Types and effects for asymmetric cryptographic protocols

We present the first type and effect system for proving authenticity properties of security protocols based on asymmetric cryptography. The most significant new features of our type system are: (1) a separation of public types (for data possibly sent to the opponent) from tainted types (for data possibly received from the opponent) via a subtype relation; (2) trust effects, to guarantee that tainted data does not, in fact, originate from the opponent; and (3) challenge/response types to support a variety of idioms used to guarantee message freshness. We illustrate the applicability of our system via protocol examples. This material is based upon work supported by the National Science Foundation under Grant No. 0208549.

[1]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[2]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[3]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[4]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[5]  Andrew D. Gordon,et al.  Typing correspondence assertions for communication protocols , 2003, Theor. Comput. Sci..

[6]  John C. Mitchell,et al.  A compositional logic for protocol correctness , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[7]  David Aspinall,et al.  Subtyping dependent types , 2001, Theor. Comput. Sci..

[8]  Dominique Bolignano An approach to the formal verification of cryptographic protocols , 1996, CCS '96.

[9]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[10]  Andrew D. Gordon,et al.  Validating a Web service security abstraction by typing , 2002, XML Security.

[11]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[12]  Martín Abadi,et al.  Analyzing security protocols with secrecy types and logic programs , 2002, POPL '02.

[13]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[14]  Dawn Xiaodong Song,et al.  Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis , 2001, J. Comput. Secur..

[15]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[16]  Martín Abadi,et al.  Secrecy types for asymmetric communication , 2001, Theor. Comput. Sci..

[17]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[18]  Nicholas Carriero,et al.  Linda in context , 1989, CACM.

[19]  Bruno Blanchet,et al.  From Secrecy to Authenticity in Security Protocols , 2002, SAS.

[20]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.

[21]  Iliano Cervesato Typed MSR: Syntax and Examples , 2001, MMM-ACNS.

[22]  Steve A. Schneider,et al.  Towards automatic verification of authentication protocols on an unbounded network , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[23]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[24]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[25]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[26]  Somesh Jha,et al.  Model Checking for Security Protocols , 1997 .

[27]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[28]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[29]  Joshua D. Guttman,et al.  Authentication tests and the structure of bundles , 2002, Theor. Comput. Sci..

[30]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[31]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.