Security protocol notation

In cryptography, security (engineering) protocol notation is a way of expressing a protocol of correspondence between entities of a dynamic system, such as a computer network. In the context of a formal model, it allows reasoning about the properties of such a system.

The standard notation consists of a set of individuals (traditionally named Alice, Bob, Charlie, and so on) who wish to communicate. They may have access to a server S, shared keys K, timestamps T, and can generate nonces N for authentication purposes.

A simple example might be the following:

A\rightarrow B:\{X_{1}\}_{K_{AB}}

This states that Alice intends a message for Bob consisting of a plaintext $X_{1}$ encrypted under shared key K_AB.

Another example might be the following:

B\rightarrow A:\{N_{B}\}_{PK(A)}

This states that Bob intends a message for Alice consisting of a nonce encrypted using public key of Alice.

A key with two subscripts is a symmetric key shared by the two corresponding individuals. A key with one subscript is the public key of the corresponding individual. A private key is represented as the inverse of the public key.

The notation specifies only the operation and not its semantics — for instance, private key encryption and signature are represented identically.

We can express more complicated protocols in such a fashion. See Kerberos as an example. Some sources refer to this notation as Kerberos Notation.^[1] Some authors consider the notation used by Steiner, Neuman, & Schiller^[2] as a notable reference. ^[3]

Several models exist to reason about security protocols in this way, one of which is BAN logic.

References

^ Chappell, David (1999). "Exploring Kerberos, the Protocol for Distributed Security in Windows 2000". Microsoft Systems Journal.
^ Steiner, J. G. (1988). "Kerberos: An Authentication Service for Open Network Systems" (PDF). Proceedings of the Winter 1988 Usenix Conference. Usenix. Berkeley, CA: USENIX Association. pp. 191–201. Retrieved 2009-06-10. {{cite conference}}: Unknown parameter |booktitle= ignored (|book-title= suggested) (help); Unknown parameter |coauthors= ignored (|author= suggested) (help); Unknown parameter |month= ignored (help)
^ Davis, Don; Swick, Ralph (1989-03-17). Workstation Services and Kerberos Authentication at Project Athena (PS). p. 1. Retrieved 2009-06-10. …our notation follows Steiner, Neuman, & Schiller,…{{cite book}}: CS1 maint: multiple names: authors list (link)

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

[1] Chappell, David (1999). "Exploring Kerberos, the Protocol for Distributed Security in Windows 2000". Microsoft Systems Journal.

[2] Steiner, J. G. (1988). "Kerberos: An Authentication Service for Open Network Systems" (PDF). Proceedings of the Winter 1988 Usenix Conference. Usenix. Berkeley, CA: USENIX Association. pp. 191–201. Retrieved 2009-06-10. {{cite conference}}: Unknown parameter |booktitle= ignored (|book-title= suggested) (help); Unknown parameter |coauthors= ignored (|author= suggested) (help); Unknown parameter |month= ignored (help)

[3] Davis, Don; Swick, Ralph (1989-03-17). Workstation Services and Kerberos Authentication at Project Athena (PS). p. 1. Retrieved 2009-06-10. …our notation follows Steiner, Neuman, & Schiller,…{{cite book}}: CS1 maint: multiple names: authors list (link)

[1]

[2]

[3]