0Pricing
Cryptology Academy · Lesson

Principles of Secure Protocol Design

Apply Abadi-Needham principles, freshness, and authentication goals to design protocols that resist known attacks.

The Dolev-Yao Adversary Model

Secure protocol design assumes an adversary who completely controls the network. The Dolev-Yao model (1983) specifies: the adversary can intercept, read, delay, replay, delete, and modify any message in transit. The adversary can generate messages indistinguishable from honest parties. The adversary can compose new messages from known message components. The adversary cannot break cryptographic primitives (decrypt without the key, forge signatures). Crucially, the adversary is computationally bounded — polynomial-time — but controls all communication channels. Protocol security means achieving authentication and secrecy goals even against this powerful adversary, relying only on the computational hardness of the underlying primitives.

Abadi-Needham Principles

Abadi and Needham (1994) distilled practical protocol design lessons into a set of principles. (1) Every message should say what it means: the interpretation of a message should be self-contained, not dependent on context. (2) Conditions for a principal to take action should be explicitly stated in the protocol. (3) If the identity of a principal is important, it should be explicitly stated in the message. (4) Be clear about why encryption is used: encryption provides confidentiality, signing provides authentication — do not use encryption as a substitute for signing. (5) A message should be encrypted at the protocol layer where its secrecy is needed. These principles prevented many of the NS-type flaws.

All lessons in this course

  1. The Needham-Schroeder Protocol and Attacks
  2. Station-to-Station Protocol (STS)
  3. The Noise Protocol Framework
  4. Principles of Secure Protocol Design
← Back to Cryptology Academy