Skip to main content
SpringerLink
Log in

Safe abstractions of data encodings in formal security protocol models

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

When using formal methods, security protocols are usually modeled at a high level of abstraction. In particular, data encoding and decoding transformations are often abstracted away. However, if no assumptions at all are made on the behavior of such transformations, they could trivially lead to security faults, for example leaking secrets or breaking freshness by collapsing nonces into constants.

In order to address this issue this paper formally states sufficient conditions, checkable on sequential code, such that if an abstract protocol model is secure under a Dolev–Yao adversary, then a refined model, which takes into account a wide class of possible implementations of the encoding/decoding operations, is implied to be secure too under the same adversary model. The paper also indicates possible exploitations of this result in the context of methods based on formal model extraction from implementation code and of methods based on automated code generation from formally verified models.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi M, Blanchet B (2005) Analyzing security protocols with secrecy types and logic programs. J ACM 52(1): 102–146

    Article  MATH  MathSciNet  Google Scholar 

  2. Abadi M, Fournet C (2001) Mobile values, new names, and secure communication. In: Symposium on principles of programming languages, pp 104–115

  3. Albrecht MR, Paterson KG, Watson GJ (2009) Plaintext recovery attacks against SSH. In: IEEE symposium on security and privacy, pp 16–26

  4. Bengtson J, Bhargavan K, Fournet C, Gordon AD, Maffeis S (2011) Refinement types for secure implementations. ACM Trans Programm Lang Syst 33(2): 8–1845

    Article  Google Scholar 

  5. Bhargavan K, Corin R, Fournet C (2007) Crypto-verifying protocol implementations in ML. In: Proceedings of workshop on formal and computational cryptography

  6. Bhargavan K, Corin R, Fournet C, Gordon AD (2007) Secure sessions for web services. ACM Trans Inf Syst Secur 10(2):article 8

  7. Bhargavan K, Fournet C, Gordon AD (2006) Verified reference implementations of WS-security protocols. In: Proceedings of web services and formal methods, pp 88–106

  8. Bhargavan K, Fournet C, Gordon AD, Tse S (2006) Verified interoperable implementations of security protocols. In: Proceedings of computer security foundations workshop, pp 139–152

  9. Bellare M, Kohno T, Namprempre C (2002) Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: Proceedings of the 9th ACM conference on computer and communications security, pp 1–11

  10. Blanchet B (2001) An efficient cryptographic protocol verifier based on Prolog rules. In: IEEE computer security foundations workshop, pp 82–96

  11. Dolev D, Yao AC-C (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2): 198–207

    Article  MATH  MathSciNet  Google Scholar 

  12. Guttman J, Herzog J, Ramsdell J, Sniffen B (2005) Programming cryptographic protocols. In: Trustworthy global computing, pp 116–145

  13. Goubault-Larrecq J, Parrennes F (2005) Cryptographic protocol analysis on real C code. In: Proceedings of verification, model checking, and abstract interpretation, pp 363–379

  14. Hui ML, Lowe G (2001) Fault-preserving simplifying transformations for security protocols. J Comput Secur 9(1/2): 3–46

    Google Scholar 

  15. Hoare CAR (1985) Communicating sequential processes. Prentice Hall

  16. Jürjens J (2005) Verification of low-level crypto-protocol implementations using automated theorem proving. In: Proceedings of formal methods and models for co-design, pp 89–98

  17. Kleiner E, Roscoe AW (2006) On the relationship between web services security and traditional protocols. Electron Notes Theor Comput Sci 155: 583–603

    Article  Google Scholar 

  18. Lowe G (1997) A hierarchy of authentication specifications. In: Proceedings of computer security foundations workshop, pp 31–43

  19. Nadalin A, Kaler C, Hallam-Baker P, Monzillo R (2006) OASIS web services security: SOAP message security 1.1 (WS-security 2004)

  20. Pironti A (2010) Sound automatic implementation generation and monitoring of security protocol implementations from verified formal specifications. PhD thesis, Politecnico di Torino, Italy

  21. Pironti A, Pozza D, Sisto R (2012) Formally-based semi-automatic implementation of an open security protocol. J Syst Softw 85: 835–849

    Article  Google Scholar 

  22. Pironti A, Sisto R (2010) Provably correct Java implementations of Spi Calculus security protocols specifications. Comput Secur 29: 302–314

    Article  Google Scholar 

  23. Pozza D, Sisto R, Durante L (2004) Spi2java: automatic cryptographic protocol java code generation from spi calculus. In: Proceedings of international conference on advanced information networking and applications, pp 400–405

  24. Roscoe AW (1997) The theory and practice of concurrency. Prentice Hall

  25. Roscoe AW (2010) Understanding concurrent systems. Springer, Berlin

    Book  MATH  Google Scholar 

  26. Schellhorn G (2005) ASM refinement and generalizations of forward simulation in data refinement: a comparison. Theor Comput Sci 336(2–3): 403–435

    Article  MATH  MathSciNet  Google Scholar 

  27. Tobler B, Hutchison A (2004) Generating network security protocol implementations from formal specifications. In: Proceedings of certification and security in inter-organizational e-services, Toulouse, France

  28. Ylonen T, Lonvick C (2006) The secure shell (SSH) protocol architecture. RFC 4251 (Proposed Standard), January 2006

  29. Ylonen T, Lonvick C (2006) The secure shell (SSH) transport layer protocol. RFC 4253 (Proposed Standard), January 2006

Download references

Author information

Authors and Affiliations

  1. Prosecco, INRIA Paris-Rocquencourt, 23, Avenue d’Italie, 75013, Paris, France

    Alfredo Pironti

  2. Dipartimento di Automatica e Informatica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129, Torino, Italy

    Riccardo Sisto

Authors
  1. Alfredo Pironti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Riccardo Sisto
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Riccardo Sisto.

Additional information

Eerke Boiten and Steve Schneider

Rights and permissions

Reprints and permissions

About this article

Cite this article

Pironti, A., Sisto, R. Safe abstractions of data encodings in formal security protocol models. Form Asp Comp 26, 125–167 (2014). https://doi.org/10.1007/s00165-012-0267-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-012-0267-y

Keywords

Search

Navigation