Typing Messages for Free in Security Protocols

Authors:
Rémy Chrétien

Independent researcher, France

Independent researcher, France
View Profile

,
Véronique Cortier

LORIA, CNRS, France

LORIA, CNRS, France
View Profile

,
Antoine Dallon

LSV, CNRS 8 ENS Paris-Saclay, Université Paris-Saclay, France

LSV, CNRS 8 ENS Paris-Saclay, Université Paris-Saclay, France
View Profile

,
Stéphanie Delaune

Univ Rennes, CNRS, IRISA

Univ Rennes, CNRS, IRISA
View Profile

Authors Info & Claims

ACM Transactions on Computational Logic Volume 21 Issue 1Article No.: 1pp 1–52https://doi.org/10.1145/3343507

Published:12 September 2019Publication History

ACM Transactions on Computational Logic

Abstract

Security properties of cryptographic protocols are typically expressed as reachability or equivalence properties. Secrecy and authentication are examples of reachability properties, while privacy properties such as untraceability, vote secrecy, or anonymity are generally expressed as behavioral equivalence in a process algebra that models security protocols.

Our main contribution is to reduce the search space for attacks for reachability as well as equivalence properties. Specifically, we show that if there is an attack then there is one that is well-typed. Our result holds for a large class of typing systems, a family of equational theories that encompasses all standard primitives, and protocols without else branches. For many standard protocols, we deduce that it is sufficient to look for attacks that follow the format of the messages expected in an honest execution, therefore considerably reducing the search space.

