Design and Analysis of Distributed Protocols with AnBx

Designing distributed protocols is challenging, as it requires actions at very different levels: from the choice of network-level mechanisms to protect the exchange of sensitive data, to the definition of structured interaction patterns to convey application-specific guarantees. Current security infrastructures provide very limited support for the specification of such interactions. As a consequence, the high-level security properties of a protocol typically must be hard-coded explicitly, in terms of low-level cryptographic notions and devices which clutter the design and undermine its scalability and robustness. To counter these problems, we propose an extension of the Alice & Bob notation for protocol narrations (AnBx) to serve as a specification language for a purely declarative modelling of distributed protocols. AnBx is built around a set of communication and data abstractions which provide primitive support for the high-level security guarantees required in the design of distributed protocols, and help shield the specification from the details of the underlying cryptographic infrastructure. AnBx is implemented on top of the OFMC [7, 31] verification tool, by means of a translation to the AnB language supported by OFMC. As a result, AnBx serves not only for specification and design, but also as a powerful tool for the security analysis of distributed protocols. We demonstrate the practical effectiveness of our approach with the specification and analysis of two real-life e-payment protocols: iKP [12, 11] and SET [8, 9, 10]. As reported in the paper, the declarative nature of the AnBx abstractions pays off, and results in protocol specifications with stronger, and more scalable security guarantees than those offered by the original protocols.

[1]  Joshua D. Guttman,et al.  Security protocol design via authentication tests , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[2]  Shiyong Lu,et al.  Model checking the secure electronic transaction (SET) protocol , 1999, MASCOTS '99. Proceedings of the Seventh International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[3]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[4]  Cédric Fournet,et al.  Secure Implementations for Typed Session Abstractions , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[5]  Michele Bugliesi,et al.  Language Based Secure Communication , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[6]  Michael Backes,et al.  Type-checking zero-knowledge , 2008, CCS.

[7]  Hugo Krawczyk,et al.  Design, implementation, and deployment of the iKP secure electronic payment system , 2000, IEEE Journal on Selected Areas in Communications.

[8]  Michele Bugliesi,et al.  AnBx - Security Protocols Design and Verification , 2010, ARSPA-WITS.

[9]  Martín Abadi,et al.  Secure network objects , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[10]  Joshua D. Guttman,et al.  Programming Cryptographic Protocols , 2005, TGC.

[11]  Sebastian Mödersheim,et al.  The Open-Source Fixed-Point Model Checker for Symbolic Analysis of Security Protocols , 2009, FOSAD.

[12]  Sebastian Mödersheim,et al.  Algebraic Properties in Alice and Bob Notation , 2009, 2009 International Conference on Availability, Reliability and Security.

[13]  Chris J. Mitchell,et al.  MEASURING 3-D SECURE AND 3 D SET AGAINST E-COMMERCE END-USER REQUIREMENTS , 2003 .

[14]  Mihir Bellare,et al.  iKP - A Family of Secure Electronic Payment Protocols , 1995, USENIX Workshop on Electronic Commerce.

[15]  Srecko Brlek,et al.  A flaw in the electronic commerce protocol SET , 2006, Inf. Process. Lett..

[16]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[17]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[18]  Fabio Massacci,et al.  Verifying the SET Purchase Protocols , 2005, Journal of Automated Reasoning.

[19]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[20]  Fabio Massacci,et al.  Verifying the SET registration protocols , 2003, IEEE J. Sel. Areas Commun..

[21]  Catherine A. Meadows,et al.  A Formal Specification of Requirements for Payment Transactions in the SET Protocol , 1998, Financial Cryptography.

[22]  Sebastian Mödersheim,et al.  OFMC: A Symbolic Model-Checker for Security Protocols , 2004 .

[23]  Kazuhiro Ogata,et al.  Formal Analysis of the iKP Electronic Payment Protocols , 2002, ISSS.

[24]  Martín Abadi,et al.  Private authentication , 2004, Theor. Comput. Sci..

[25]  Cédric Fournet,et al.  Cryptographic Protocol Synthesis and Verification for Multiparty Sessions , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[26]  Cédric Fournet,et al.  A secure compiler for session abstractions , 2008, J. Comput. Secur..

[27]  Els Van Herreweghen Non-repudiation in SET: Open Issues , 2000, Financial Cryptography.

[28]  Martín Abadi,et al.  Authentication primitives and their compilation , 2000, POPL '00.

[29]  Ueli Maurer,et al.  A Calculus for Secure Channel Establishment in Open Networks , 1994, ESORICS.

[30]  D. O'Mahony,et al.  Electronic payment systems for e-commerce , 2001 .

[31]  Fabio Massacci,et al.  An overview of the verification of SET , 2005, International Journal of Information Security.

[32]  Martín Abadi,et al.  Secure implementation of channel abstractions , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[33]  Cédric Fournet,et al.  Cryptographically Sound Implementations for Communicating Processes , 2006, ICALP.

[34]  Michele Bugliesi,et al.  Secure implementations of typed channel abstractions , 2007, POPL '07.