Relating Process Algebras and Multiset Rewriting for Immediate Decryption Protocols

When formalizing security protocols, different specification languages support very different reasoning methodologies, whose results are not directly or easily comparable. Therefore, establishing clear mappings among different frameworks is highly desirable, as it permits various methodologies to cooperate by interpreting theoretical and practical results of one system in another. In this paper, we examine the non-trivial relationship between two general verification frameworks: multiset rewriting (MSR) and a process algebra (PA) inspired to CCS and the π-calculus. Although defining a simple and general bijection between MSR and PA appears difficult, we show that the sublanguages needed to specify a large class of cryptographic protocols (immediate decryption protocols) admits an effective translation that is not only bijective and trace-preserving, but also induces a weak form of bisimulation across the two languages. In particular, the correspondence sketched in this abstract permits transferring several important trace-based properties such as secrecy and many forms of authentication.

[1]  Martín Abadi,et al.  A Bisimulation Method for Cryptographic Protocols , 1998, Nord. J. Comput..

[2]  AbadiMartín,et al.  Analyzing security protocols with secrecy types and logic programs , 2002 .

[3]  Stefano Bistarelli,et al.  Relating multiset rewriting and process algebras for security protocol analysis , 2005, J. Comput. Secur..

[4]  Joshua D. Guttman,et al.  Honest ideals on strand spaces , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[5]  Somesh Jha,et al.  A Machine Checkable Logic of Knowledge forSpecifying Security Properties of ElectronicCommerce Protocols , 1998 .

[6]  Dale Miller,et al.  Higher-Order Quantification and Proof Search , 2002, AMAST.

[7]  Fabio Martinelli,et al.  A Uniform Approach for the Definition of Security Properties , 1999, World Congress on Formal Methods.

[8]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[9]  Steve A. Schneider Security properties and CSP , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[10]  G. Denker,et al.  CAPSL integrated protocol environment , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[11]  S. Anderson,et al.  Secure Synthesis of Code: A Process Improvement Experiment , 1999, World Congress on Formal Methods.

[12]  Glynn Winskel,et al.  Events in security protocols , 2001, CCS '01.

[13]  Jonathan K. Millen,et al.  Optimizing protocol rewrite rules of CIL specifications , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[14]  Stefano Bistarelli,et al.  Relating Process Algebras and Multiset Rewriting for Security Protocol Analysis , 2003 .

[15]  Antoni Mazurkiewicz,et al.  CONCUR '97: Concurrency Theory , 1997, Lecture Notes in Computer Science.

[16]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[17]  Niels Houbak SIL—a Simulation Language , 1990, Lecture Notes in Computer Science.

[18]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[19]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .

[20]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[21]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[22]  John C. Mitchell,et al.  Relating strands and multiset rewriting for security protocol analysis , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[23]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[24]  Martín Abadi,et al.  Reasoning about Cryptographic Protocols in the Spi Calculus , 1997, CONCUR.

[25]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[26]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2003 .

[27]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[28]  Martín Abadi,et al.  Computing symbolic models for verifying cryptographic protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[29]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[30]  Salvatore Valenti,et al.  Process to process communication in prolog , 1996, SIGP.

[31]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[32]  Roberto Gorrieri,et al.  Non Interference for the Analysis of Cryptographic Protocols , 2000, ICALP.

[33]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).