{{Short description|Notation for communication protocols}} In cryptography, '''security (engineering) protocol notation''', also known as '''protocol narrations'''<ref>{{cite book|last1=Briais|first1=Sébastien|last2=Nestmann|first2=Uwe|title=Trustworthy Global Computing |chapter=A Formal Semantics for Protocol Narrations |series=Lecture Notes in Computer Science |date=2005|volume=3705|pages=163–181|doi=10.1007/11580850_10|bibcode=2005LNCS.3705..163B|isbn=978-3-540-30007-6|chapter-url=http://sbriais.online.fr/papers/A_Formal_Semantics_For_Protocol_Narrations_TGC05-final.pdf}}</ref> and '''Alice & Bob notation''', is a way of expressing a protocol of correspondence between entities of a dynamic system, such as a computer network. In the context of a formal model, it allows reasoning about the properties of such a system.
The standard notation consists of a set of principals (traditionally named Alice, Bob, Charlie, and so on) who wish to communicate. They may have access to a server S, shared keys K, timestamps T, and can generate nonces N for authentication purposes.
A simple example might be the following:
:<math>A\rightarrow B:\{X\}_{K_{A,B}}</math>
This states that '''A'''lice intends a message for '''B'''ob consisting of a plaintext '''X''' encrypted under shared key '''K<sub>A,B</sub>'''.
Another example might be the following:
:<math>B\rightarrow A:\{N_B\}_{K_A}</math>
This states that '''B'''ob intends a message for '''A'''lice consisting of a '''n'''once '''N<sub>B</sub>''' encrypted using public key of Alice.
A key with two subscripts, '''K<sub>A,B</sub>''', is a symmetric key shared by the two corresponding individuals. A key with one subscript, '''K<sub>A</sub>''', is the public key of the corresponding individual. A private key is represented as the inverse of the public key.
The notation specifies only the operation and not its semantics — for instance, private key encryption and signature are represented identically.
We can express more complicated protocols in such a fashion. See Kerberos as an example. Some sources refer to this notation as ''Kerberos Notation''.<ref> {{ cite journal | last=Chappell | first=David | year=1999 | title=Exploring Kerberos, the Protocol for Distributed Security in Windows 2000 | journal=Microsoft Systems Journal | url=https://www.microsoft.com/msj/0899/kerberos/kerberos.aspx | archive-url=https://web.archive.org/web/20170815043157/https://www.microsoft.com/msj/0899/kerberos/kerberos.aspx | url-status=dead | archive-date=2017-08-15 }}</ref> Some authors consider the notation used by Steiner, Neuman, & Schiller<ref>{{cite conference |last1 = Steiner |first1 = J. G. |last2 = Neuman |first2 = B. C. |last3 = Schiller |first3 = J. I. |date = February 1988 |title = Kerberos: An Authentication Service for Open Network Systems |conference = Usenix |book-title = Proceedings of the Winter 1988 Usenix Conference |publisher = USENIX Association |location = Berkeley, CA |pages = 191–201 |url = http://clifford.neuman.name/publications/1988/198802-Usenix-Kerberos/198802-Usenix-Steiner-Neuman-Schiller-Kerberos.pdf |access-date = 2009-06-10 |archive-date = 2010-08-06 |archive-url = https://web.archive.org/web/20100806141601/http://clifford.neuman.name/publications/1988/198802-Usenix-Kerberos/198802-Usenix-Steiner-Neuman-Schiller-Kerberos.pdf |url-status = dead }}</ref> as a notable reference.<ref> {{cite book |author1=Davis, Don |author2=Swick, Ralph | title=Workstation Services and Kerberos Authentication at Project Athena | date = 1989-03-17 | url = ftp://athena-dist.mit.edu/pub/ATHENA/kerberos/doc/user2user.ps | format = PS | access-date = 2009-06-10 | quote = …our notation follows Steiner, Neuman, & Schiller,… | page = 1 }}</ref>
Several models exist to reason about security protocols in this way, one of which is BAN logic.
Security protocol notation inspired many of the programming languages used in choreographic programming.
== References == <references />
Category:Cryptography
{{crypto-stub}}