research-article

A Computationally Complete Symbolic Attacker for Equivalence Properties

Authors:
Gergei Bana

INRIA Paris-Rocquencourt, Paris, France

INRIA Paris-Rocquencourt, Paris, France
View Profile

,
Hubert Comon-Lundh

LSV, ENS Cachan, Cachan, France

LSV, ENS Cachan, Cachan, France
View Profile

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2014Pages 609–620https://doi.org/10.1145/2660267.2660276

Published:03 November 2014Publication History

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 609–620

ABSTRACT

We consider the problem of computational indistinguishability of protocols. We design a symbolic model, amenable to automated deduction, such that a successful inconsistency proof implies computational indistinguishability. Conversely, symbolic models of distinguishability provide clues for likely computational attacks. We follow the idea we introduced earlier for reachability properties, axiomatizing what an attacker cannot violate. This results a computationally complete symbolic attacker, and ensures unconditional computational soundness for the symbolic analysis. We present a small library of computationally sound, modular axioms, and test our technique on an example protocol. Despite additional difficulties stemming from the equivalence properties, the models and the soundness proofs turn out to be simpler than they were for reachability properties.

References

M. Abadi and C. Fournet. Mobile values, new names, and secure communication. In POPL'01, pages 104--115. ACM, 2001. Google ScholarDigital Library
M. Abadi and P. Rogaway. Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology, 15(2):103--127, 2002.Google ScholarDigital Library
Martın Abadi and Cédric Fournet. Private authentication. Theor. Comput. Sci., 322(3):427--476, September 2004. Google ScholarDigital Library
M. Backes, B. Pfitzmann, and M. Waidner. A composable cryptographic library with nested operations. In CCS'03, pages 220--230. ACM, 2003. Google ScholarDigital Library
G. Bana, P. Adao, and H. Sakurada. Computationally Comlete Symbolic Attacker in Action. In FSTTCS'12, LIPIcs, pages 546--560. Schloss Dagstuhl, 2012.Google Scholar
G. Bana and H. Comon-Lundh. Towards unconditional soundness: Computationally complete symbolic attacker. In POST'12, LNCS, pages 189--208. Springer, 2012. Google ScholarDigital Library
G. Bana, K. Hasebe, and M. Okada. Computationally complete symbolic attacker and key exchange. In CCS '13, pages 1231--1246. ACM, 2013. Google ScholarDigital Library
G. Bana, P. Mohassel, and T. Stegers. Computational soundness of formal indistinguishability and static equivalence. In ASIAN'06, volume 4435 of LNCS, pages 182--196. Springer, 2007. Google ScholarDigital Library
G. Barthe, M. Daubignard, B. M. Kapron, and Y. Lakhnech. Computational indistinguishability logic. In CCS'10, pages 375--386. ACM, 2010. Google ScholarDigital Library
G. Barthe, B. Grégoire, S. Heraud, and S. Zanella-Béguelin. Computer-aided security proofs for the working cryptographer. In CRYPTO 2011, volume 6841 of LNCS, pages 71--90. Springer, 2011. Google ScholarDigital Library
M. Bellare, A. Boldyreva, A. Desai, and D. Pointcheval. Key-privacy in public-key encryption. In ASIACRYPT 2001, volume 2248 of LNCS, pages 566--582. Springer, 2001. Google ScholarDigital Library
M. Bellare, A. Desai, D. Pointcheval, and Ph. Rogaway. Relations among notions of security for public-key encryption schemes. In CRYPTO'98, LNCS. Springer, 1998. Google ScholarDigital Library
B. Blanchet. An automatic security protocol verifier based on resolution theorem proving (invited tutorial). In CADE'05, Tallinn, Estonia, July 2005.Google Scholar
B. Blanchet. A computationally sound mechanized prover for security protocols. IEEE Transactions on Dependable and Secure Computing, 5(4):193--207, 2008. Google ScholarDigital Library
B. Blanchet, M. Abadi, and C. Fournet. Automated verification of selected equivalences for security protocols. J. of Logic and Algebraic Programming, 75(1):3--51, 2008.Google ScholarCross Ref
V. Cheval and B. Blanchet. Proving more observational equivalences with proverif. In POST'13, Lecture Notes in Computer Science, pages 226--246. Springer, 2013. Google ScholarDigital Library
Vincent Cheval, Hubert Comon-Lundh, and Stéphanie Delaune. Trace equivalence decision: Negative tests and non-determinism. In CCS'11, pages 321--330. ACM, 2011. Google ScholarDigital Library
H. Comon-Lundh and V. Cortier. Computational soundness of observational equivalence. In CCS'08, pages 109--118. ACM, 2008. Google ScholarDigital Library
H. Comon-Lundh, V. Cortier, and G. Scerri. Security proof with dishonest keys. In POST'12, LNCS, pages 149--168. Springer, 2012. Google ScholarDigital Library
H. Comon-Lundh, V. Cortier, and G. Scerri. Tractable inference systems: an extension with a deducibility predicate. In CADE'13, LNAI. Springer, 2013. Google ScholarDigital Library
Hubert Comon-Lundh, Masami Hagiya, Yusuke Kawamoto, and Hideki Sakurada. Computational soundness of indistinguishability properties without computable parsing. In ISPEC'12, pages 63--79. Springer, 2012. Google ScholarDigital Library
C. Cremers. The scyther tool: Verification, falsification, and analysis of security protocols. In CAV'08, volume 5123 of LNCS, pages 414--418. Springer, 2008. Google ScholarDigital Library
C. Ene, Y. Lakhnech, and V. C. Ng. Formal indistinguishability extended to the random oracle model. In ESORICS'09, volume 5789 of LNCS, pages 555--570. Springer, 2009. Google ScholarDigital Library
A. Armando et al. The AVISPA Tool for the automated validation of internet security protocols and applications. In CAV'05, volume 3576 of LNCS, pages 281--285, 2005. Google ScholarDigital Library
Bogdan Warinschi. A computational analysis of the needham-schroeder protocol. In 16th Computer security foundation workshop (CSFW), pages 248--262. IEEE, 2003.Google Scholar

