Inductive Proofs of Computational Secrecy
نویسندگان
چکیده
Secrecy properties of network protocols assert that no probabilistic polynomial-time distinguisher can win a suitable game presented by a challenger. Because such properties are not determined by traceby-trace behavior of the protocol, we establish a trace-based protocol condition, suitable for inductive proofs, that guarantees a generic reduction from protocol attacks to attacks on underlying primitives. We use this condition to present a compositional inductive proof system for secrecy, and illustrate the system by giving a modular, formal proof of computational authentication and secrecy properties of Kerberos V5.
منابع مشابه
Inductive Proof Method for Computational Secrecy
We investigate inductive methods for proving secrecy properties of network protocols, in a “computational” setting applying a probabilistic polynomial-time adversary. As in cryptographic studies, our secrecy properties assert that no probabilistic polynomial-time distinguisher can win a suitable game presented by a challenger. Our method for establishing secrecy properties uses inductive proofs...
متن کاملSecrecy-Oriented First-Order Logical Analysis of Cryptographic Protocols
We present a computationally sound first-order system for security-analysis of protocols that places secrecy of nonces and keys in its center. Even trace properties such as agreement and authentication are proven via proving a non-trace property, namely, secrecy first with an inductive method. This results a very powerful system, the working of which we illustrate on the agreement and authentic...
متن کاملNoninterference Proofs through Flow Analysis
This note proves noninterference results (NI) for the secrecy analyses for LA and LAM presented in [1], using the inductive information ow analysis. This ow analysis is related to the secrecy typing in [1] in that, while the latter ensures safety of information ow, the former extracts ow of information. The presentation and study of ow analysis is restricted to its use in NI proofs: further stu...
متن کاملSecrecy Analysis in Protocol Composition Logic
We present formal proof rules for inductive reasoning about the way thatdata transmitted on the network remains secret from a malicious attacker. Extendinga compositional protocol logic with an induction rule for secrecy, we prove sound-ness for a conventional symbolic protocol execution model, adapt and extend previ-ous composition theorems, and illustrate the logic by proving ...
متن کاملInductive trace properties for computational security
Protocol authentication properties are generally trace-based, meaning that authentication holds for the protocol if authentication holds for individual traces (runs of the protocol and adversary). Computational secrecy conditions, on the other hand, often are not trace based: the ability to computationally distinguish a system that transmits a secret from one that does not is measured by overal...
متن کامل