References

M. Abadi and C. Fournet. 2001. Mobile values, new names, and secure communication. In Proceedings of the 28th Symposium on Principles of Programming Languages (POPL’01). ACM Press. Google ScholarDigital Library
M. Abadi and R. M. Needham. 1996. Prudent engineering practice for cryptographic protocols. IEEE Trans. Softw. Eng. 22, 1 (1996), 6--15. Google ScholarDigital Library
Ben Adida. 2008. Helios: Web-based open-audit voting. In Proceedings of the 17th USENIX Security Symposium. USENIX Association, 335--348. Google ScholarDigital Library
O. Almousa, S. Mödersheim, P. Modesti, and L. Viganò. 2015. Typing and compositionality for security protocols: A generalization to the geometric fragment. In Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS’15).Google Scholar
M. Arapinis, V. Cheval, and S. Delaune. 2015. Composing security protocols: From confidentiality to privacy. In Proceedings of the 4th International Conference on Principles of Security and Trust (POST’15) (Lecture Notes in Computer Science), Vol. 9036. Springer, London, UK, 324--343. Google ScholarDigital Library
M. Arapinis, T. Chothia, E. Ritter, and M. Ryan. 2010. Analysing unlinkability and anonymity using the applied pi calculus. In Proceedings of the 23rd Computer Security Foundations Symposium (CSF’10). IEEE Computer Society Press, 107--121. Google ScholarDigital Library
M. Arapinis and M. Duflot. 2007. Bounding messages for free in security protocols. In Proceedings of the 27th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’07). Google ScholarDigital Library
A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. Hankes Drielsma, P.-C. Héam, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, and L. Vigneron. 2005. The AVISPA tool for the automated validation of Internet security protocols and applications. In Proceedings of the 17th International Conference on Computer Aided Verification (CAV’2005) (LNCS), Vol. 3576. 281--285. Google ScholarDigital Library
M. Backes, C. Hritcu, and M. Maffei. 2008. Automated verification of remote electronic voting protocols in the applied pi-calculus. In Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF’08). IEEE Computer Society. Google ScholarDigital Library
David Basin, Jannik Dreier, Lucca Hirschi, Saša Radomirovic, Ralf Sasse, and Vincent Stettler. 2018. A formal analysis of 5G authentication. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS’18), Vol. 14. ACM Press. Google ScholarDigital Library
M. Baudet. 2005. Deciding security of protocols against off-line guessing attacks. In Proceedings of the12th ACM Conference on Computer and Communications Security (CCS’05). ACM Press. Google ScholarDigital Library
B. Blanchet. 2001. An efficient cryptographic protocol verifier based on prolog rules. In Proceedings of the 14th Computer Security Foundations Workshop (CSFW’01). IEEE Computer Society Press. Google ScholarDigital Library
B. Blanchet. 2008. Vérification automatique de protocoles cryptographiques: Modèle formel et modèle calculatoire. (Automatic verification of security protocols: Formal model and computational model.) Mémoire d’habilitation à diriger des recherches. Université Paris-Dauphine.Google Scholar
B. Blanchet, M. Abadi, and C. Fournet. 2008. Automated verification of selected equivalences for security protocols. J. Logic. Alg. Prog. 75, 1 (2008), 3--51.Google ScholarCross Ref
B. Blanchet and A. Podelski. 2003. Verification of cryptographic protocols: Tagging enforces termination. In Foundations of Software Science and Computation Structures (FoSSaCS’03). Google ScholarDigital Library
Bruno Blanchet and Ben Smyth. 2018. Automated reasoning for equivalences in the applied pi calculus with barriers. J. Comput. Sec. 26, 3 (2018), 367--422.Google ScholarCross Ref
M. Bruso, K. Chatzikokolakis, and J. den Hartog. 2010. Formal verification of privacy for RFID systems. In Proceedings of the 23rd Computer Security Foundations Symposium (CSF’10). Google ScholarDigital Library
Mayla Brusó, Konstantinos Chatzikokolakis, Sandro Etalle, and Jerry Den Hartog. 2012. Linking unlinkability. In Proceedings of the 7th International Symposium on Trustworthy Global Computing (TGC’12), Vol. 8191. Springer, 129--144. Google ScholarDigital Library
R. Chadha, Ş. Ciobâcă, and S. Kremer. 2012. Automated verification of equivalence properties of cryptographic protocols. In Proceedings of the 21st European Symposium on Programming (ESOP’12) (LNCS). Google ScholarDigital Library
V. Cheval, H. Comon-Lundh, and S. Delaune. 2011. Trace equivalence decision: Negative tests and non-determinism. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM. Google ScholarDigital Library
V. Cheval, V. Cortier, and S. Delaune. 2013. Deciding equivalence-based properties using constraint solving. Theoret. Comput. Sci. 492 (June 2013), 1--39.Google Scholar
R. Chrétien, V. Cortier, and S. Delaune. 2013. From security protocols to pushdown automata. In Proceedings of the 40th International Colloquium on Automata, Languages and Programming (ICALP’13).Google Scholar
R. Chrétien, V. Cortier, and S. Delaune. 2014. Typing messages for free in security protocols: The case of equivalence properties. In Proceedings of the 25th International Conference on Concurrency Theory (CONCUR’14) (Lecture Notes in Computer Science). Springer.Google Scholar
R. Chrétien, V. Cortier, and S. Delaune. 2015. Decidability of trace equivalence for protocols with nonces. In Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF’15). IEEE Computer Society Press. Google ScholarDigital Library
Ş. Ciobâcă and V. Cortier. 2010. Protocol composition for arbitrary primitives. In Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF’10). IEEE Computer Society Press, 322--336. Google ScholarDigital Library
H. Comon-Lundh and V. Cortier. 2003. New decidability results for fragments of first-order logic and application to cryptographic protocols. In Proceedings of the 14th International Conference on Rewriting Techniques and Applications (RTA’2003) (LNCS), Vol. 2706. Springer. Google ScholarDigital Library
H. Comon-Lundh, V. Cortier, and E. Zalinescu. 2010. Deciding security properties for cryptographic protocols. Application to key cycles. ACM Trans. Comput. Logic 11, 4 (2010). Google ScholarDigital Library
V. Cortier, A. Dallon, and S. Delaune. 2017. SAT-Equiv: An efficient tool for equivalence properties. In Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF’17). IEEE Computer Society Press.Google Scholar
V. Cortier and S. Delaune. 2009. Safely composing security protocols. Form. Meth. Syst. Des. 34, 1 (Feb. 2009), 1--36. Google ScholarDigital Library
Véronique Cortier and Ben Smyth. 2013. Attacking and fixing Helios: An analysis of ballot secrecy. J. Comput. Sec. 21, 1 (2013), 89--148. Google ScholarDigital Library
C. Cremers. 2008. The Scyther tool: Verification, falsification, and analysis of security protocols. In Proceedings of the Conference on Computer Aided Verification (CAV’08) (LNCS), Vol. 5123/2008. Springer, 414--418. Google ScholarDigital Library
S. Delaune, S. Kremer, and M. D. Ryan. 2008. Verifying privacy-type properties of electronic voting protocols. J. Comput. Sec. 4 (July 2008), 435--487. Google ScholarDigital Library
N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. 1999. Undecidability of bounded security protocols. In Proceedings of the Workshop on Formal Methods and Security Protocols.Google Scholar
J. D. Guttman and F. Javier Thayer. 2000. Protocol independence through disjoint encryption. In Proceedings of the 13th Computer Security Foundations Workshop (CSFW’00). IEEE Comp. Soc. Press. Google ScholarDigital Library
J. Heather, G. Lowe, and S. Schneider. 2003. How to prevent type flaw attacks on security protocols. J. Comput. Secur. 11, 2 (2003), 217--244. Google ScholarDigital Library
A. V. Hess and S. Mödersheim. 2017. Formalizing and proving a typing result for security protocols in Isabelle/HOL. In Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF’17).Google Scholar
G. Lowe. 1996. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proceedings of the Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’96) (LNCS), Vol. 1055. Springer-Verlag, 147--166. Google ScholarDigital Library
G. Lowe. 1998. Towards a completeness result for model checking of security protocols. In Proceedings of the 11th Computer Security Foundations Workshop (CSFW’98). IEEE Computer Society Press. Google ScholarDigital Library
J. Millen and V. Shmatikov. 2001. Constraint solving for bounded-process cryptographic protocol analysis. In Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS’01). ACM Press. Google ScholarDigital Library
R. Ramanujam and S. P. Suresh. 2003. Tagging makes secrecy decidable with unbounded nonces as well. In Proceedings of the 3rd Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’03) (LNCS). Springer, 363--374.Google Scholar
M. Rusinowitch and M. Turuani. 2003. Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theor. Comput. Sci. 299 (Apr. 2003), 451--475. Google ScholarDigital Library
B. Schmidt, S. Meier, C. Cremers, and D. Basin. 2012. Automated analysis of Diffie-Hellman protocols and advanced security properties. In Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF’12). 78--94. Google ScholarDigital Library
A. Tiu and J. E. Dawson. 2010. Automating open bisimulation checking for the Spi calculus. In Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF’10). 307--321. Google ScholarDigital Library

