A Type System for Privacy Properties

Mature push button tools have emerged for checking trace properties (e.g. secrecy or authentication) of security protocols. The case of indistinguishability-based privacy properties (e.g. ballot privacy or anonymity) is more complex and constitutes an active research topic with several recent propositions of techniques and tools. We explore a novel approach based on type systems and provide a (sound) type system for proving equivalence of protocols, for a bounded or an unbounded number of sessions. The resulting prototype implementation has been tested on various protocols of the literature. It provides a significant speed-up (by orders of magnitude) compared to tools for a bounded number of sessions and complements in terms of expressiveness other state-of-the-art tools, such as ProVerif and Tamarin: e.g., we show that our analysis technique is the first one to handle a faithful encoding of the Helios e-voting protocol in the context of an untrusted ballot box.

[1]  Michele Bugliesi,et al.  Analysis of typed analyses of authentication protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[2]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[3]  Vincent Cheval,et al.  Lengths May Break Privacy - Or How to Check for Equivalences with Length , 2013, CAV.

[4]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[5]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[6]  Michael Hicks,et al.  Decomposition instead of self-composition for proving the absence of timing channels , 2017, PLDI.

[7]  Michaël Rusinowitch,et al.  Relating two standard notions of secrecy , 2006, Log. Methods Comput. Sci..

[8]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[9]  Véronique Cortier,et al.  Computational soundness of observational equivalence , 2008, CCS.

[10]  Bruno. Blanchet,et al.  Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif , 2016, Found. Trends Priv. Secur..

[11]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[12]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[13]  Michele Bugliesi,et al.  Dynamic types for authentication , 2007, J. Comput. Secur..

[14]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[15]  Michele Bugliesi,et al.  Authenticity by tagging and typing , 2004, FMSE '04.

[16]  Benjamin Grégoire,et al.  Probabilistic relational verification for cryptographic implementations , 2014, POPL.

[17]  Hongseok Yang,et al.  Relational separation logic , 2007, Theor. Comput. Sci..

[18]  Rohit Chadha,et al.  Automated Verification of Equivalence Properties of Cryptographic Protocols , 2012, ACM Trans. Comput. Log..

[19]  Rocco De Nicola,et al.  Proof techniques for cryptographic processes , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[20]  David A. Basin,et al.  Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[21]  Nikhil Swamy,et al.  A monadic framework for relational verification: applied to information security, program equivalence, and optimizations , 2017, CPP.

[22]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[23]  Grigore Rosu,et al.  A language-independent proof system for full program equivalence , 2016, Formal Aspects of Computing.

[24]  Véronique Cortier,et al.  Type-Based Verification of Electronic Voting Protocols , 2015, POST.

[25]  Benjamin Grégoire,et al.  Formal certification of code-based cryptographic proofs , 2009, POPL '09.

[26]  Matteo Maffei,et al.  Differential Privacy by Typing in Security Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[27]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[28]  Alwen Tiu,et al.  Automating Open Bisimulation Checking for the Spi Calculus , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[29]  Vincent Cheval APTE: An Algorithm for Proving Trace Equivalence , 2014, TACAS.

[30]  Dorel Lucanu,et al.  Program equivalence by circular reasoning , 2013, Formal Aspects of Computing.

[31]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2000, Journal of Cryptology.

[32]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[33]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[34]  Michele Bugliesi,et al.  Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[35]  Riccardo Focardi,et al.  Types for Security Protocols , 2011, Formal Models and Techniques for Analyzing Security Protocols.

[36]  Michele Bugliesi,et al.  Affine Refinement Types for Secure Distributed Programming , 2015, ACM Trans. Program. Lang. Syst..

[37]  Véronique Cortier,et al.  SAT-Equiv: An Efficient Tool for Equivalence Properties , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[38]  Mark Ryan,et al.  Untraceability in the applied pi-calculus , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[39]  Matteo Maffei,et al.  Security and Privacy by Declarative Design , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[40]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[41]  Michael Backes,et al.  Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations , 2014, J. Comput. Secur..

[42]  RyanMark,et al.  Verifying privacy-type properties of electronic voting protocols , 2009 .

[43]  Isil Dillig,et al.  Cartesian hoare logic for verifying k-safety properties , 2016, PLDI.

[44]  Véronique Cortier,et al.  When Are Three Voters Enough for Privacy Properties? , 2016, ESORICS.

[45]  Ralf Sasse,et al.  Automated Symbolic Proofs of Observational Equivalence , 2015, CCS.

[46]  Ben Smyth,et al.  Attacking and Fixing Helios: An Analysis of Ballot Secrecy , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[47]  David Baelde,et al.  Partial Order Reduction for Security Protocols , 2015, CONCUR.

[48]  José Meseguer,et al.  A Formal Definition of Protocol Indistinguishability and Its Verification Using Maude-NPA , 2014, STM.

[49]  Véronique Cortier,et al.  A Type System for Privacy Properties (Technical Report) , 2017, ArXiv.

[50]  Nick Benton,et al.  Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.

[51]  Michael Backes,et al.  Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[52]  Martn Abadi,et al.  Security Protocols and their Properties , 2000 .

[53]  Véronique Cortier,et al.  Designing and Proving an EMV-Compliant Payment Protocol for Mobile Devices , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[54]  Michele Bugliesi,et al.  Logical Foundations of Secure Resource Management in Protocol Implementations , 2013, POST.

[55]  Mark Ryan,et al.  Analysing Unlinkability and Anonymity Using the Applied Pi Calculus , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.