Secrecy by witness-functions under equational theories

In this paper, we use the witness-functions to analyze cryptographic protocols for secrecy under nonempty equational theories. The witness-functions are safe metrics used to compute security. An analysis with a witness-function consists in making sure that the security of every atomic message does not decrease during its lifecycle in the protocol. The analysis gets more difficult under nonempty equational theories. Indeed, the intruder can take advantage of the algebraic properties of the cryptographic primitives to derive secrets. These properties arise from the use of mathematical functions, such as multiplication, addition, exclusive-or or modular exponentiation in the cryptosystems and the protocols. Here, we show how to use the witness-functions under nonempty equational theories and we run an analysis on the Needham-Schroeder-Lowe protocol under the cipher homomorphism. This analysis reveals that although this protocol is proved secure under the perfect encryption assumption, its security collapses under the homomorphic primitives. We show how the witness-functions help to illustrate an attack scenario on it and we propose an amended version to fix it.

[1]  Véronique Cortier,et al.  Decidability and Combination Results for Two Notions of Knowledge in Security Protocols , 2012, Journal of Automated Reasoning.

[2]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[3]  Mohamed Mejri,et al.  Secrecy by witness-functions on increasing protocols , 2014, Proceedings of the 2014 6th International Conference on Electronics, Computers and Artificial Intelligence (ECAI).

[4]  Steve A. Schneider Security properties and CSP , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5]  Véronique Cortier Secure Composition of Protocols , 2011, TOSCA.

[6]  Mourad Debbabi,et al.  An environment for the specification and analysis of cryptoprotocols , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[7]  Mohamed Mejri,et al.  Formal Analysis of SET and NSL Protocols Using the Interpretation Functions-Based Method , 2012, J. Comput. Networks Commun..

[8]  D. Pigozzi Universal equational theories and varieties of algebras , 1979 .

[9]  Véronique Cortier,et al.  A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems , 2011, Journal of Automated Reasoning.

[10]  Véronique Cortier,et al.  Safely composing security protocols , 2009, Formal Methods Syst. Des..

[11]  Mohamed Mejri,et al.  Practical and Universal Interpretation Functions for Secrecy , 2007, SECRYPT.

[12]  Hamido Fujita,et al.  Secrecy of cryptographic protocols under equational theory , 2009, Knowl. Based Syst..

[13]  Mohamed Mejri,et al.  Ensuring the Correctness of Cryptographic Protocols with Respect to Secrecy , 2008, SECRYPT.

[14]  Steve A. Schneider,et al.  Verifying Security Protocols: An Application of CSP , 2004, 25 Years Communicating Sequential Processes.

[15]  Mohamed Mejri,et al.  Ensuring Confidentiality in Cryptographic Protocols with the Witness-Functions , 2022 .

[16]  Nadia Tawbi,et al.  Formal automatic verification of authentication cryptographic protocols , 1997, First IEEE International Conference on Formal Engineering Methods.

[17]  Mohamed Mejri,et al.  Secrecy by Witness Functions , 2014, FMS @ Petri Nets.

[18]  Véronique Cortier,et al.  Protocol Composition for Arbitrary Primitives , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[19]  Mohamed Mejri,et al.  NEW FUNCTIONS FOR SECRECY ON REAL PROTOCOLS , 2014 .

[20]  Mohamed Mejri,et al.  A Semi-Decidable Procedure for Secrecy in Cryptographic Protocols , 2014, ArXiv.

[21]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[22]  Geoff W. Hamilton,et al.  Revisiting the BAN-Modified Andrew Secure RPC Protocol , 2014, J. Internet Serv. Inf. Secur..

[23]  Véronique Cortier,et al.  Deciding security properties for cryptographic protocols. application to key cycles , 2007, TOCL.

[24]  Nadia Tawbi,et al.  From protocol specifications to flaws and attack scenarios: an automatic and formal algorithm , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.