Conference Paper

Computationally Sound Implementations of Equational Theories Against Passive Adversaries

Loria/CNRS & INRIA Lorraine Projet Cassis, France
DOI: 10.1007/11523468_53 Conference: Automata, Languages and Programming, 32nd International Colloquium, ICALP 2005, Lisbon, Portugal, July 11-15, 2005, Proceedings
Source: DBLP

ABSTRACT

In this paper we study the link between formal and cryptographic models for security protocols in the presence of a passive adversary. In contrast to other works, we do not consider a fixed set of primitives but aim at re sults for an arbitrary equational theory. We define a framework for comparing a crypto- graphic implementation and its idealization w.r.t. various security notions. In par- ticular, we concentrate on the computational soundness of static equivale nce, a standard tool in cryptographic pi calculi. We present a soundness crite rion, which for many theories is not only sufficient but also necessary. Finally, we establish new soundness results for the Exclusive Or, as well as a theory of ciphers and lists.

Full-text preview

Available from: psu.edu
  • Source
    • "Indeed, thanks to our result, it is now possible to prove simulatability in the symbolic setting. Our work can also be seen as a generalization of soundness results for static equivalence [5] [14] [15] from a passive attacker to an active one. However, as we sketched above and as we will see on an example later, these results cannot be used directly in the active attacker case, which is the one we consider. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Many security properties are naturally expressed as indistinguishability between two versions of a protocol. In this paper, we show that computational proofs of indistinguishability can be considerably simplified, for a class of processes that covers most existing protocols. More precisely, we show a soundness theorem, following the line of research launched by Abadi and Rogaway in 2000: computational indistinguishability in presence of an active attacker is implied by the observational equivalence of the corresponding symbolic processes. Up to our knowledge, the only result of this kind is Adao and Fournet, in which, however, cryptographic primitives are not part of the syntax. Otherwise, previous works either considered a passive attacker, or, in case of active attackers, proved a soundness result for properties that can be defined on execution traces of the protocol. Anonymity for instance does not fall in the latter category. We prove our result for symmetric encryption, but the same techniques can be applied to other security primitives such as signatures and public-key encryption. The proof requires the introduction of new concepts, which are general and can be reused in other settings.
    Preview · Article · Oct 2008
  • Source
    • "However, in general, these proofs are not sound with respect to the computational model. Since the seminal paper by Abadi and Rogaway [6], there has been much interest in relating both models [4] [11] [14] [30] [31] [38] [39] [50] [51], to show the soundness of the Dolev-Yao model with respect to the computational model, and thus obtain automatic proofs of protocols in the computational model. However, this approach has limitations: since the computational and Dolev-Yao models do not correspond exactly, additional hypotheses are necessary in order to guarantee soundness. "
    [Show abstract] [Hide abstract]
    ABSTRACT: We present a new mechanized prover for showing correspondence assertions for cryptographic protocols in the computational model. Correspondence assertions are useful in particular for establishing authentication. Our technique produces proofs by sequences of games, as standard in cryptography. These proofs are valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. Our technique can handle a wide variety of cryptographic primitives, including shared- and public-key encryption, signatures, message authentication codes, and hash functions. It has been implemented in the tool CryptoVerif and successfully tested on examples from the literature.
    Preview · Conference Paper · Aug 2007
  • Source
    • "Further related work.. Since the publication of a preliminary version [1] of this article, several papers have addressed the computational soundness of static equivalence. As already mentioned, Abadi, Baudet, and Warinschi [28] study resistance against offline guessing attacks modelled in terms of static equivalence and use the framework developed in this paper to show the soundness of an equational theory including ciphers, symmetric and asymmetric encryption. "
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we study the link between formal and cryptographic models for security protocols in the presence of a passive adversary. In contrast to other works, we do not consider a fixed set of primitives but aim at re sults for an arbitrary equational theory. We define a framework for comparing a crypto- graphic implementation and its idealization w.r.t. various security notions. In par- ticular, we concentrate on the computational soundness of static equivale nce, a standard tool in cryptographic pi calculi. We present a soundness crite rion, which for many theories is not only sufficient but also necessary. Finally, we establish new soundness results for the Exclusive Or, as well as a theory of ciphers and lists.
    Preview · Conference Paper · Jul 2005
Show more