Achieving Security Despite Compromise Using Zero-knowledge

One of the important challenges when designing and analyzing cryptographic protocols is the enforcement of security properties in the presence of compromised participants. This paper presents a general technique for strengthening cryptographic protocols in order to satisfy authorization policies despite participant compromise. The central idea is to automatically transform the original cryptographic protocols by adding non-interactive zero-knowledge proofs.Each participant proves that the messages sent to the other participants are generated in accordance to the protocol.The zero-knowledge proofs are forwarded to ensure the correct behavior of all participants involved in the protocol, without revealing any secret data.We use an enhanced type system for zero-knowledge to verify that the transformed protocols conform to their authorization policy even if some participants are compromised.Finally, we developed a tool that automatically generates ML implementations of protocols based on zero-knowledge proofs.The protocol transformation, the verification, and the generation of protocol implementations are fully automated.

[1]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[2]  Cédric Fournet,et al.  Cryptographic Protocol Synthesis and Verification for Multiparty Sessions , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[3]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[4]  Ahmad-Reza Sadeghi,et al.  Automatic Generation of Sound Zero-Knowledge Protocols , 2008, IACR Cryptol. ePrint Arch..

[5]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[6]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[7]  Matteo Maffei,et al.  Spi2F#- A Prototype Code Generator for Security Protocols , 2010 .

[8]  Amir Pnueli,et al.  Validation of Optimizing Compilers , 2001 .

[9]  Michael R. Clarkson,et al.  Civitas: A Secure Voting System , 2007 .

[10]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[11]  Mark Ryan,et al.  Direct Anonymous Attestation (DAA): Ensuring Privacy with Corrupt Administrators , 2007, ESAS.

[12]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[13]  Michael Backes,et al.  Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[14]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[15]  Andrew D. Gordon,et al.  Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, Pittsburgh, Pennsylvania, USA, 23-25 June 2008 , 2008, CSF.

[16]  Benjamin C. Pierce,et al.  Intersection types and bounded polymorphism , 1993, Mathematical Structures in Computer Science.

[17]  Andrew D. Gordon,et al.  A Type Discipline for Authorization in Distributed Systems , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[18]  Michael Backes,et al.  Type-checking zero-knowledge , 2008, CCS.

[19]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[20]  Yunhao Liu,et al.  Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[21]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[22]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, CRYPTO.

[23]  Cédric Fournet,et al.  Secure Implementations for Typed Session Abstractions , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[24]  Xavier Leroy,et al.  Formal verification of translation validators: a case study on instruction scheduling optimizations , 2008, POPL '08.

[25]  M. Felleisen,et al.  Reasoning about programs in continuation-passing style , 1993 .

[26]  John C. Mitchell,et al.  A derivation system and compositional logic for security protocols , 2005, J. Comput. Secur..

[27]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[28]  Véronique Cortier,et al.  Synthesizing Secure Protocols , 2007, ESORICS.

[29]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[30]  Martín Abadi,et al.  Secure implementation of channel abstractions , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[31]  FelleisenMatthias,et al.  Reasoning about programs in continuation-passing style. , 1992 .