Unguessable Atoms: A Logical Foundation for Security

We show how a type of atoms, which behave like urelements, and a new proposition that expresses the independence of a term from an atom can be added to any logical system after imposing minor restrictions on definitions and computations. Working in constructive type theory, we give rules for the independence proposition and show how cryptographic protocols can be modeled as automata exchanging atoms. This model provides a unifying framework for reasoning about security and allows us to combine a general model of computation with a simple model of acquisition of secret information. As an application, we prove a fundamental property of nonces that justifies the axioms for nonces used in the protocol composition logic (PCL) of Datta, Derek, Mitchell and Roy. The example shows that basic security properties are naturally expressed in terms of independence and the causal ordering of events. The rules and example proofs are fully implemented in the Nuprl proof development system.

[1]  Saharon Shelah,et al.  Choiceless Polynomial Time , 1997, Ann. Pure Appl. Log..

[2]  Robert L. Constable,et al.  Chapter X - Types in Logic, Mathematics and Programming , 1998 .

[3]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[4]  Joshua D. Guttman,et al.  Mixed strand spaces , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[5]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[6]  Lawrence C. Paulson,et al.  Proving security protocols correct , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[7]  Mark Bickford,et al.  A Logic of Events , 2003 .

[8]  John C. Mitchell,et al.  Games and the Impossibility of Realizable Ideal Functionality , 2006, TCC.

[9]  John C. Mitchell,et al.  Multiset rewriting and the complexity of bounded security protocols , 2004, J. Comput. Secur..

[10]  Per Martin-Löf,et al.  Constructive mathematics and computer programming , 1984 .

[11]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[12]  Jonathan K. Millen,et al.  Protocol-independent secrecy , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[13]  Andrew M. Pitts,et al.  A New Approach to Abstract Syntax with Variable Binding , 2002, Formal Aspects of Computing.

[14]  John C. Mitchell,et al.  Protocol Composition Logic (PCL) , 2007, Computation, Meaning, and Logic.

[15]  Stuart F. Allen,et al.  An Abstract Semantics for Atoms in Nuprl , 2006 .

[16]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[17]  Stuart Allen A Non-Type-Theoretic Definition of Martin-Löf's Types , 1987, LICS.

[18]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[19]  Robert L. Constable,et al.  The Structure of Nuprl’s Type Theory , 1997 .

[20]  Richard E. Overill,et al.  Foundations of Cryptography: Basic Tools , 2002, J. Log. Comput..

[21]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[22]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[23]  Catherine A. Meadows,et al.  Formal Verification of Cryptographic Protocols: A Survey , 1994, ASIACRYPT.

[24]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[25]  S. Buss Handbook of proof theory , 1998 .

[26]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..