Epistemic Verification of Anonymity

Anonymity is not a trace-based property, therefore traditional model checkers are not directly able to express it and verify it. However, by using epistemic logic (logic of knowledge) to model the protocols, anonymity becomes an easily verifiable epistemic formula. We propose using Dynamic Epistemic Logic to model security protocols and properties, in particular anonymity properties. We have built tool support for DEL verification which reuses state-of-the-art tool support for automata-based verification. We illustrate this approach by analyzing an anonymous broadcast protocol and an electronic voting protocol. By comparison with a process-based analysis of the same protocols, we also discuss the relative (dis)advantages of the process-based and epistemic-based verification methods in general.

[1]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[2]  Erik P. de Vink,et al.  Update Semantics of Security Protocols , 2004, Synthese.

[3]  Jaakko Hintikka,et al.  Knowledge and Belief: An Introduction to the Logic of the Two Notions. , 1965 .

[4]  Simona Orzan,et al.  Modeling the epistemics of communication with functional programming , 2005 .

[5]  Kaile Su,et al.  Symbolic model checking the knowledge of the dining cryptographers , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[6]  Bernhard Beckert,et al.  Dynamic Logic , 2007, The KeY Approach.

[7]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[8]  Wolter Pieters,et al.  Provable anonymity , 2005, FMSE '05.

[9]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[10]  Alessio Lomuscio,et al.  A Tool For Specification And Verification Of Epistemic Properties In Interpreted Systems , 2004, LCMAS.

[11]  Wiebe van der Hoek,et al.  Model Checking Russian Cards , 2006, Electron. Notes Theor. Comput. Sci..

[12]  Lawrence S. Moss,et al.  Logics for Epistemic Programs , 2004, Synthese.

[13]  Vitaly Shmatikov,et al.  Information Hiding, Anonymity and Privacy: a Modular Approach , 2004, J. Comput. Secur..

[14]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[15]  Alexandru Baltag,et al.  A Logic for Suspicious Players: Epistemic Actions and Belief-Updates in Games , 2000 .

[16]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[17]  Lawrence S. Moss,et al.  The Logic of Public Announcements and Common Knowledge and Private Suspicions , 1998, TARK.

[18]  Alain Kerbrat,et al.  CADP - A Protocol Validation and Verification Toolbox , 1996, CAV.

[19]  D. Gabbay,et al.  Handbook of Philosophical Logic, Volume II. Extensions of Classical Logic , 1986 .

[20]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[21]  Jan Friso Groote,et al.  µCRL: A Toolset for Analysing Algebraic Specifications , 2001, CAV.

[22]  Yde Venema,et al.  Dynamic Logic by David Harel, Dexter Kozen and Jerzy Tiuryn. The MIT Press, Cambridge, Massachusetts. Hardback: ISBN 0–262–08289–6, $50, xv + 459 pages , 2002, Theory and Practice of Logic Programming.

[23]  J. Benthem,et al.  Logics of communication and change , 2006 .

[24]  Sachin Lodha,et al.  Probabilistic Anonymity , 2007, PinKDD.

[25]  Ron van der Meyden,et al.  Common Knowledge and Update in Finite Environments , 1998, Inf. Comput..

[26]  Vaughan R. Pratt,et al.  Application of modal logic to programming , 1980 .

[27]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[28]  William Stallings Practical cryptography for data internetworks , 1996 .

[29]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.