A simple framework for real-time cryptographic protocol analysis with compositional proof rules

A real-time process algebra, enhanced with specific constructs for handling cryptographic primitives, is proposed to model cryptographic protocols in a simple way. We show that some security properties, such as authentication and secrecy, can be re-formulated in this timed setting. Moreover, we show that they can be seen as suitable instances of a general information flow-like scheme, called timed generalized non-deducibility on compositions (tGNDC), parametric w.r.t. the observational semantics of interest. We show that, when considering timed trace semantics. there exists a most powerful hostile environment (or enemy) that can try to compromise the protocol. Moreover, we present a couple of compositionality results for tGNDC, one of which is time dependent, and show their usefulness by means of a case study.

[1]  Roberto Gorrieri,et al.  Non Interference for the Analysis of Cryptographic Protocols , 2000, ICALP.

[2]  Roberto Gorrieri,et al.  Secrecy in Security Protocols as Non Interference , 1999, Workshop on Secure Architectures and Information Flow.

[3]  Gavin Lowe,et al.  Analysing a stream authentication protocol using model checking , 2002, International Journal of Information Security.

[4]  Irek Ulidowski,et al.  Extending Process Languages with Time , 1997, AMAST.

[5]  Joshua D. Guttman,et al.  Protocol independence through disjoint encryption , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[6]  Neil Evans,et al.  Analysing Time Dependent Security Properties in CSP Using PVS , 2000, ESORICS.

[7]  Roberto Gorrieri,et al.  Real-time information flow analysis , 2003, IEEE J. Sel. Areas Commun..

[8]  Fabio Martinelli,et al.  A Uniform Approach for the Definition of Security Properties , 1999, World Congress on Formal Methods.

[9]  Roberto Gorrieri,et al.  A Taxonomy of Security Properties for Process Algebras , 1995, J. Comput. Secur..

[10]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[11]  Roberto Gorrieri,et al.  A Simple Language for Real-Time Cryptographic Protocol Analysis , 2003, ESOP.

[12]  Roberto Gorrieri,et al.  A Classification of Security Properties , 1993 .

[13]  Roberto Gorrieri,et al.  A comparison of three authentication properties , 2003, Theor. Comput. Sci..

[14]  Daniele Gorla,et al.  On Compositional Reasoning in the Spi-calculus , 2002, FoSSaCS.

[15]  Nicoletta De Francesco,et al.  Authenticity in a reliable protocol for mobile computing , 2003, SAC '03.

[16]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[17]  N. Meyers,et al.  H = W. , 1964, Proceedings of the National Academy of Sciences of the United States of America.

[18]  Peter Y. A. Ryan,et al.  Modelling and analysis of security protocols , 2001 .

[19]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[20]  Jan Friso Groote,et al.  Transition System Specifications with Negative Premises , 1993, Theor. Comput. Sci..

[21]  Fabio Martinelli,et al.  Compositional Verification of Secure Streamed Data: A Case Study with EMSS , 2003, ICTCS.

[22]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[23]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[24]  Roberto Gorrieri,et al.  Formal Anaylsis of Some Timed Security Properties in Wireless Protocols , 2003, FMOODS.