Index Terms

A Computationally Complete Symbolic Attacker for Equivalence Properties
1. Networks
  1. Network protocols
    1. Protocol correctness
      1. Protocol testing and verification

Recommendations

Verification Methods for the Computationally Complete Symbolic Attacker Based on Indistinguishability

In recent years, a new approach has been developed for verifying security protocols with the aim of combining the benefits of symbolic attackers and the benefits of unconditional soundness: the technique of the computationally complete symbolic attacker ...
Read More
Computationally complete symbolic attacker and key exchange
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Recently, Bana and Comon-Lundh introduced the notion of computationally complete symbolic attacker to deliver unconditional computational soundness to symbolic protocol verification. First we explain the relationship between their technique and Fitting'...
Read More
Towards computationally sound symbolic analysis of key exchange protocols
FMSE '05: Proceedings of the 2005 ACM workshop on Formal methods in security engineering

We present a cryptographically sound formal method for proving correctness of key exchange protocols. Our main tool is a fragment of a symbolic protocol logic. We demonstrate that proofs of key agreement and key secrecy in this logic imply ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
November 2014
1592 pages
ISBN:9781450329576
DOI:10.1145/2660267
General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 November 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
computational soundness
protocol indistinguishability
security protocols
symbolic verification
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '14 Paper Acceptance Rate114of585submissions,19%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 19
  Total Citations
  View Citations
- 455
  Total Downloads
- Downloads (Last 12 months)44
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A Computationally Complete Symbolic Attacker for Equivalence Properties

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Verification Methods for the Computationally Complete Symbolic Attacker Based on Indistinguishability

Computationally complete symbolic attacker and key exchange

Towards computationally sound symbolic analysis of key exchange protocols