Logical relation for encryption

The theory of relational parametricity and its logical relations proof technique are powerful tools for reasoning about information hiding in the polymorphic λ-calculus. We investigate the application of these tools in the security domain by defining a cryptographic λ-calculus - an extension of the standard simply typed λ-calculus with primitives for encryption, decryption, and key generation - and introducing syntactic logical relations (in the style of Pitts and Birkedal-Harper) for this calculus that can be used to prove behavioral equivalences between programs that use encryption.We illustrate the framework by encoding some simple security protocols, including the Needham-Schroeder public-key protocol. We give a natural account of the well-known attack on the original protocol and a straightforward proof that the improved variant of the protocol is secure.

[1]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[2]  David N. Turner,et al.  The polymorphic Pi-calculus : theory and implementation , 1996 .

[3]  John C. Mitchell,et al.  Foundations for programming languages , 1996, Foundation of computing series.

[4]  Catherine A. Meadows,et al.  Formal Verification of Cryptographic Protocols: A Survey , 1994, ASIACRYPT.

[5]  Philip Wadler,et al.  Theorems for free! , 1989, FPCA.

[6]  Martín Abadi,et al.  A Bisimulation Method for Cryptographic Protocols , 1998, Nord. J. Comput..

[7]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[8]  Claudio V. Russo,et al.  Operational Properties of Lily, a Polymorphic Linear Lambda Calculus with Recursion , 2001, HOOTS.

[9]  François Pottier,et al.  Information flow inference for ML , 2002, POPL '02.

[10]  Nobuko Yoshida,et al.  A uniform type structure for secure information flow , 2002, POPL '02.

[11]  John C. Reynolds,et al.  Types, Abstraction and Parametric Polymorphism , 1983, IFIP Congress.

[12]  Gavin Lowe,et al.  How to prevent type flaw attacks on security protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[13]  Lars Birkedal,et al.  Relational Interpretations of Recursive Types in an Operational Setting , 1999, Inf. Comput..

[14]  Andrew M. Pitts,et al.  Process Calculus Based Upon Evaluation to Committed Form , 1996, Theor. Comput. Sci..

[15]  Rocco De Nicola,et al.  Proof techniques for cryptographic processes , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[16]  Benjamin C. Pierce,et al.  Relating Cryptography and Polymorphism , 2000 .

[17]  Ian David Bede Stark,et al.  Names and higher-order functions , 1994 .

[18]  A. Pitts Parametric polymorphism and operational equivalence , 2000, Mathematical Structures in Computer Science.

[19]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[20]  James H. Morris Protection in programming languages , 1973, CACM.

[21]  Andrew M. Pitts Existential Types: Logical Relations and Operational Equivalence , 1998, ICALP.

[22]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[23]  François Pottier A simple view of type-secure information flow in the /spl pi/-calculus , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[24]  Roberto Gorrieri,et al.  CVS: a compiler for the analysis of cryptographic protocols , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[25]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[26]  Roberto Gorrieri,et al.  A compiler for analyzing cryptographic protocols using noninterference , 2000, TSEM.

[27]  Dennis M. Volpano Formalization and proof of secrecy properties , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[28]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[29]  James Riely,et al.  Information flow vs. resource access in the asynchronous pi-calculus , 2000, TOPL.

[30]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[31]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[32]  B. Pierce,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[33]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.