Proving Secrecy is Easy Enough
نویسندگان
چکیده
We develop a systematic proof procedure for establishing secrecy results for cryptographic protocols. Part of the procedure is to reduce messages to simplified constituents, and its core is a search procedure for establishing secrecy results. This procedure is sound but incomplete in that it may fail to establish secrecy for some secure protocols. However, it is amenable to mechanization, and it also has a convenient visual representation. We demonstrate the utility of our procedure with secrecy proofs for standard benchmarks such as the Yahalom protocol.
منابع مشابه
Proving Abstract Non-interference
In this paper we introduce a compositional proof-system for certifying abstract non-interference in programming languages. Certifying abstract noninterference means proving that no unauthorized flow of information is observable by the attacker from confidential to public data. The properties of the computation that an attacker may observe are specified as an abstract domain. Assertions specify ...
متن کاملTechnical Report: Computationally Sound Secrecy Proofs by Mechanized Flow Analysis
We present a novel approach for proving secrecy properties of security protocols by mechanized flow analysis. In contrast to existing tools for proving secrecy by abstract interpretation, our tool enjoys cryptographic soundness in the strong sense of blackbox reactive simulatability/UC which entails that secrecy properties proven by our tool are automatically guaranteed to hold for secure crypt...
متن کاملCounterexample to the Generalized Belfiore-Solé Secrecy Function Conjecture for l-modular lattices
We show that the secrecy function conjecture that states that the maximum of the secrecy function of an l-modular lattice occurs at 1/ √ l is false, by proving that the 4-modular lattice C = Z⊕ √ 2Z⊕ 2Z fails to satisfy this conjecture. We also indicate how the secrecy function must be modified in the l-modular case to have a more reasonable chance for it to have a maximum at 1/ √ l, and show t...
متن کاملAutomatic Verification of Agreement and Secrecy
In this article we present a general technique to verify two properties that are of interest when discussing security protocols, secrecy and agreement. We show how we can generate subsidiary lemmas, and use these lemmas to simplify the final proofs. This is towards mechanising the proofs in a Theorem Prover. We also demonstrate these with our two case studies, SET and NetBill.
متن کاملFormalization and Proof of Secrecy Properties
After looking at the security literature, you will nd secrecy is formalized in diierent ways, depending on the application. Applications have threat models that innuence our choice of secrecy properties. A property may be reasonable in one context and completely unsatisfactory in another if other threats exist. The primary goal of this panel is to foster discussion on what sorts of secrecy prop...
متن کامل