A General Formal Framework of Analyzing Selective Disclosure Attribute-Based Credential Systems

A selective disclosure attribute-based credential system (SDABCS) can provide a communication mechanism to protect both security and privacy in electronic communication, by issuing a kind of credential with attributes, which the user can disclose parts of attributes. We present a general framework for formally verification of SDABCS with applied Pi calculus, and provide three definitions of relevant security properties. The framework can implement secure communication among the user, service provider and trusted authority. Two important functions are implemented: the first allows the user to receive a credential encoded a list of attributes from a trusted authority; the second allows the user to convince a service provider with the credential. Particularly, the user can selectively reveal parts of the attributes according to the needs of service provider, while not revealing the rest of the attributes. In our experiments, we apply the framework to a concrete security protocol and successfully prove three security properties in the protocol using ProVerif.

[1]  Avik Chaudhuri,et al.  Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[2]  Hoeteck Wee,et al.  Communication Complexity of Conditional Disclosure of Secrets and Attribute-Based Encryption , 2015, CRYPTO.

[3]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[4]  Jean Goubault-Larrecq,et al.  A Probabilistic Applied Pi-Calculus , 2007, APLAS.

[5]  Devesh C. Jinwala,et al.  Automated Analysis of Internet Key Exchange Protocol v2 for Denial of Service Attacks , 2015, Int. J. Netw. Secur..

[6]  Jaap-Henk Hoepman,et al.  Fast revocation of attribute-based credentials for both users and verifiers , 2015, Comput. Secur..

[7]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[8]  Liqun Chen,et al.  DAA-A: Direct Anonymous Attestation with Attributes , 2015, TRUST.

[9]  Dengguo Feng,et al.  Formal Analysis of Enhanced Authorization in the TPM 2.0 , 2015, AsiaCCS.

[10]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[11]  Jiangtao Li,et al.  Flexible and scalable digital signatures in TPM 2.0 , 2013, CCS.

[12]  Wojciech Mostowski,et al.  Efficient U-Prove Implementation for Anonymous Credentials on Smart Cards , 2011, SecureComm.

[13]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[14]  Ruhul Amin,et al.  Cryptanalysis and Efficient Dynamic ID Based Remote User Authentication Scheme in Multi-server Environment Using Smart Card , 2016, Int. J. Netw. Secur..

[15]  Mark Ryan,et al.  Automatic Verification of Privacy Properties in the Applied pi Calculus , 2008, IFIPTM.

[16]  Christian Paquin,et al.  U-Prove Designated-Verifier Accumulator Revocation Extension , 2013 .

[17]  Gergely Alpár,et al.  Efficient Selective Disclosure on Smart Cards Using Idemix , 2013, IDMAN.

[18]  Tatsuaki Okamoto,et al.  Efficient Attribute-Based Signatures for Non-Monotone Predicates in the Standard Model , 2014, IEEE Transactions on Cloud Computing.

[19]  Yu Zhang,et al.  Verifying Anonymous Credential Systems in Applied Pi Calculus , 2009, CANS.

[20]  Nobuko Yoshida,et al.  Reversible session-based pi-calculus , 2015, J. Log. Algebraic Methods Program..

[21]  Benjamin Grégoire,et al.  Formal certification of code-based cryptographic proofs , 2009, POPL '09.

[22]  Martín Abadi,et al.  Just Fast Keying in the Pi Calculus , 2004, ESOP.