Computationally sound implementations of equational theories against passive adversaries

In this paper we study the link between formal and cryptographic models for security protocols in the presence of passive adversaries. In contrast to other works, we do not consider a fixed set of primitives but aim at results for arbitrary equational theories. We define a framework for comparing a cryptographic implementation and its idealization with respect to various security notions. In particular, we concentrate on the computational soundness of static equivalence, a standard tool in cryptographic pi calculi. We present a soundness criterion, which for many theories is not only sufficient but also necessary. Finally, to illustrate our framework, we establish the soundness of static equivalence for the exclusive OR and a theory of ciphers and lists.

[1]  Peeter Laud,et al.  Sound Computational Interpretation of Formal Encryption with Composed Keys , 2003, ICISC.

[2]  Andrew D. Gordon,et al.  TulaFale: A Security Tool for Web Services , 2003, FMCO.

[3]  Sandro Etalle,et al.  Analysing Password Protocol Security Against Off-line Dictionary Attacks , 2003, WISP@ICATPN.

[4]  Martín Abadi,et al.  Guessing attacks and the computational soundness of static equivalence , 2006, J. Comput. Secur..

[5]  Peeter Laud,et al.  Computationally secure information flow , 2002 .

[6]  Véronique Cortier,et al.  Computationally Sound Implementations of Equational Theories Against Passive Adversaries , 2005, ICALP.

[7]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[8]  Martín Abadi,et al.  Password-Based Encryption Analyzed , 2005, ICALP.

[9]  Martín Abadi,et al.  Just fast keying in the pi calculus , 2004, TSEC.

[10]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[11]  Susan Rae Hohenberger,et al.  The cryptographic impact of groups with infeasible inversion , 2003 .

[12]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[13]  Birgit Pfitzmann,et al.  Limits of the Cryptographic Realization of Dolev-Yao-Style XOR , 2005, ESORICS.

[14]  Véronique Cortier,et al.  A survey of algebraic properties used in cryptographic protocols , 2006, J. Comput. Secur..

[15]  Martín Abadi,et al.  Guessing attacks and the computational soundness of static equivalence , 2010, J. Comput. Secur..

[16]  Martín Abadi,et al.  Deciding knowledge in security protocols under equational theories , 2006, Theor. Comput. Sci..

[17]  Gergei Bana,et al.  Soundness and Completeness of Formal Logics of Symmetric Encryption , 2005, IACR Cryptol. ePrint Arch..

[18]  Daniele Micciancio,et al.  The RSA Group is Pseudo-Free , 2005, Journal of Cryptology.

[19]  Yassine Lakhnech,et al.  Completing the Picture: Soundness of Formal Encryption in the Presence of Active Adversaries , 2005, ESOP.

[20]  David Pointcheval,et al.  About the Security of Ciphers (Semantic Security and Pseudo-Random Permutations) , 2004, Selected Areas in Cryptography.

[21]  Mathieu Baudet,et al.  Deciding security of protocols against off-line guessing attacks , 2005, CCS '05.

[22]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[23]  Véronique Cortier,et al.  Computationally Sound, Automated Proofs for Security Protocols , 2005, ESOP.

[24]  Birgit Pfitzmann,et al.  Symmetric Authentication within a Simulatable Cryptographic Library , 2003, ESORICS.

[25]  Steve Kremer,et al.  Adaptive Soundness of Static Equivalence , 2007, ESORICS.

[26]  Ronald L. Rivest On the Notion of Pseudo-Free Groups , 2004, TCC.

[27]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[28]  Mihir Bellare,et al.  On the Construction of Variable-Input-Length Ciphers , 1999, FSE.

[29]  Jonathan Herzog,et al.  Soundness of Formal Encryption in the Presence of Key-Cycles , 2005, ESORICS.

[30]  Martín Abadi,et al.  Deciding knowledge in security protocols under equational theories , 2004, Theor. Comput. Sci..

[31]  Andre Scedrov,et al.  Computational and information-theoretic soundness and completeness of formal encryption , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[32]  Birgit Pfitzmann,et al.  Symmetric encryption in a simulatable Dolev-Yao style cryptographic library , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[33]  Shai Halevi,et al.  Invertible Universal Hashing and the TET Encryption Mode , 2007, CRYPTO.

[34]  Vitaly Shmatikov,et al.  Probabilistic Polynomial-Time Semantics for a Protocol Security Logic , 2005, ICALP.

[35]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[36]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[37]  Bogdan Warinschi,et al.  Completeness Theorems for the Abadi-Rogaway Language of Encrypted Expressions , 2004, J. Comput. Secur..

[38]  Bruno Blanchet,et al.  Automatic proof of strong secrecy for security protocols , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[39]  Bruno Blanchet,et al.  A Computationally Sound Mechanized Prover for Security Protocols , 2008, IEEE Transactions on Dependable and Secure Computing.

[40]  Peeter Laud,et al.  Symmetric encryption in automatic analyses for confidentiality against active adversaries , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[41]  Ran Canetti,et al.  Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols , 2006, TCC.

[42]  Mihir Bellare,et al.  Lecture Notes on Cryptography , 2001 .

[43]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2000, Journal of Cryptology.

[44]  Payman Mohassel,et al.  Computational Soundness of Formal Indistinguishability and Static Equivalence , 2006, ASIAN.

[45]  Vitaly Shmatikov,et al.  Is it possible to decide whether a cryptographic protocol is secure or not , 2002 .

[46]  Véronique Cortier,et al.  Computational soundness of observational equivalence , 2008, CCS.