Soft Constraints for Security Protocol Analysis: Confidentiality

We model any network configuration arising from the execution of a security protocol as a soft constraint satisfaction problem (SCSP). We formalise the protocol goal of confidentiality as a property of the solution for an SCSP, hence confidentiality always holds with a certain security level. The policy SCSP models the network configuration where all admissible protocol sessions have terminated successfully, and an imputable SCSP models a given network configuration. Comparing the solutions of these two problems elicits whether the given configuration hides a confidentiality attack. We can also compare attacks and decide which is the most significant. The approach is demonstrated on the asymmetric Needham-Schroeder protocol.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[3]  Francesca Rossi,et al.  Constraint Solving over Semirings , 1995, IJCAI.

[4]  Thomas Schiex,et al.  Semiring-Based CSPs and Valued CSPs: Basic Properties and Comparison , 1995, Over-Constrained Systems.

[5]  Eugene C. Freuder,et al.  Partial Constraint Satisfaction , 1989, IJCAI.

[6]  Jérôme Lang,et al.  Uncertainty in Constraint Satisfaction Problems: a Probalistic Approach , 1993, ECSQARU.

[7]  Lawrence C. Paulson,et al.  Kerberos Version 4: Inductive Analysis of the Secrecy Goals , 1998, ESORICS.

[8]  A. W. Roscoe,et al.  Using CSP to Detect Errors in the TMN Protocol , 1997, IEEE Trans. Software Eng..

[9]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[10]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[11]  Elvinia Riccobene,et al.  Formal Analysis of the Kerberos Authentication System , 1997, J. Univers. Comput. Sci..

[12]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[13]  D. Dubois,et al.  The calculus of fuzzy restrictions as a basis for flexible constraint satisfaction , 1993, [Proceedings 1993] Second IEEE International Conference on Fuzzy Systems.

[14]  Thomas Schiex,et al.  Possibilistic Constraint Satisfaction Problems or "How to Handle Soft Constraints?" , 1992, UAI.

[15]  Thomas Schiex,et al.  Valued Constraint Satisfaction Problems: Hard and Easy Problems , 1995, IJCAI.

[16]  Alan K. Mackworth Constraint Satisfaction , 1985 .

[17]  Dana S. Scott,et al.  Some Domain Theory and Denotational Semantics in Coq , 2009, TPHOLs.

[18]  Z. Ruttkay Fuzzy constraint satisfaction , 1994, Proceedings of 1994 IEEE 3rd International Fuzzy Systems Conference.

[19]  Francesca Rossi,et al.  Semiring-based constraint solving and optimization , 1997 .

[20]  Fabio Massacci,et al.  Formal Verification of Cardholder Registration in SET , 2000, ESORICS.

[21]  Francesca Rossi,et al.  Semiring-based constraint satisfaction and optimization , 1997, JACM.

[22]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[23]  Dana S. Scott,et al.  Concurrent constraint programming languages , 1989 .