Verification Methods for the Computationally Complete Symbolic Attacker Based on Indistinguishability
نویسندگان
چکیده
In recent years, a new approach has been developed for verifying security protocols with the aim of combining the benefits of symbolic attackers and the benefits of unconditional soundness: the technique of the computationally complete symbolic attacker of Bana and Comon (BC) [6]. In this paper we argue that the real breakthrough of this technique is the recent introduction of its version for indistinguishability [7] because, with the extensions we introduce here, for the first time, there is a computationally sound symbolic technique that is syntactically strikingly simple, to which translating standard computational security notions is a straightforward matter, and that can be effectively used for verification of not only equivalence properties, but trace properties of protocols as well. We first fully develop the core elements of this newer version by introducing several new axioms. We illustrate the power and the diverse use of the introduced axioms on simple examples first. We introduce an axiom expressing the Decisional Diffie-Hellman property. We analyze the Diffie-Hellman key exchange, both in its simplest form and an authenticated version as well. We provide computationally sound verification of real-or-random secrecy of the Diffie-Hellman key exchange protocol for multiple sessions, without any restrictions on the computational implementation other than the DDH assumption. We also show authentication for a simplified version of the station-to-station protocol using UF-CMA assumption for digital signatures. Finally, we axiomatize IND-CPA, IND-CCA1 and IND-CCA2 security properties and illustrate their usage.
منابع مشابه
Indistinguishability and the Computationally Complete Symbolic Attacker ( Extended Abstract )
Recently, we proposed a technique [1] to define a computationally complete symbolic attacker for the verification of security protocols. Such a symbolic attacker can do everything computational attackers can, and hence it is possible to avoid the numerous usual restrictions computational soundness theorems require; in other words, unconditional soundness can be achieved. The main idea is that i...
متن کاملComputationally Complete Symbolic Attacker in Action
We show that the recent technique of computationally complete symbolic attackers proposed by Bana and Comon-Lundh [6] for computationally sound verification of security protocols is powerful enough to verify actual protocols. In their work, Bana and Comon-Lundh presented only the general framework, but they did not introduce sufficiently many axioms to actually prove protocols. We present a set...
متن کاملComputationally Sound Verification of the NSL Protocol via Computationally Complete Symbolic Attacker
In this paper we show that the recent technique of computationally complete symbolic attackers proposed by Bana and Comon-Lundh [7] for computationally sound verification is powerful enough to verify actual protocols, such as the Needham-Schroeder-Lowe Protocol. In their model, one does not define explicit Dolev-Yao adversarial capabilities but rather the limitations (axioms) of the adversarial...
متن کاملComputationally secure multiple secret sharing: models, schemes, and formal security analysis
A multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants. in such a way a multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants, such that any authorized subset of participants can reconstruct the secrets. Up to now, existing MSSs either require too long shares for participants to be perfect secur...
متن کاملSoundness in presence of active adversaries
Many security properties are naturally expressed as indistinguishability between two versions of a protocol. In this paper, we show that computational proofs of indistinguishability can be considerably simplified, for a class of processes that covers most existing protocols. More precisely, we show a soundness theorem, following the line of research launched by Abadi and Rogaway in 2000: comput...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016