research-article

Public Access

Typing Messages for Free in Security Protocols

Authors:

Rémy Chrétien,

Véronique Cortier,

Antoine Dallon,

Stéphanie DelauneAuthors Info & Claims

ACM Transactions on Computational Logic (TOCL), Volume 21, Issue 1

Article No.: 1, Pages 1 - 52

https://doi.org/10.1145/3343507

Published: 12 September 2019 Publication History

All formats PDF

Abstract

Security properties of cryptographic protocols are typically expressed as reachability or equivalence properties. Secrecy and authentication are examples of reachability properties, while privacy properties such as untraceability, vote secrecy, or anonymity are generally expressed as behavioral equivalence in a process algebra that models security protocols.

Our main contribution is to reduce the search space for attacks for reachability as well as equivalence properties. Specifically, we show that if there is an attack then there is one that is well-typed. Our result holds for a large class of typing systems, a family of equational theories that encompasses all standard primitives, and protocols without else branches. For many standard protocols, we deduce that it is sufficient to look for attacks that follow the format of the messages expected in an honest execution, therefore considerably reducing the search space.

References

[1]

M. Abadi and C. Fournet. 2001. Mobile values, new names, and secure communication. In Proceedings of the 28th Symposium on Principles of Programming Languages (POPL’01). ACM Press.

Digital Library

[2]

M. Abadi and R. M. Needham. 1996. Prudent engineering practice for cryptographic protocols. IEEE Trans. Softw. Eng. 22, 1 (1996), 6--15.

Digital Library

[3]

Ben Adida. 2008. Helios: Web-based open-audit voting. In Proceedings of the 17th USENIX Security Symposium. USENIX Association, 335--348.

Digital Library

[4]

O. Almousa, S. Mödersheim, P. Modesti, and L. Viganò. 2015. Typing and compositionality for security protocols: A generalization to the geometric fragment. In Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS’15).

[5]

M. Arapinis, V. Cheval, and S. Delaune. 2015. Composing security protocols: From confidentiality to privacy. In Proceedings of the 4th International Conference on Principles of Security and Trust (POST’15) (Lecture Notes in Computer Science), Vol. 9036. Springer, London, UK, 324--343.

Digital Library

[6]

M. Arapinis, T. Chothia, E. Ritter, and M. Ryan. 2010. Analysing unlinkability and anonymity using the applied pi calculus. In Proceedings of the 23rd Computer Security Foundations Symposium (CSF’10). IEEE Computer Society Press, 107--121.

Digital Library

[7]

M. Arapinis and M. Duflot. 2007. Bounding messages for free in security protocols. In Proceedings of the 27th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’07).

Digital Library

[8]

A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. Hankes Drielsma, P.-C. Héam, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, and L. Vigneron. 2005. The AVISPA tool for the automated validation of Internet security protocols and applications. In Proceedings of the 17th International Conference on Computer Aided Verification (CAV’2005) (LNCS), Vol. 3576. 281--285.

Digital Library

[9]

M. Backes, C. Hritcu, and M. Maffei. 2008. Automated verification of remote electronic voting protocols in the applied pi-calculus. In Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF’08). IEEE Computer Society.

Digital Library

[10]

David Basin, Jannik Dreier, Lucca Hirschi, Saša Radomirovic, Ralf Sasse, and Vincent Stettler. 2018. A formal analysis of 5G authentication. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS’18), Vol. 14. ACM Press.

Digital Library

[11]

M. Baudet. 2005. Deciding security of protocols against off-line guessing attacks. In Proceedings of the12th ACM Conference on Computer and Communications Security (CCS’05). ACM Press.

Digital Library

[12]

B. Blanchet. 2001. An efficient cryptographic protocol verifier based on prolog rules. In Proceedings of the 14th Computer Security Foundations Workshop (CSFW’01). IEEE Computer Society Press.

Digital Library

[13]

B. Blanchet. 2008. Vérification automatique de protocoles cryptographiques: Modèle formel et modèle calculatoire. (Automatic verification of security protocols: Formal model and computational model.) Mémoire d’habilitation à diriger des recherches. Université Paris-Dauphine.

[14]

B. Blanchet, M. Abadi, and C. Fournet. 2008. Automated verification of selected equivalences for security protocols. J. Logic. Alg. Prog. 75, 1 (2008), 3--51.

[15]

B. Blanchet and A. Podelski. 2003. Verification of cryptographic protocols: Tagging enforces termination. In Foundations of Software Science and Computation Structures (FoSSaCS’03).

Digital Library

[16]

Bruno Blanchet and Ben Smyth. 2018. Automated reasoning for equivalences in the applied pi calculus with barriers. J. Comput. Sec. 26, 3 (2018), 367--422.

