations such as “developed”, “industrialized” and “developing” are intended for statistical convenience and do not necessarily express a judgment about the stage reached by a particular country or area in the development process. Mention of firm names or commercial products does not constitute an endorsement by UNIDO. FAIR USE POLICY Any part of this publication may be quoted and referenced for educational and research purposes without additional permission from UNIDO. However, those who make use of quoting and referencing this publication are requested to follow the Fair Use Policy of giving due credit to UNIDO. CONTACT Please contact [email protected] for further information concerning UNIDO publications. For more information about UNIDO, please visit us at www.unido.org UNITED NATIONS INDUSTRIAL DEVELOPMENT ORGANIZATION Vienna International Centre, P.O. Box 300, 1400 Vienna, Austria Tel: (+43-1) 26026-0 · www.unido.org · [email protected] (vJ, fOp. ZL 114 EMERGING TECHNOLOGY SERIES 1and2/1998 Info1mation Technology ~~ UNITED •NATIONS INDUSTRIAL DEVEWPMENT ORGANIZATION Vienna, 1998 TO OUR READERS I EMERGING I TECHNOLOGY .
    [Show full text]
  • CS 261 Scribe Notes Crypto Protocols
    CS 261 Scribe Notes Crypto Protocols Instructor: Prof. David Wagner Scribe: Mayank April 16, 2021 1. Designing Cryptographic Protocols Back in the 90’s, there was a lot of research focus on designing secure cryptographic protocols. However, many of these proposals were rife with security flaws, even when the proposed algorithms were as simple as five lines of interactions between principals. To address this problem, in 1996, Martin Abadi and Roger Needham decide to write a paper [1] outlining fundamental principles whose adherence would potentially lead to more robust protocols avoiding the most common failures. A natural question to ask here is how relevant are the principles laid out by them in [1] today. It is quite reasonable to believe that these principles aren’t as relevant today as they were a few years ago; we use standard well-vetted protocols today and rarely design our own cryptographic protocols from scratch. In addition, unlike the 90’s when the only available building blocks in designing protocols were encryption and signatures, we have more powerful primitives today which make it much easier to design robust protocols. Some of these primitives include: 1. Point-to-point secure channels. Standard protocols like SSL can be used for this. 2. Sealed data or authenticated encryption for securely storing data. 2. Notation We use A ! B : m to mean that A sends the message m to B, where A; B are principals (a.k.a parties) involved in the interaction. fmgK denotes that m is encrypted with the key −1 K. [m]K−1 denotes that m is signed with the key K .
    [Show full text]
  • Your Magazine from the British Ecological Society
    The BulletinYOUR MAGAZINE FROM THE BRITISH ECOLOGICAL SOCIETY BES BULLETIN VOLin 44:4FOCUS / DECEMBER 2013 Photo: Danielle Green Danielle’s photo of Mark Browne apparently ‘taking a closer look’ at the mud of County Donegal appealed to the judging panel for the BES photocompetition. There are more images from the competition on p37 onwards. 2 Contents December 2014 OFFICERS AND COUNCIL FOR THE YEAR 2012-3 REGULARS President: Bill Sutherland Welcome / Alan Crowden 4 Past-President: Georgina Mace Vice-Presidents: Richard Bardgett, President’s Piece / W. J. Sutherland 5 Mick Crawley Honorary Treasurer: Drew Purves Ecology Education and Careers / Karen Devine and Christina Ravinet 25 Council Secretary: Dave Hodgson Honorary Chairpersons: Science Policy Andrew Beckerman (Meetings) Holyrood Batman! – The BES’s day in the Scottish Parliament / Rob Brooker 24 Alan Gray (Publications) Lesley Batty (Education, Training Society News 34 and Careers) Juliet Vickery (Public and Policy) Special Interest Group News 41 Richard Bardgett (Grants) ORDINARY MEMBERS Letters to the Editor 50 OF COUNCIL: Retiring Of Interest to Members 51 Emma Goldberg, 2014 William Gosling, Ruth Mitchell The Chartered Institute of Ecology and Environmental Management / Sally Hayns 72 Julia Blanchard, 2015 Greg Hurst, Paul Raven Publishing News: BES Publications Data Archiving Policy / Liz Baker 74 Emma Sayer, Owen Lewis, 2016 Matt O’Callaghan Book Reviews 81 Diana Gilbert, Jane Hill, 2017 Diary 92 Joanna Randall Bulletin Editor: Alan Crowden 48 Thornton Close, Girton, FEATURES
    [Show full text]
  • A Logic of Authentication
    A Logic of Authentication MICHAEL BURROWS and MARTIN ABADI Digital Equipment Corporation and ROGER NEEDHAM University of Cambridge Computer Laboratory Authentication protocols are the basis of security in many distributed systems, and it is therefore essential to ensure that these protocols function correctly. Unfortunately, their design has been extremely error prone. Most of the protocols found in the literature contain redundancies or security flaws. A simple logic has allowed us to describe the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication. We have been able to explain a variety of authentication protocols formally, to discover subtleties and errors in them, and to suggest improvements. In this paper we present the logic and then give the results of our analysis of four published protocols, chosen either because of their practical importance or because they serve to illustrate our method. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General- security and protection; C.2.2 [Computer-Communication Networks]: Network Protocols-pro- tocol uerification; D.4.6 [Operating Systems]: Security and Protection-authentication; crypto- graphic controls; uerification; E.3 [Data]: Data Encryption-public key cryptosystems; F.3.1 [Logics and Meanings of Programs]: Specifying and Verifying and Reasoning about Programs General Terms: Security, Theory, Verification Additional Key Words and Phrases: Authentication protocols, cryptographic protocol, key distribution protocols, logics of knowledge and belief, Needham-Schroeder, X.509 1. INTRODUCTION Authentication protocols are the basis of security in many distributed systems, and it is therefore essential to ensure that these protocols function correctly [X5].
    [Show full text]