Formal requirements for key distribution protocols

Abstract. We discuss generic formal requirements for reasoning about two party key distribution protocols, using a language developed for specifying security requirements for security protocols. Typically earlier work has considered formal analysis of already developed protocols. Our goal is to present sets of formal requirements for various contexts which can be applied at the design stage as well as to existing protocols. We use a protocol analysis tool we have developed to determine whether or not a speci c protocol has met some of the requirements we speci ed. We show how this process uncovered a aw in the protocol and helped us re ne our requirements.