[17]

M. Bruso, K. Chatzikokolakis, and J. den Hartog. 2010. Formal verification of privacy for RFID systems. In Proceedings of the 23rd Computer Security Foundations Symposium (CSF’10).

Digital Library

[18]

Mayla Brusó, Konstantinos Chatzikokolakis, Sandro Etalle, and Jerry Den Hartog. 2012. Linking unlinkability. In Proceedings of the 7th International Symposium on Trustworthy Global Computing (TGC’12), Vol. 8191. Springer, 129--144.

Digital Library

[19]

R. Chadha, Ş. Ciobâcă, and S. Kremer. 2012. Automated verification of equivalence properties of cryptographic protocols. In Proceedings of the 21st European Symposium on Programming (ESOP’12) (LNCS).

Digital Library

[20]

V. Cheval, H. Comon-Lundh, and S. Delaune. 2011. Trace equivalence decision: Negative tests and non-determinism. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM.

Digital Library

[21]

V. Cheval, V. Cortier, and S. Delaune. 2013. Deciding equivalence-based properties using constraint solving. Theoret. Comput. Sci. 492 (June 2013), 1--39.

[22]

R. Chrétien, V. Cortier, and S. Delaune. 2013. From security protocols to pushdown automata. In Proceedings of the 40th International Colloquium on Automata, Languages and Programming (ICALP’13).

[23]

R. Chrétien, V. Cortier, and S. Delaune. 2014. Typing messages for free in security protocols: The case of equivalence properties. In Proceedings of the 25th International Conference on Concurrency Theory (CONCUR’14) (Lecture Notes in Computer Science). Springer.

[24]

R. Chrétien, V. Cortier, and S. Delaune. 2015. Decidability of trace equivalence for protocols with nonces. In Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF’15). IEEE Computer Society Press.

Digital Library

[25]

Ş. Ciobâcă and V. Cortier. 2010. Protocol composition for arbitrary primitives. In Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF’10). IEEE Computer Society Press, 322--336.

Digital Library

[26]

H. Comon-Lundh and V. Cortier. 2003. New decidability results for fragments of first-order logic and application to cryptographic protocols. In Proceedings of the 14th International Conference on Rewriting Techniques and Applications (RTA’2003) (LNCS), Vol. 2706. Springer.

Digital Library

[27]

H. Comon-Lundh, V. Cortier, and E. Zalinescu. 2010. Deciding security properties for cryptographic protocols. Application to key cycles. ACM Trans. Comput. Logic 11, 4 (2010).

Digital Library

[28]

V. Cortier, A. Dallon, and S. Delaune. 2017. SAT-Equiv: An efficient tool for equivalence properties. In Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF’17). IEEE Computer Society Press.

[29]

V. Cortier and S. Delaune. 2009. Safely composing security protocols. Form. Meth. Syst. Des. 34, 1 (Feb. 2009), 1--36.

Digital Library

[30]

Véronique Cortier and Ben Smyth. 2013. Attacking and fixing Helios: An analysis of ballot secrecy. J. Comput. Sec. 21, 1 (2013), 89--148.

Digital Library

[31]

C. Cremers. 2008. The Scyther tool: Verification, falsification, and analysis of security protocols. In Proceedings of the Conference on Computer Aided Verification (CAV’08) (LNCS), Vol. 5123/2008. Springer, 414--418.

Digital Library

[32]

S. Delaune, S. Kremer, and M. D. Ryan. 2008. Verifying privacy-type properties of electronic voting protocols. J. Comput. Sec. 4 (July 2008), 435--487.

Digital Library

[33]

N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. 1999. Undecidability of bounded security protocols. In Proceedings of the Workshop on Formal Methods and Security Protocols.

[34]

J. D. Guttman and F. Javier Thayer. 2000. Protocol independence through disjoint encryption. In Proceedings of the 13th Computer Security Foundations Workshop (CSFW’00). IEEE Comp. Soc. Press.

Digital Library

[35]

J. Heather, G. Lowe, and S. Schneider. 2003. How to prevent type flaw attacks on security protocols. J. Comput. Secur. 11, 2 (2003), 217--244.

Digital Library

[36]

A. V. Hess and S. Mödersheim. 2017. Formalizing and proving a typing result for security protocols in Isabelle/HOL. In Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF’17).

[37]

G. Lowe. 1996. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proceedings of the Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’96) (LNCS), Vol. 1055. Springer-Verlag, 147--166.

Digital Library

[38]

G. Lowe. 1998. Towards a completeness result for model checking of security protocols. In Proceedings of the 11th Computer Security Foundations Workshop (CSFW’98). IEEE Computer Society Press.

