MoSS: Modular Security Specifications Framework

Applied cryptographic protocols have to meet a rich set of security requirements under diverse environments and against diverse adversaries. However, currently used security specifications, based on either simulation [10,24] (e.g., ‘ideal functionality’ in UC) or games [7,26], are monolithic, combining together different aspects of protocol requirements, environment and assumptions. Such specifications are complex, error-prone, and foil reusability, modular analysis and incremental design. We present the Modular Security Specifications (MoSS) framework, which cleanly separates each security requirement (goal) which a protocol should achieve, from the environment and model (assumptions) under which the requirement should be ensured. This modularity allows us to reuse individual models and requirements across different protocols and tasks, and to compare protocols for the same task, either under different assumptions (models) or satisfying different sets of requirements. MoSS is flexible and extendable, e.g., it can support both asymptotic and concrete definitions for security. We demonstrate the applicability of MoSS to two applications: secure broadcast protocols and PKI schemes.

[1]  Birgit Pfitzmann,et al.  A General Composition Theorem for Secure Reactive Systems , 2004, TCC.

[2]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[3]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[4]  Ewa Syta,et al.  When PKI (finally) met Provable Security , 2021 .

[5]  Arno Fiedler,et al.  Certificate transparency , 2014, Commun. ACM.

[6]  Ran Canetti,et al.  Universally Composable Security , 2020, J. ACM.

[7]  Benjamin Grégoire,et al.  Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[8]  Amir Herzberg,et al.  Provable Security for PKI Schemes , 2019, IACR Cryptol. ePrint Arch..

[9]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[10]  Jörn Müller-Quade,et al.  Polynomial Runtime and Composability , 2013, Journal of Cryptology.

[11]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[12]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[13]  Bruno Blanchet,et al.  A Computationally Sound Mechanized Prover for Security Protocols , 2008, IEEE Transactions on Dependable and Secure Computing.

[14]  Dennis Hofheinz,et al.  GNUC: A New Universal Composability Framework , 2015, Journal of Cryptology.

[15]  Ralf Küsters,et al.  iUC: Flexible Universal Composability Made Simple , 2019, IACR Cryptol. ePrint Arch..

[16]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[17]  Yehuda Lindell,et al.  A Simpler Variant of Universally Composable Security for Standard Multiparty Computation , 2015, CRYPTO.

[18]  Ran Canetti,et al.  Universally Composable Authentication and Key-Exchange with Global PKI , 2016, Public Key Cryptography.

[19]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[20]  Ralf Küsters,et al.  The IITM Model: A Simple and Expressive Model for Universal Composability , 2020, Journal of Cryptology.

[21]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[22]  Amir Herzberg,et al.  The layered games framework for specifications and analysis of security protocols , 2008, Int. J. Appl. Cryptogr..

[23]  Ueli Maurer,et al.  Formalizing Constructive Cryptography using CryptHOL , 2019, 2019 IEEE 32nd Computer Security Foundations Symposium (CSF).

[24]  Bryan Parno,et al.  SoK: Computer-Aided Cryptography , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[25]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[26]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[27]  Kenneth G. Paterson,et al.  Provable Security in the Real World , 2011, IEEE Security & Privacy.

[28]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[29]  Ueli Maurer,et al.  Constructive Cryptography - A New Paradigm for Security Definitions and Proofs , 2011, TOSCA.

[30]  George Danezis,et al.  No right to remain silent: Isolating Malicious Mixes , 2017, IACR Cryptol. ePrint Arch..

[31]  Douglas Wikström Simplified Universal Composability Framework , 2016, TCC.