Reduction of Equational Theories for Verification of Trace Equivalence: Re-encryption, Associativity and Commutativity

Arapinis, Myrto; Bursuc, Sergiu; Ryan, Mark

doi:10.1007/978-3-642-28641-4_10

Cited by 8 publications

(6 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…More recently, theoretical foundations have been provided for this technique and soundness of this extension has been proved [82]. A reduction result to get rid of some particular equations (that cannot be handled by the ProVerif tool) has been devised in [83]. Relying on it, a first automated proof of privacy for the protocol Prêtà Voter (that uses re-encryption and associative/commutative operators) has been carried out with success.…”

Section: Procedures For Checking Diff-equivalencementioning

confidence: 99%

A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocols

Delaune¹,

Hirschi²

2017

Journal of Logical and Algebraic Methods in Programming

View full text Add to dashboard Cite

Cryptographic protocols aim at securing communications over insecure networks such as the Internet, where dishonest users may listen to communications and interfere with them. A secure communication has a different meaning depending on the underlying application. It ranges from the confidentiality of a data to e.g. verifiability in electronic voting systems. Another example of a security notion is privacy.Formal symbolic models have proved their usefulness for analysing the security of protocols. Until quite recently, most results focused on trace properties like confidentiality or authentication. There are however several security properties, which cannot be defined (or cannot be naturally defined) as trace properties and require a notion of behavioural equivalence. Typical examples are anonymity, and privacy related properties. During the last decade, several results and verification tools have been developed to analyse equivalence-based security properties.We propose here a synthesis of decidability and undecidability results for equivalence-based security properties. Moreover, we give an overview of existing verification tools that may be used to verify equivalence-based security properties.

show abstract

Section: Procedures For Checking Diff-equivalencementioning

confidence: 99%

A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocols

Delaune¹,

Hirschi²

2017

Journal of Logical and Algebraic Methods in Programming

View full text Add to dashboard Cite

show abstract

“…In [22] and respectively [2], it is shown how to handle an unbounded number of Diffie-Hellman exponentiations and respectively reencryptions in ProVerif. Surprisingly, the underlying associative-commutative properties of Diffie-Hellman help in [22], while [2] can rely on the fact that a re-encryption does not change the semantics of a ciphertext. Another case where an unbounded number of operations is problematic is file sharing [8].…”

Section: Related Workmentioning

confidence: 99%

Automated Verification of Dynamic Root of Trust Protocols

Bursuc

Johansen

Xu³

2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Automated verification of security protocols based on dynamic root of trust, typically relying on protected hardware such as TPM, involves several challenges that we address in this paper. We model the semantics of trusted computing platforms (including CPU, TPM, OS, and other essential components) and of associated protocols in a classical process calculus accepted by ProVerif. As part of the formalization effort, we introduce new equational theories for representing TPM specific platform states and dynamically loaded programs.Formal models for such an extensive set of features cannot be readily handled by ProVerif, due especially to the search space generated by unbounded extensions of TPM registers. In this context we introduce a transformation of the TPM process, that simplifies the structure of the search space for automated verification, while preserving the security properties of interest. This allows to run ProVerif on our proposed models, so we can derive automatically security guarantees for protocols running in a dynamic root of trust context.

show abstract

“…Some techniques and tools [7,8,9,10] for indistinguishability properties have recently been developed to automatically check indistinguishability properties and some of them can handle part of the primitives needed in e-voting. For example, ProVerif and Akiss have both been successfully applied to analyse some voting protocols [5,10,11,12,13,14]. However, a third source of difficulty is the fact that voting systems are typically parametrized by the number of voters: both the bulletin board and the tally processes have to process as many ballots as they receive.…”

Section: Introductionmentioning

confidence: 99%

“…SPEC [8], Akiss [10], and APTE [9]) can only handle a finite number of sessions. So case studies have to consider a finite number of voters [10,12,13,14] unless proofs are conducted by hand [13,15].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

When Are Three Voters Enough for Privacy Properties?

Arapinis

Cortier

Kremer

2016

Computer Security – ESORICS 2016

Self Cite

View full text Add to dashboard Cite

Abstract. Protocols for secure electronic voting are of increasing societal importance. Proving rigorously their security is more challenging than many other protocols, which aim at authentication or key exchange. One of the reasons is that they need to be secure for an arbitrary number of malicious voters. In this paper we identify a class of voting protocols for which only a small number of agents needs to be considered: if there is an attack on vote privacy then there is also an attack that involves at most 3 voters (2 honest voters and 1 dishonest voter). In the case where the protocol allows a voter to cast several votes and counts, e.g., only the last one, we also reduce the number of ballots required for an attack to 10, and under some additional hypotheses, 7 ballots. Our results are formalised and proven in a symbolic model based on the applied pi calculus. We illustrate the applicability of our results on several case studies, including different versions of Helios and Prêt-à-Voter, as well as the JCJ protocol. For some of these protocols we can use the ProVerif tool to provide the first formal proofs of privacy for an unbounded number of voters.

show abstract

Reduction of Equational Theories for Verification of Trace Equivalence: Re-encryption, Associativity and Commutativity

Cited by 8 publications

References 33 publications

A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocols

A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocols

Automated Verification of Dynamic Root of Trust Protocols

When Are Three Voters Enough for Privacy Properties?

Contact Info

Product

Resources

About