Analyzing Security Protocols Using Time-Bounded Task-PIOAs

This paper presents the time-bounded task-PIOA modeling framework, an extension of the probabilistic input/output automata (PIOA) framework that can be used for modeling and verifying security protocols. Time-bounded task-PIOAs can describe probabilistic and nondeterministic behavior, as well as time-bounded computation. Together, these features support modeling of important aspects of security protocols, including secrecy requirements and limitations on the computational power of adversarial parties. They also support security protocol verification using methods that are compatible with less formal approaches used in the computational cryptography research community. We illustrate the use of our framework by outlining a proof of functional correctness and security properties for a well-known oblivious transfer protocol.

[1]  Frits W. Vaandrager,et al.  Root Contention in IEEE 1394 , 1999, ARTS.

[2]  Nancy A. Lynch,et al.  Probabilistic Simulations for Probabilistic Processes , 1994, Nord. J. Comput..

[3]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[4]  Jörn Müller-Quade,et al.  Long-Term Security and Universal Composability , 2007, TCC.

[5]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[6]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[7]  Nancy A. Lynch,et al.  Using Probabilistic I/O Automata to Analyze an Oblivious Transfer Protocol , 2005, IACR Cryptol. ePrint Arch..

[8]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[9]  Jörn Müller-Quade,et al.  Long-Term Security and Universal Composability , 2007, Journal of Cryptology.

[10]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[11]  Bruno Blanchet,et al.  A Computationally Sound Mechanized Prover for Security Protocols , 2008, IEEE Transactions on Dependable and Secure Computing.

[12]  John C. Mitchell,et al.  A probabilistic poly-time framework for protocol analysis , 1998, CCS '98.

[13]  Shai Halevi,et al.  A plausible approach to computer-aided cryptographic proofs , 2005, IACR Cryptol. ePrint Arch..

[14]  Bogdan Warinschi,et al.  Soundness of Formal Encryption in the Presence of Active Adversaries , 2004, TCC.

[15]  Gilles Barthe,et al.  A Machine-Checked Formalization of the Generic Model and the Random Oracle Model , 2004, IJCAR.

[16]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.

[17]  Nancy A. Lynch,et al.  On the Role of Scheduling in Simulation-Based Security , 2007, IACR Cryptol. ePrint Arch..

[18]  Ran Canetti,et al.  Compositional Security for Task-PIOAs , 2007, CSF.

[19]  Roberto Segala,et al.  Modeling and verification of randomized distributed real-time systems , 1996 .

[20]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Ueli Maurer,et al.  Unconditional Security Against Memory-Bounded Adversaries , 1997, CRYPTO.

[23]  Birgit Pfitzmann,et al.  A General Composition Theorem for Secure Reactive Systems , 2004, TCC.

[24]  John C. Mitchell,et al.  Probabilistic Bisimulation and Equivalence for Security Analysis of Network Protocols , 2004, FoSSaCS.

[25]  Ralf Küsters,et al.  Simulation-based security with inexhaustible interactive Turing machines , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[26]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[27]  Ran Canetti,et al.  Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols , 2006, TCC.

[28]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[29]  Roberto Segala,et al.  Verification of the randomized consensus algorithm of Aspnes and Herlihy: a case study , 2000, Distributed Computing.

[30]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[31]  Nancy A. Lynch,et al.  Observing Branching Structure through Probabilistic Contexts , 2007, SIAM J. Comput..

[32]  John C. Mitchell,et al.  Composition of Cryptographic Protocols in a Probabilistic Polynomial-Time Process Calculus , 2003, CONCUR.

[33]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[34]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[35]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[36]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[37]  Birgit Pfitzmann,et al.  Secure Asynchronous Reactive Systems , 2004 .

[38]  Bruno Blanchet A Computationally Sound Mechanized Prover for Security Protocols , 2008, IEEE Trans. Dependable Secur. Comput..

[39]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..