Extending BAN logic for reasoning with modern PKI-based protocols

Abstract

BAN Logic is a well-known authentication logic which, despite other more recent logics and formal methods, remains popular with many protocol designers. BAN Logic however does not properly deal with the issues of certificates and the use of Public Key Infrastructure (PKI). This paper proposes an extension to BAN Logic which focuses on certificate processing within the PKI setting. Our extension is along the lines of the work by Gaarder and Snekkenes but better captures current aspects of PKI. In particular, our extension redresses the reasoning on the goodness of private keys, and considers certificate revocation. Common pitfalls in public-key based protocol design are due to insufficient attention placed on the "intended recipient" as well as the "stated sender" of a message. Our extension makes the recipient and sender explicit, which reduces the likelihood of introducing such flaws into the protocol and its subsequent proof using BAN Logic. In summary, our logic is primarily focused on making BAN Logic more concise yet practical to use on PKI-based protocols. © 2008 IEEE.