Models for Cryptographic Protocol Analysis

Formal models for security protocols often rely on assumptions not to be found in computational models. A first assumption is the perfect encryption one: encrypted data can not be manipulated in any way unless the decryption key is known. Another usual assumption is the free algebra one: only a few cryptographic primitives are considered in the model, and these must form a free algebra. We study these assumptions, and relax them to define more general models. We then define static analysis techniques for veryfing protocols secure in our models.

[1]  Flemming Nielson,et al.  Static Analysis for the pi-Calculus with Applications to Security , 2001, Inf. Comput..

[2]  Michael Backes,et al.  Cryptographically Sound and Machine-Assisted Verification of Security Protocols , 2003, STACS.

[3]  C. W. Johnson A Probabilistic Logic for the Development of Safety-Critical, Interactive Systems , 1993, Int. J. Man Mach. Stud..

[4]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[5]  Luca Cardelli,et al.  Types for mobile ambients , 1999, POPL '99.

[6]  Thomas Genet,et al.  Rewriting for Cryptographic Protocol Verification , 2000, CADE.

[7]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[8]  Roberto Zunino,et al.  Control Flow Analysis for the Applied Pi-calculus , 2004, MEFISTO.

[9]  Roberto Gorrieri,et al.  A Probabilistic Formulation of Imperfect Cryptography , 2003 .

[10]  David Monniaux Abstracting cryptographic protocols with tree automata , 2003, Sci. Comput. Program..

[11]  Pierpaolo Degano,et al.  Flow logic for Dolev-Yao secrecy in cryptographic processes , 2002, Future Gener. Comput. Syst..

[12]  Steve A. Schneider Security properties and CSP , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[13]  Vitaly Shmatikov,et al.  Symbolic protocol analysis with products and Diffie-Hellman exponentiation , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[14]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[15]  Birgit Pfitzmann,et al.  Symmetric Authentication within a Simulatable Cryptographic Library , 2003, ESORICS.

[16]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .

[17]  John C. Mitchell,et al.  Relating strands and multiset rewriting for security protocol analysis , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[18]  Corrado Priami,et al.  Checking security policies through an enhanced Control Flow Analysis , 2005, J. Comput. Secur..

[19]  Jean Goubault-Larrecq,et al.  Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically , 2005, J. Log. Algebraic Methods Program..

[20]  Christine Paulin-Mohring,et al.  The Coq Proof Assistant A Tutorial , 2005 .

[21]  Florent Jacquemard,et al.  Decidable Approximations of Term Rewriting Systems , 1996, RTA.

[22]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[23]  Martín Abadi,et al.  Formal Eavesdropping and Its Computational Interpretation , 2001, TACS.

[24]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[25]  Flemming Nielson,et al.  Cryptographic Analysis in Cubic Time , 2001, Electron. Notes Theor. Comput. Sci..

[26]  Stephen Warshall,et al.  A Theorem on Boolean Matrices , 1962, JACM.

[27]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[28]  Chris Hankin,et al.  Approximate non-interference , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[29]  Stephen J. Garland,et al.  Algorithm 97: Shortest path , 1962, Commun. ACM.

[30]  Flemming Nielson,et al.  Static Analysis for Secrecy and Non-interference in Networks of Processes , 2001, PaCT.

[31]  Hubert Comon,et al.  Tree automata techniques and applications , 1997 .

[32]  Pierpaolo Degano,et al.  A Note on the Perfect Encryption Assumption in a Process Calculus , 2004, FoSSaCS.

[33]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[34]  Toshinori Takai,et al.  A Verification Technique Using Term Rewriting Systems and Abstract Interpretation , 2004, RTA.

[35]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[36]  Roberto Gorrieri,et al.  Non Interference for the Analysis of Cryptographic Protocols , 2000, ICALP.

[37]  Thomas Genet,et al.  Verification of Copy-Protection Cryptographic Protocol using Approximations of Term Rewriting System , 2003 .

[38]  Valérie Viet Triem Tong,et al.  Reachability Analysis over Term Rewriting Systems , 2004, Journal of Automated Reasoning.

[39]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[40]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[41]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[42]  Gavin Lowe Analysing Protocol Subject to Guessing Attacks , 2004, J. Comput. Secur..

[43]  Olga Kouchnarenko,et al.  Handling Algebraic Properties in Automatic Analysis of Security Protocols , 2006, ICTAC.

[44]  François Pottier A simple view of type-secure information flow in the /spl pi/-calculus , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[45]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[46]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[47]  John C. Mitchell,et al.  Probabilistic Bisimulation and Equivalence for Security Analysis of Network Protocols , 2004, FoSSaCS.

[48]  David Clark,et al.  Quantitative Analysis of the Leakage of Confidential Data , 2002, QAPL.

[49]  Valérie Viet Triem Tong,et al.  Reachability Analysis of Term Rewriting Systems with Timbuk , 2001, LPAR.

[50]  Jonathan K. Millen,et al.  The Interrogator A Tool for Cryptographic Protocol Security , 1984, 1984 IEEE Symposium on Security and Privacy.

[51]  P. Degano,et al.  Finite Approximations of Terms up to Rewriting , 2005 .

[52]  José Meseguer,et al.  Conditioned Rewriting Logic as a United Model of Concurrency , 1992, Theor. Comput. Sci..

[53]  Pierpaolo Degano,et al.  Weakening the perfect encryption assumption in Dolev-Yao adversaries , 2005, Theor. Comput. Sci..

[54]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[55]  Flemming Nielson,et al.  Automatic validation of protocol narration , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[56]  Peeter Laud,et al.  Secrecy types for a simulatable cryptographic library , 2005, CCS '05.

[57]  Jonathan Herzog,et al.  A computational interpretation of Dolev-Yao adversaries , 2005, Theor. Comput. Sci..

[58]  Mathieu Baudet,et al.  Random Polynomial-Time Attacks and Dolev-Yao Models , 2006, J. Autom. Lang. Comb..

[59]  J. Courant,et al.  Defending the Bank with a Proof Assistant , 2006 .

[60]  Pierpaolo Degano,et al.  Handling exp, × (and Timestamps) in Protocol Analysis , 2006, FoSSaCS.

[61]  Kim G. Larsen,et al.  Bisimulation through Probabilistic Testing , 1991, Inf. Comput..

[62]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[63]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[64]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[65]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.