Verifying equivalence properties of security protocols

نویسندگان

  • Daniel Pasailă
  • Stephanie Delaune
  • Steve Kremer
چکیده

Security protocols are used nowadays for securing transactions through public channels, like the Internet. Typical examples of applications include electronic commerce, electronic voting or mobile ad hoc networking. In order to obtain as much confidence as possible, several formal methods have been proposed for analyzing properties of security protocols. Depending on the goals which a security protocol has, there are several types of properties that need to be verified. First, there are reachability or trace-based properties, which express the fact that a bad state cannot be reached. Two classical reachability properties are secrecy and authentication. Secrecy expresses the fact that a secret key or nonce cannot become public and authentication is used for ensuring an agent of other’s identity. However, there are some security properties, like privacy, that cannot be formulated in terms of reachability. These can be modeled using equivalence-based properties, usually used to express indistinguishably, a security property satisfied when an observer cannot distinguish between two processes. This is crucial in proving anonymity properties, where an attacker should not be able to distinguish a run involving an agent A from a run involving another participant A′. Anonymity is also used in the context of electronic voting, where two different runs of the voting protocol should be indistinguishable for the attacker in order to ensure that no information is leaked about the vote of a participant. Another equivalence-based property is resistance to off line

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Verifying privacy-type properties of electronic voting protocols

Electronic voting promises the possibility of a convenient, efficient and secure facility for recording and tallying votes in an election. Recently highlighted inadequacies of implemented systems have demonstrated the importance of formally verifying the underlying voting protocols. We study three privacy-type properties of electronic voting protocols: in increasing order of strength, they are ...

متن کامل

Symbolic Bisimulation for the Applied Pi Calculus * Stéphanie Delaune

We propose a symbolic semantics for the finite applied pi calculus.The applied pi calculus is a variant of the pi calculus with extensions formodelling cryptographic protocols. By treating inputs symbolically, oursemantics avoids potentially infinite branching of execution trees due toinputs from the environment. Correctness is maintained by associatingwith each process a se...

متن کامل

Stéphanie Delaune

We propose a symbolic semantics for the finite applied pi calculus.The applied pi calculus is a variant of the pi calculus with extensions formodelling cryptographic protocols. By treating inputs symbolically, oursemantics avoids potentially infinite branching of execution trees due toinputs from the environment. Correctness is maintained by associatingwith each process a se...

متن کامل

Automated Analysis of Equivalence Properties for Security Protocols Using Else Branches

In this paper we present an extension of the AKISS protocol verification tool which allows to verify equivalence properties for protocols with else branches, i.e., disequality tests. While many protocols are represented as linear sequences or inputs, outputs and equality tests, the reality is often more complex. When verifying equivalence properties one needs to model precisely the error messag...

متن کامل

Modular Verification of Protocol Equivalence in the Presence of Randomness

Security protocols that provide privacy and anonymity guarantees are growing increasingly prevalent in the online world. The highly intricate nature of these protocols makes them vulnerable to subtle design flaws. Formal methods have been successfully deployed to detect these errors, where protocol correctness is formulated as a notion of equivalence (indistinguishably). The high overhead for v...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011