Results 1 
5 of
5
Computational Soundness without Protocol Restrictions ∗
, 2012
"... The abstraction of cryptographic operations by term algebras, called DolevYao models, is essential in almost all toolsupported methods for verifying security protocols. Recently significant progress was made in establishing computational soundness results: these results prove that DolevYao style ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
The abstraction of cryptographic operations by term algebras, called DolevYao models, is essential in almost all toolsupported methods for verifying security protocols. Recently significant progress was made in establishing computational soundness results: these results prove that DolevYao style models can be sound with respect to actual cryptographic realizations and security definitions. However, these results came at the cost of imposing various constraints on the set of permitted security protocols: e.g., dishonestly generated keys must not be used, key cycles need to be avoided, and many more. In a nutshell, the cryptographic security definitions did not adequately capture these cases, but were considered carved in stone; in contrast, the symbolic abstractions were bent to reflect cryptographic features and idiosyncrasies, thereby requiring adaptations of existing verification tools. In this paper, we pursue the opposite direction: we consider a symbolic abstraction for publickey encryption and identify two cryptographic definitions called PROGKDM (programmable keydependent message) security and MKE (maliciouskey extractable) security that we jointly prove to be sufficient for obtaining computational soundness without imposing
Computationally Complete Symbolic Attacker in Action
"... Abstract. We show that the recent technique of computationally complete symbolic attackers proposed by Bana and ComonLundh [6] for computationally sound verification of security protocols is powerful enough to verify actual protocols. In their work, Bana and ComonLundh presented only the general f ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We show that the recent technique of computationally complete symbolic attackers proposed by Bana and ComonLundh [6] for computationally sound verification of security protocols is powerful enough to verify actual protocols. In their work, Bana and ComonLundh presented only the general framework, but they did not introduce sufficiently many axioms to actually prove protocols. We present a set of axioms—some generic axioms that are computationally sound for all PPT algorithms, two specific axioms that are sound for CCA2 secure encryptions, and a further minimal parsing assumption for pairing—and illustrate the power of this technique by giving the first computationally sound verification (secrecy and authentication) via symbolic attackers of the NSL Protocol that does not need any further restrictive assumptions about the computational implementation. In other words, all implementations for which the axioms are sound—namely, implementations using CCA2 encryption, and satisfying the parsing requirement for pairing—exclude the possibility of successful computational attacks. Furthermore, the axioms are entirely modular and not particular to the NSL protocol (except for the parsing assumption without which there is an attack). 1
T.: Bridging the gap from trace properties to uniformity (2014) www.infsec.cs.unisaarland.de/~mohammadi/bridge.html
"... DolevYao models of cryptographic operations constitute the foundation of many successful verification tools for security protocols, such as the protocol verifier ProVerif. Research over the past decade has shown that many of these symbolic abstractions are computationally sound, i.e., the absence o ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
DolevYao models of cryptographic operations constitute the foundation of many successful verification tools for security protocols, such as the protocol verifier ProVerif. Research over the past decade has shown that many of these symbolic abstractions are computationally sound, i.e., the absence of attacks against the abstraction entails the security of suitable cryptographic realizations. Most of these computational soundness (CS) results, however, are restricted to trace properties such as authentication. The few promising results that strive for CS for the more comprehensive class of equivalence properties, such as strong secrecy or anonymity, either only consider a limited class of protocols, or are not amenable to fully automated verification, or rely on abstractions for which it is not clear how to formalize any equivalence property beyond (strong) secrecy of payloads. In this work, we identify a general condition under which CS for trace properties implies CS for uniformity of biprocesses, i.e., the class of equivalence properties that ProVerif is able to verify for the applied picalculus. As a case study, we show that this general condition holds for a DolevYao model that contains signatures, publickey encryption, and corresponding length functions. We prove this result in the CoSP framework (a general framework for establishing CS results). To this end,
Computational Soundness of Uniformity Properties for Multiparty Computation based on LSSS
"... Abstract. We provide a symbolic model for multiparty computation based on linear secretsharing scheme, and prove that this model is computationally sound: if there is an attack in the computational world, then there is an attack in the symbolic (abstract) model. Our original contribution is that ..."
Abstract
 Add to MetaCart
Abstract. We provide a symbolic model for multiparty computation based on linear secretsharing scheme, and prove that this model is computationally sound: if there is an attack in the computational world, then there is an attack in the symbolic (abstract) model. Our original contribution is that we deal with the uniformity properties, which cannot be described using a single execution trace, while considering an unbounded number of sessions of the protocols in the presence of active and adaptive adversaries. 1
Computational Soundness Results for ProVerif Bridging the Gap from Trace Properties to Uniformity
"... Abstract. DolevYao models of cryptographic operations constitute the foundation of many successful verification tools for security protocols, such as the protocol verifier ProVerif. Research over the past decade has shown that many of these symbolic abstractions are computationally sound, i.e., the ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. DolevYao models of cryptographic operations constitute the foundation of many successful verification tools for security protocols, such as the protocol verifier ProVerif. Research over the past decade has shown that many of these symbolic abstractions are computationally sound, i.e., the absence of attacks against the abstraction entails the security of suitable cryptographic realizations. Most of these computational soundness (CS) results, however, are restricted to trace properties such as authentication, and the few promising results that strive for CS for the more comprehensive class of equivalence properties, such as strong secrecy or anonymity, either only consider a limited class of protocols or are not amenable to fully automated verification. In this work, we identify a general condition under which CS for trace properties implies CS for uniformity of biprocesses, i.e., the class of equivalence properties that ProVerif is able to verify for the applied ⇡calculus. As a case study, we show that this general condition holds for a DolevYao model that contains signatures, publickey encryption, and corresponding length functions. We prove this result in the CoSP framework (a general framework for establishing CS results). To this end, we extend the CoSP framework to equivalence properties, and we show an existing embedding of the applied ⇡calculus to CoSP can be reused for uniform biprocesses. On the verification side, as analyses in ProVerif with symbolic length functions often do not terminate, we show how to combine the recent protocol verifier APTE with ProVerif. As a result, we establish a computationally sound automated verification chain for uniformity of biprocesses in the applied ⇡calculus that use publickey encryption, signatures, and length functions. 1