Index Terms

Typing Messages for Free in Security Protocols
1. Security and privacy
  1. Formal methods and theory of security
    1. Logic and verification

Recommendations

Verification of security protocols with lists: From length one to unbounded length
Security and Trust Principles

We present a novel, simple technique for proving secrecy properties for security protocols that manipulate lists of unbounded length, for an unbounded number of sessions. More specifically, our technique relies on the Horn clause approach used in the ...
Read More
From Security Protocols to Pushdown Automata

Formal methods have been very successful in analyzing security protocols for reachability properties such as secrecy or authentication. In contrast, there are very few results for equivalence-based properties, crucial for studying, for example, privacy-...
Read More
Formal Verification of Security Protocols: ProVerif and Extensions
Artificial Intelligence and Security
Abstract
Secure protocols are built on cryptographic algorithms, which provide a variety of secure services to realize secure communications in a network environment. To improve the quality of security protocols and ensure their reliability, sufficient ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Computational Logic Volume 21, Issue 1
January 2020
271 pages
ISSN:1529-3785
EISSN:1557-945X
DOI:10.1145/3361969
Editor:
Orna Kupferman
School of Computer Science and Engineering, Hebrew University, Israel
Issue’s Table of Contents
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 12 September 2019
- Accepted: 1 July 2019
- Revised: 1 April 2019
- Received: 1 March 2018
Published in tocl Volume 21, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Security protocols
symbolic model
trace equivalence
verification
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 5
  Total Citations
  View Citations
- 376
  Total Downloads
- Downloads (Last 12 months)93
- Downloads (Last 6 weeks)28
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Typing Messages for Free in Security Protocols

ACM Transactions on Computational Logic

Abstract

References

Cited By

Index Terms

Recommendations

Verification of security protocols with lists: From length one to unbounded length

From Security Protocols to Pushdown Automata

Formal Verification of Security Protocols: ProVerif and Extensions