Digital Library

[39]

J. Millen and V. Shmatikov. 2001. Constraint solving for bounded-process cryptographic protocol analysis. In Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS’01). ACM Press.

Digital Library

[40]

R. Ramanujam and S. P. Suresh. 2003. Tagging makes secrecy decidable with unbounded nonces as well. In Proceedings of the 3rd Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’03) (LNCS). Springer, 363--374.

[41]

M. Rusinowitch and M. Turuani. 2003. Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theor. Comput. Sci. 299 (Apr. 2003), 451--475.

Digital Library

[42]

B. Schmidt, S. Meier, C. Cremers, and D. Basin. 2012. Automated analysis of Diffie-Hellman protocols and advanced security properties. In Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF’12). 78--94.

Digital Library

[43]

A. Tiu and J. E. Dawson. 2010. Automating open bisimulation checking for the Spi calculus. In Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF’10). 307--321.

Digital Library

Cited By

Hess AMÖdersheim SBrucker A(2023)Stateful Protocol Composition in Isabelle/HOLACM Transactions on Privacy and Security10.1145/357702026:3(1-36)Online publication date: 14-Apr-2023
https://dl.acm.org/doi/10.1145/3577020
Cortier VDallon ADelaune S(2022)A small bound on the number of sessions for security protocols2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919670(33-48)Online publication date: Aug-2022
https://doi.org/10.1109/CSF54842.2022.9919670
Hess AMödersheim SBrucker ASchlichtkrull A(2021)Performing Security Proofs of Stateful Protocols2021 IEEE 34th Computer Security Foundations Symposium (CSF)10.1109/CSF51468.2021.00006(1-16)Online publication date: Jun-2021
https://doi.org/10.1109/CSF51468.2021.00006
Show More Cited By

Index Terms

Typing Messages for Free in Security Protocols
1. Security and privacy
  1. Formal methods and theory of security
    1. Logic and verification

Recommendations

Verification of security protocols with lists: From length one to unbounded length
Security and Trust Principles

We present a novel, simple technique for proving secrecy properties for security protocols that manipulate lists of unbounded length, for an unbounded number of sessions. More specifically, our technique relies on the Horn clause approach used in the ...
From Security Protocols to Pushdown Automata

Formal methods have been very successful in analyzing security protocols for reachability properties such as secrecy or authentication. In contrast, there are very few results for equivalence-based properties, crucial for studying, for example, privacy-...
Formal Verification of Security Protocols: ProVerif and Extensions
Artificial Intelligence and Security
Abstract
Secure protocols are built on cryptographic algorithms, which provide a variety of secure services to realize secure communications in a network environment. To improve the quality of security protocols and ensure their reliability, sufficient ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Computational Logic

ACM Transactions on Computational Logic Volume 21, Issue 1

January 2020

271 pages

ISSN:1529-3785

EISSN:1557-945X

DOI:10.1145/3361969

Editor:
Orna Kupferman
School of Computer Science and Engineering, Hebrew University, Israel

Issue’s Table of Contents

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 September 2019

Accepted: 01 July 2019

Revised: 01 April 2019

Received: 01 March 2018

Published in TOCL Volume 21, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

DGA
European Research Council (ERC)
European Union's Horizon 2020 research and innovation program
ANR project TECAP

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
573
Total Downloads

Downloads (Last 12 months)238
Downloads (Last 6 weeks)36

Reflects downloads up to 30 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hess AMÖdersheim SBrucker A(2023)Stateful Protocol Composition in Isabelle/HOLACM Transactions on Privacy and Security10.1145/357702026:3(1-36)Online publication date: 14-Apr-2023
https://dl.acm.org/doi/10.1145/3577020
Cortier VDallon ADelaune S(2022)A small bound on the number of sessions for security protocols2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919670(33-48)Online publication date: Aug-2022
https://doi.org/10.1109/CSF54842.2022.9919670
Hess AMödersheim SBrucker ASchlichtkrull A(2021)Performing Security Proofs of Stateful Protocols2021 IEEE 34th Computer Security Foundations Symposium (CSF)10.1109/CSF51468.2021.00006(1-16)Online publication date: Jun-2021
https://doi.org/10.1109/CSF51468.2021.00006
Cortier VDelaune SSundararajan V(2021)A Decidable Class of Security Protocols for Both Reachability and Equivalence PropertiesJournal of Automated Reasoning10.1007/s10817-020-09582-965:4(479-520)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s10817-020-09582-9
Cortier VDallon ADelaune S(2018)Efficiently Deciding Equivalence for Standard Primitives and PhasesComputer Security10.1007/978-3-319-99073-6_24(491-511)Online publication date: 8-Aug-2018
https://doi.org/10.1007/978-3-319-99073-6_24

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents