Using Task-Structured Probabilistic I/O Automata to Analyze an Oblivious Transfer Protocol

The Probabilistic I/O Automata framework of Lynch, Segala and Vaandrager provides tools for precisely specifying protocols and reasoning about their correctness using multiple levels of abstraction, based on implementation relationships between these levels. We enhance this framework to allow analyzing protocols that use cryptographic primitives. This requires resolving and reconciling issues such as nondeterministic behavior and scheduling, randomness, resource-bounded computation, and computational hardness assumptions. The enhanced framework allows for more rigorous and systematic analysis of cryptographic protocols. To demonstrate the use of this framework, we present an example analysis that we have done for an Oblivious Transfer protocol.

[1]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.

[2]  Jörn Müller-Quade,et al.  Polynomial runtime in simulatability definitions , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[3]  Ralf Küsters,et al.  Simulation-based security with inexhaustible interactive Turing machines , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[4]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[5]  Roberto Segala,et al.  Compositional Verification of Randomized Distributed Algorithms , 1997, COMPOS.

[6]  Birgit Pfitzmann,et al.  A General Composition Theorem for Secure Reactive Systems , 2004, TCC.

[7]  Nancy A. Lynch,et al.  Using Probabilistic I/O Automata to Analyze an Oblivious Transfer Protocol , 2005, IACR Cryptol. ePrint Arch..

[8]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[9]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[10]  Mihir Bellare,et al.  Code-Based Game-Playing Proofs and the Security of Triple Encryption , 2004, IACR Cryptol. ePrint Arch..

[11]  John C. Mitchell,et al.  Probabilistic Bisimulation and Equivalence for Security Analysis of Network Protocols , 2004, FoSSaCS.

[12]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[13]  Sabrina Tarento,et al.  Machine-Checked Security Proofs of Cryptographic Signature Schemes , 2005, ESORICS.

[14]  Kim Guldstrand Larsen,et al.  Specification and refinement of probabilistic processes , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[15]  Gilles Barthe,et al.  A Machine-Checked Formalization of the Generic Model and the Random Oracle Model , 2004, IJCAR.

[16]  Ran Canetti,et al.  Time-Bounded Task-PIOAs: A Framework for Analyzing Security Protocols , 2006, DISC.

[17]  Bruno Blanchet,et al.  A Computationally Sound Mechanized Prover for Security Protocols , 2008, IEEE Transactions on Dependable and Secure Computing.

[18]  John C. Mitchell,et al.  A probabilistic poly-time framework for protocol analysis , 1998, CCS '98.

[19]  Shai Halevi,et al.  A plausible approach to computer-aided cryptographic proofs , 2005, IACR Cryptol. ePrint Arch..

[20]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[21]  Birgit Pfitzmann,et al.  Secure Asynchronous Reactive Systems , 2004 .

[22]  Nancy A. Lynch,et al.  Compositionality for Probabilistic Automata , 2003, CONCUR.

[23]  Roberto Segala,et al.  Modeling and verification of randomized distributed real-time systems , 1996 .

[24]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[25]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[26]  Roberto Segala,et al.  Verification of the randomized consensus algorithm of Aspnes and Herlihy: a case study , 2000, Distributed Computing.