Results 1 
6 of
6
Security protocol verification: Symbolic and computational models
 PRINCIPLES OF SECURITY AND TRUST  FIRST INTERNATIONAL CONFERENCE, POST 2012, VOLUME 7215 OF LECTURE NOTES IN COMPUTER SCIENCE
, 2012
"... Security protocol verification has been a very active research area since the 1990s. This paper surveys various approaches in this area, considering the verification in the symbolic model, as well as the more recent approaches that rely on the computational model or that verify protocol implementa ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
(Show Context)
Security protocol verification has been a very active research area since the 1990s. This paper surveys various approaches in this area, considering the verification in the symbolic model, as well as the more recent approaches that rely on the computational model or that verify protocol implementations rather than specifications. Additionally, we briefly describe our symbolic security protocol verifier ProVerif and situate it among these approaches.
B.: A composable computational soundness notion
 In
, 2011
"... Computational soundness results show that under certain conditions it is possible to conclude computational security whenever symbolic security holds. Unfortunately, each soundness result is usually established for some set of cryptographic primitives and extending the result to encompass new prim ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
Computational soundness results show that under certain conditions it is possible to conclude computational security whenever symbolic security holds. Unfortunately, each soundness result is usually established for some set of cryptographic primitives and extending the result to encompass new primitives typically requires redoing most of the work. In this paper we suggest a way of getting around this problem. We propose a notion of computational soundness that we term deduction soundness. As for other soundness notions, our definition captures the idea that a computational adversary does not have any more power than a symbolic adversary. However, a key aspect of deduction soundness is that it considers, intrinsically, the use of the primitives in the presence of functions specified by the adversary. As a consequence, the resulting notion is amenable to modular extensions. We prove that a deduction sound implementation of some arbitrary primitives can be extended to include asymmetric encryption and public datastructures (e.g. pairings or list), without repeating the original proof effort. Furthermore, our notion of soundness concerns cryptographic primitives in a way that is independent of any protocol specification language. Nonetheless, we show that deduction soundness leads to computational soundness for languages (or protocols) that satisfy a so called commutation property.
T.: Bridging the gap from trace properties to uniformity (2014) www.infsec.cs.unisaarland.de/~mohammadi/bridge.html
"... DolevYao models of cryptographic operations constitute the foundation of many successful verification tools for security protocols, such as the protocol verifier ProVerif. Research over the past decade has shown that many of these symbolic abstractions are computationally sound, i.e., the absence o ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
DolevYao models of cryptographic operations constitute the foundation of many successful verification tools for security protocols, such as the protocol verifier ProVerif. Research over the past decade has shown that many of these symbolic abstractions are computationally sound, i.e., the absence of attacks against the abstraction entails the security of suitable cryptographic realizations. Most of these computational soundness (CS) results, however, are restricted to trace properties such as authentication. The few promising results that strive for CS for the more comprehensive class of equivalence properties, such as strong secrecy or anonymity, either only consider a limited class of protocols, or are not amenable to fully automated verification, or rely on abstractions for which it is not clear how to formalize any equivalence property beyond (strong) secrecy of payloads. In this work, we identify a general condition under which CS for trace properties implies CS for uniformity of biprocesses, i.e., the class of equivalence properties that ProVerif is able to verify for the applied picalculus. As a case study, we show that this general condition holds for a DolevYao model that contains signatures, publickey encryption, and corresponding length functions. We prove this result in the CoSP framework (a general framework for establishing CS results). To this end,
Verification of Security Protocols
"... Security protocols are short programs aiming at securing communications over a network. They are widely used in our everyday life. They may achieve various goals depending on the application: confidentiality, authenticity, privacy, anonymity, fairness, etc. Their verification using symbolic models h ..."
Abstract
 Add to MetaCart
(Show Context)
Security protocols are short programs aiming at securing communications over a network. They are widely used in our everyday life. They may achieve various goals depending on the application: confidentiality, authenticity, privacy, anonymity, fairness, etc. Their verification using symbolic models has shown its
unknown title
"... How to prove security of communication protocols? A discussion on the soundness of formal models w.r.t. computational ones. ∗ ..."
Abstract
 Add to MetaCart
How to prove security of communication protocols? A discussion on the soundness of formal models w.r.t. computational ones. ∗
Computational Soundness Results for ProVerif Bridging the Gap from Trace Properties to Uniformity
"... Abstract. DolevYao models of cryptographic operations constitute the foundation of many successful verification tools for security protocols, such as the protocol verifier ProVerif. Research over the past decade has shown that many of these symbolic abstractions are computationally sound, i.e., the ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. DolevYao models of cryptographic operations constitute the foundation of many successful verification tools for security protocols, such as the protocol verifier ProVerif. Research over the past decade has shown that many of these symbolic abstractions are computationally sound, i.e., the absence of attacks against the abstraction entails the security of suitable cryptographic realizations. Most of these computational soundness (CS) results, however, are restricted to trace properties such as authentication, and the few promising results that strive for CS for the more comprehensive class of equivalence properties, such as strong secrecy or anonymity, either only consider a limited class of protocols or are not amenable to fully automated verification. In this work, we identify a general condition under which CS for trace properties implies CS for uniformity of biprocesses, i.e., the class of equivalence properties that ProVerif is able to verify for the applied ⇡calculus. As a case study, we show that this general condition holds for a DolevYao model that contains signatures, publickey encryption, and corresponding length functions. We prove this result in the CoSP framework (a general framework for establishing CS results). To this end, we extend the CoSP framework to equivalence properties, and we show an existing embedding of the applied ⇡calculus to CoSP can be reused for uniform biprocesses. On the verification side, as analyses in ProVerif with symbolic length functions often do not terminate, we show how to combine the recent protocol verifier APTE with ProVerif. As a result, we establish a computationally sound automated verification chain for uniformity of biprocesses in the applied ⇡calculus that use publickey encryption, signatures, and length functions. 1