Skip to Main Content
Authentication protocols are the basis of security in networks. Therefore, it is essential to ensure that these protocols function correctly. However, it is difficult to design authentication protocols that are immune to malicious attack, since good analysis techniques are lacking. BAN-like logic is one of the main techniques for analysis of authentication protocols, but protocols idealization is the fatal weakness of it. In this paper, Rubin logic which is a new technique for analyzing security protocols is introduced. Two examples of Rubin logic's applications are given. First example is the Andrew secure RPC protocol using symmetric keys. The second one is the X.509 authentication protocol using asymmetric keys. Not only are the flaws of the protocols got with BAN logic found, but also some previously unknown flaws are found. With the result of the analysis, the new fixes of the two protocols are presented. These are stunning confirmations of the importance of Rubin logic for analyzing protocols.