Secrecy Despite Compromise: Types, Cryptography, and the Pi-Calculus

A realistic threat model for cryptographic protocols or for language-based security should include a dynamically growing population of principals (or security levels), some of which may be compromised, that is, come under the control of the adversary. We explore such a threat model within a pi-calculus. A new process construct records the ordering between security levels, including the possibility of compromise. Another expresses the expectation of conditional secrecy of a message--that a particular message is unknown to the adversary unless particular levels are compromised. Our main technical contribution is the first system of secrecy types for a process calculus to support multiple, dynamically-generated security levels, together with the controlled compromise or downgrading of security levels. A series of examples illustrates the effectiveness of the type system in proving secrecy of messages, including dynamically-generated messages. It also demonstrates the improvement over prior work obtained by including a security ordering in the type system. Perhaps surprisingly, the soundness proof for our type system for symbolic cryptography is via a simple translation into a core typed pi-calculus, with no need to take symbolic cryptography as primitive.

[1]  Martín Abadi,et al.  Secrecy Types for Asymmetric Communication , 2001, FoSSaCS.

[2]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[3]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[4]  Gérard Boudol,et al.  On Declassification and the Non-Disclosure Policy , 2005, CSFW.

[5]  Luca Cardelli,et al.  Secrecy and group creation , 2005, Inf. Comput..

[6]  Benjamin C. Pierce,et al.  Theoretical Aspects of Computer Software , 2001, Lecture Notes in Computer Science.

[7]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[8]  Bruno Blanchet,et al.  From Secrecy to Authenticity in Security Protocols , 2002, SAS.

[9]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[10]  Michele Bugliesi,et al.  Authenticity by tagging and typing , 2004, FMSE '04.

[11]  Akinori Yonezawa,et al.  Software Security — Theories and Systems , 2003, Lecture Notes in Computer Science.

[12]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[13]  Akinori Yonezawa,et al.  A Typed Process Calculus for Fine-Grained Resource Access Control in Distributed Computation , 2001, TACS.

[14]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2003 .

[15]  Richard J. Lipton,et al.  Foundations of Secure Computation , 1978 .

[16]  James Riely,et al.  Trust and partial typing in open systems of mobile agents , 1999, POPL '99.

[17]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .

[18]  Andrew D. Gordon,et al.  A Type Discipline for Authorization Policies , 2005, ESOP.

[19]  Martin Odersky,et al.  Polarized Name Passing , 1995, FSTTCS.

[20]  Andrew D. Gordon,et al.  Typing One-to-One and One-to-Many Correspondences in Security Protocols , 2002, ISSS.

[21]  Vincent Simonet The Flow Caml System: Documentation and user's manual , 2003 .

[22]  Martn Abadi,et al.  Security Protocols and their Properties , 2000 .

[23]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[24]  Andrew D. Gordon,et al.  Ðð Blockinøöóòò Aeóøø× Ò Ìììóööøø Blockin Blockinð Óñôùøøö Ë Blockin , 2007 .

[25]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[26]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[27]  Steve Zdancewic,et al.  Run-time principals in information-flow type systems , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[28]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .