Mechanized Network Origin and Path Authenticity Proofs

A secure routing infrastructure is vital for secure and reliable Internet services. Source authentication and path validation are two fundamental primitives for building a more secure and reliable Internet. Although several protocols have been proposed to implement these primitives, they have not been formally analyzed for their security guarantees. In this paper, we apply proof techniques for verifying cryptographic protocols (e.g., key exchange protocols) to analyzing network protocols. We encode LS2, a program logic for reasoning about programs that execute in an adversarial environment, in Coq. We also encode protocol-specific data structures, predicates, and axioms. To analyze a source-routing protocol that uses chained MACs to provide origin and path validation, we construct Coq proofs to show that the protocol satisfies its desired properties. To the best of our knowledge, we are the first to formalize origin and path authenticity properties, and mechanize proofs that chained MACs can provide the desired authenticity properties.

[1]  Jonathan K. Millen,et al.  The Interrogator: Protocol Secuity Analysis , 1987, IEEE Transactions on Software Engineering.

[2]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[3]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[4]  Adrian Perrig,et al.  SNAPP: stateless network-authenticated path pinning , 2008, ASIACCS '08.

[5]  Lars Birkedal,et al.  Ynot: dependent types for imperative programs , 2008, ICFP 2008.

[6]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[7]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[8]  Mathieu Turuani,et al.  The CL-Atse Protocol Analyser , 2006, RTA.

[9]  Véronique Cortier,et al.  Deciding Security for Protocols with Recursive Tests , 2011, CADE.

[10]  Dilsun Kirli Kaynar,et al.  Compositional System Security with Interface-Confined Adversaries , 2010, MFPS.

[11]  Alessandro Armando,et al.  SATMC: a SAT-based model checker for security protocols, business processes, and security APIs , 2004, International Journal on Software Tools for Technology Transfer.

[12]  Andrew D. Gordon,et al.  Modular verification of security protocol code by typing , 2010, POPL '10.

[13]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[14]  Véronique Cortier,et al.  Modeling and Verifying Ad Hoc Routing Protocols , 2010, CSF.

[15]  José Meseguer,et al.  A rewriting-based inference system for the NRL protocol analyzer: grammar generation , 2005, FMSE '05.

[16]  Aleksandar Nanevski,et al.  Ynot : Reasoning with the Awkward Squad , 2008 .

[17]  Ralf Küsters,et al.  Automata-Based Analysis of Recursive Cryptographic Protocols , 2004, STACS.

[18]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[19]  John C. Mitchell,et al.  Protocol Composition Logic (PCL) , 2007, Computation, Meaning, and Logic.

[20]  Evangelos Kranakis,et al.  Pretty Secure BGP, psBGP , 2005, NDSS.

[21]  Alexander K. Petrenko,et al.  Electronic Notes in Theoretical Computer Science , 2009 .

[22]  Thomas Genet,et al.  Rewriting for Cryptographic Protocol Verification , 2000, CADE.

[23]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[24]  Srdjan Capkun,et al.  Formal Reasoning about Physical Properties of Security Protocols , 2011, TSEC.

[25]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[26]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[27]  Dawn Xiaodong Song,et al.  Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis , 2001, J. Comput. Secur..

[28]  Somesh Jha,et al.  Verifying security protocols with Brutus , 2000, TSEM.

[29]  David A. Basin Lazy Infinite-State Analysis of Security Protocols , 1999, CQRE.

[30]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[31]  Yassine Lakhnech,et al.  HERMES: An Automatic Tool for Verification of Secrecy in Security Protocols , 2003, CAV.

[32]  Xin Liu,et al.  Passport: Secure and Adoptable Source Authentication , 2008, NSDI.

[33]  Bobby Bhattacharjee,et al.  Accountability as a Service , 2007, SRUTI.

[34]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2013, J. Funct. Program..

[35]  Michael Walfish,et al.  Verifying and enforcing network paths with icing , 2011, CoNEXT '11.

[36]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[37]  Chen Chen,et al.  Reduction-based security analysis of Internet routing protocols , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[38]  Hao Xu,et al.  A Program Logic for Verifying Secure Routing Protocols , 2014, FORTE.

[39]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[40]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[41]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[42]  Dilsun Kirli Kaynar,et al.  A Logic of Secure Systems and its Application to Trusted Computing , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[43]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[44]  Jean-Pierre Seifert,et al.  Secrecy Analysis in Protocol Composition Logic , 2006, ASIAN.

[45]  Luca Viganò,et al.  Automated Security Protocol Analysis With the AVISPA Tool , 2006, MFPS.

[46]  John C. Mitchell,et al.  A Security Evaluation of DNSSEC with NSEC3 , 2010, NDSS.

[47]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2003 .

[48]  Véronique Cortier,et al.  Analysing Routing Protocols: Four Nodes Topologies Are Sufficient , 2012, POST.

[49]  Yih-Chun Hu,et al.  Lightweight source authentication and path validation , 2015, SIGCOMM 2015.

[50]  Anupam Datta,et al.  Compositional System Security in the Presence of Interface-Confined Adversaries (CMU-CyLab-10-004) , 2010 .