Computational Soundness Results for Stateful Applied π Calculus

In recent years, many researches have been done to establish symbolic models of stateful protocols. Two works among them, the SAPIC tool and StatVerif tool, provide a high-level specification language and an automated analysis. Their language, the stateful applied $$\pi $$π calculus, is extended from the applied $$\pi $$π calculus by defining explicit state constructs. Symbolic abstractions of cryptography used in it make the analysis amenable to automation. However, this might overlook the attacks based on the algebraic properties of the cryptographic algorithms. In our paper, we establish the computational soundness results for stateful applied $$\pi $$π calculus used in SAPIC tool and StatVerif tool. In our approach, we build our results on the CoSP framework. For SAPIC, we embed the non-monotonic protocol states into the CoSP protocols, and prove that the resulting CoSP protocols are efficient. Through the embedding, we provide the computational soundness result for SAPIC by Theoremi¾?1. For StatVerif, we encode the StatVerif process into a subset of SAPIC process, and obtain the computational soundness result for StatVerif by Theoremi¾?2. Our encoding shows the differences between the semantics of the two languages. Our work inherits the modularity of CoSP, which allows for easily extending the proofs to specific cryptographic primitives. Thus we establish a computationally sound automated verification result for the input languages of SAPIC and StatVerif that use public-key encryption and signatures by Theoremi¾?3.

[1]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[2]  Sebastian Mödersheim Abstraction by set-membership: verifying security protocols and web services with databases , 2010, CCS '10.

[3]  Michael Backes,et al.  Computationally sound verification of source code , 2010, CCS '10.

[4]  Michael Backes,et al.  Computational Soundness of Symbolic Zero-knowledge Proofs: Weaker Assumptions and Mechanized Verification , 2013, IACR Cryptol. ePrint Arch..

[5]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2000, Journal of Cryptology.

[6]  Bogdan Warinschi,et al.  Soundness of Formal Encryption in the Presence of Active Adversaries , 2004, TCC.

[7]  Michael Backes,et al.  Computational soundness without protocol restrictions , 2012, IACR Cryptol. ePrint Arch..

[8]  José Meseguer,et al.  Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties , 2009, FOSAD.

[9]  Véronique Cortier,et al.  Deduction soundness: prove one, get five for free , 2013, CCS.

[10]  Robert Künnemann,et al.  Automated Analysis of Security Protocols with Global State , 2014, 2014 IEEE Symposium on Security and Privacy.

[11]  Véronique Cortier,et al.  Computationally Sound, Automated Proofs for Security Protocols , 2005, ESOP.

[12]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[13]  Graham Steel,et al.  Formal Analysis of Protocols Based on TPM State Registers , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[14]  Véronique Cortier,et al.  A composable computational soundness notion , 2011, CCS '11.

[15]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[16]  Mark Ryan,et al.  Stateful Applied Pi Calculus , 2014, POST.

[17]  Mark Ryan,et al.  StatVerif: Verification of Stateful Processes , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[18]  Michael Backes,et al.  CoSP: a general framework for computational soundness proofs , 2009, CCS.

[19]  Véronique Cortier,et al.  Computationally Sound Symbolic Secrecy in the Presence of Hash Functions , 2006, FSTTCS.

[20]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[21]  David A. Basin,et al.  Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[22]  Michael Backes,et al.  Computational Soundness Results for ProVerif - Bridging the Gap from Trace Properties to Uniformity , 2014, POST.

[23]  Joshua D. Guttman State and Progress in Strand Spaces: Proving Fair Exchange , 2010, Journal of Automated Reasoning.

[24]  Oded Goldreich,et al.  On the security of multi-party ping-pong protocols , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[25]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[26]  Yassine Lakhnech,et al.  Completing the Picture: Soundness of Formal Encryption in the Presence of Active Adversaries , 2005, ESOP.