Cryptographically Sound and Machine-Assisted Verification of Security Protocols

We consider machine-aided verification of suitably constructed abstractions of security protocols, such that the verified properties are valid for the concrete implementation of the protocol with respect to cryptographic definitions. In order to link formal methods and cryptography, we show that integrity properties are preserved under step-wise refinement in asynchronous networks with respect to cryptographic definitions, so formal verifications of our abstractions carry over to the concrete counterparts. As an example, we use the theorem prover PVS to formally verify a system for ordered secure message transmission, which yields the first example ever of a formally verified but nevertheless cryptographically sound proof of a security protocol.We believe that a general methodology for verifying cryptographic protocols cryptographically sound can be derived by following the ideas of this example.

[1]  G. Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol using CSP and FDR , 1996 .

[2]  Birgit Pfitzmann,et al.  Cryptographic Security of Reactive Systems Extended Abstract , 2000 .

[3]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[4]  Nancy A. Lynch,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[5]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[6]  Joshua D. Guttman,et al.  The faithfulness of abstract protocol analysis: message authentication , 2001, CCS '01.

[7]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.

[8]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[9]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[10]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[11]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[12]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[13]  Birgit Pfitzmann,et al.  Deriving Cryptographically Sound Implementations Using Composition and Formally Verified Bisimulation , 2002, FME.

[14]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[15]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[16]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[17]  John C. Mitchell,et al.  A probabilistic poly-time framework for protocol analysis , 1998, CCS '98.

[18]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[19]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[20]  A. W. Roscoe Modelling and verifying key-exchange protocols using CSP and FDR , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[21]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[22]  Steve A. Schneider Security properties and CSP , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[23]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2000, Journal of Cryptology.

[24]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[25]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.