Computer-Aided Security Proofs for the Working Cryptographer

Barthe, Gilles; Grégoire, Benjamin; Heraud, Sylvain; Zanella-Béguelin, Santiago

doi:10.1007/978-3-642-22792-9_5

Cited by 189 publications

(230 citation statements)

References 20 publications

Supporting

Mentioning

230

Contrasting

Order By: Relevance

“…Their applicability has been illustrated with the implementation a product construction prototype. In the future, we intend to used asymmetric products for performing a certified complexity analysis of cryptographic games [6]. Another target for future work is to broaden the scope of relational validation to object-oriented and concurrent programs.…”

Section: Resultsmentioning

confidence: 99%

Beyond 2-Safety: Asymmetric Product Programs for Relational Program Verification

Barthe

Crespo

Kunz

2013

Logical Foundations of Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Relational Hoare Logic is a generalization of Hoare logic that allows reasoning about executions of two programs, or two executions of the same program. It can be used to verify that a program is robust or (information flow) secure, and that two programs are observationally equivalent. Product programs provide a means to reduce verification of relational judgments to the verification of a (standard) Hoare judgment, and open the possibility of applying standard verification tools to relational properties. However, previous notions of product programs are defined for deterministic and structured programs. Moreover, these notions are symmetric, and cannot be applied to properties such as refinement, which are asymmetric and involve universal quantification on the traces of the first program and existential quantification on the traces of the second program. Asymmetric products generalize previous notions of products in three directions: they are based on a control-flow graph representation of programs, they are applicable to non-deterministic languages, and they are by construction asymmetric. Thanks to these characteristics, asymmetric products allow to validate abstraction/refinement relations between two programs, and to prove the correctness of advanced loop optimizations that could not be handled by our previous work. We validate their effectiveness by applying a prototype implementation to verify representative examples from translation validation and predicate abstraction.

show abstract

Section: Resultsmentioning

confidence: 99%

Beyond 2-Safety: Asymmetric Product Programs for Relational Program Verification

Barthe

Crespo

Kunz

2013

Logical Foundations of Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…EasyCrypt [4] is a tool-assisted framework that supports the verification of code-based game-playing proofs. Games are written in a core probabilistic procedural imperative language, and using a module system to account for instance for adversaries.…”

Section: Formalizationmentioning

confidence: 99%

“…The second contribution of the paper is a formal proof of security of the countermeasure using EasyCrypt [4], a computer-aided framework that has previously been used to reason about the security of cryptographic constructions-but was never applied to fault attacks and countermeasures. Our proof is the first application of formal verification to provable security against fault attacks, as other works [12,24,25] applying formal verification to fault attacks are focused on proving the correctness of the countermeasures (that is, that the protected program either returns the same result as the original program, or fails), but do not provide any provable security guarantees.…”

Section: Introductionmentioning

confidence: 99%

Making RSA–PSS Provably Secure against Non-random Faults

Barthe

Dupressoir

Fouque

et al. 2014

Advanced Information Systems Engineering

Self Cite

View full text Add to dashboard Cite

Abstract. RSA-CRT is the most widely used implementation for RSA signatures. However, deterministic and many probabilistic RSA signatures based on CRT are vulnerable to fault attacks. Nevertheless, Coron and Mandal (Asiacrypt 2009) show that the randomized PSS padding protects RSA signatures against random faults. In contrast, Fouque et al. (CHES 2012) show that PSS padding does not protect against certain non-random faults that can be injected in widely used implementations based on the Montgomery modular multiplication. In this article, we prove the security of an infective countermeasure against a large class of non-random faults; the proof extends Coron and Mandal's result to a strong model where the adversary can force the faulty signatures to be a multiple of one of the prime factors of the RSA modulus. Such non-random faults induce more complex probability distributions than in the original proof, which we analyze using careful estimates of exponential sums attached to suitable rational functions. The security proof is formally verified using appropriate extensions of EasyCrypt, and provides the first application of formal verification to provable (i.e. reductionist) security in the context of fault attacks.

show abstract

“…Formal verification is more difficult in this model, and most proofs are manual. Some mechanized verifiers exist (CryptoVerif [17], [18], CertiCrypt [7], [8] and its successor EasyCrypt [4], [6], Computational F7 [15] and its successors F and RF [5]). …”

Section: Introductionmentioning

confidence: 99%

Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols

Blanchet

2017

2017 IEEE 30th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Abstract-We present the first formal analysis of two avionic protocols that aim to secure air-ground communications, the ARINC823 public-key and shared-key protocols. We verify these protocols both in the symbolic model of cryptography, using ProVerif, and in the computational model, using CryptoVerif. While we confirm many security properties of these protocols, we also find several weaknesses, attacks, and imprecisions in the standard. We propose fixes for these problems. This case study required the specification of new cryptographic primitives in CryptoVerif. It also illustrates the complementarity between symbolic and computational verification. I. INTRODUCTIONSecuring electronic communications between aircrafts and ground entities (control towers, airlines) becomes more and more important. Indeed, such electronic communications convey more and more important information and aircrafts are prominent targets for attacks, such as terrorist attacks. So, even if most air-ground communications are currently sent in the clear, the adoption of secured communications seems unavoidable.Several [34]) in order to secure these communications. In this paper, we study the ARINC823 standard [2]. This standard aims to secure ACARS (Aircraft Communications Addressing and Reporting System) messages. These messages are short text messages, which include air traffic control messages, such as clearance messages, flight plans, weather information, as well as maintenance messages, so that needed maintenance operations can be planed at the next airport.In addition to security (authentication and secrecy of the messages), other goals are apparent in the design of the standard:• Bandwidth: the available bandwidth is limited and the ACARS messages are relatively short, so the protocol is designed to minimize the additional bandwidth required for security.• Resistance to failures: the messages are conveyed even in case of failure of the security system. • Flexibility: the protocol is designed to provide different levels of security: authentication and secrecy, authentication only, and no security, on a message-per-message basis. These additional goals justify the design of specific protocols. The ARINC823 standard provides two such protocols:

show abstract

Computer-Aided Security Proofs for the Working Cryptographer

Cited by 189 publications

References 20 publications

Beyond 2-Safety: Asymmetric Product Programs for Relational Program Verification

Beyond 2-Safety: Asymmetric Product Programs for Relational Program Verification

Making RSA–PSS Provably Secure against Non-random Faults

Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols

Contact Info

Product

Resources

About